CyberSec.Space Logo
Back to CVE Browser

CVE-2021-39167

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0220%
EPSS Percentile10.09th
PublishedAug 27, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.

Affected Platforms (CPE)

πŸ“¦
Openzeppelin

Contracts

>= 3.3.0 and < 3.4.2
πŸ“¦
Openzeppelin

Contracts

>= 4.0.0 and < 4.3.1

References & Advisories

πŸ”— https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431
πŸ”— https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5
πŸ”— https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-fg47-3c2x-m2wr
πŸ”— https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431
πŸ”— https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5
πŸ”— https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-fg47-3c2x-m2wr

Related Vulnerabilities

CVE-2021-3916810.0

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an act...

CVE-2017-1445110.0

An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted s...

CVE-2018-140849.8

An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice t...

CVE-2018-140639.8

The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overfl...