Skip to content

ERC165Checker unbounded gas consumption

Moderate
frangio published GHSA-7grf-83vw-6f5x Jul 28, 2022

Package

npm @openzeppelin/contracts (npm)

Affected versions

>=2.0.0 < 4.7.2

Patched versions

4.7.2
npm @openzeppelin/contracts-upgradeable (npm)
>=3.2.0 < 4.7.2
4.7.2
npm openzeppelin-eth (npm)
>=2.0.0
None
npm openzeppelin-solidity (npm)
>=2.0.0
None

Description

Impact

The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost.

Patches

The issue has been fixed in v4.7.2.

References

#3587

For more information

If you have any questions or comments about this advisory, or need assistance deploying a fix, email us at [email protected].

Severity

Moderate

CVE ID

CVE-2022-35915

Weaknesses

No CWEs