CVE-2022-31170

OpenZeppelin Contracts's ERC165Checker may revert instead of returning false

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface` is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8's `abi.decode` allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected, specifically if it returns a value other than 0 or 1. The contracts that may be affected are those that use `ERC165Checker` to check for support for an interface and then handle the lack of support in a way other than reverting. The issue was patched in version 4.7.1.

OpenZeppelin Contracts es una biblioteca para el desarrollo de contratos inteligentes. Las versiones 4.0.0 hasta 4.7.1, son vulnerables a una reversión de ERC165Checker en lugar de devolver "false". ERC165Checker.supportsInterface está diseñado para devolver siempre un booleano con éxito, y bajo ninguna circunstancia revertir. Sin embargo, una suposición incorrecta sobre "abi.decode" de Solidity versión 0.8 permite que algunos casos sean revertidos, dado un contrato de destino que no implementa EIP-165 como es esperado, específicamente si devuelve un valor distinto de 0 o 1. Los contratos que pueden verse afectados son los que usan "ERC165Checker" para comprobar el soporte de una interfaz y luego manejar la falta de soporte de una manera distinta a la reversión. El problema fue parcheado en versión 4.7.1

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-05-18 CVE Reserved
2022-07-21 CVE Published
2024-02-11 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-252: Unchecked Return Value

CAPEC

References (2)

URL	Tag	Source
https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-qh9x-gcfh-pcrw	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552	2022-08-01

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openzeppelin Search vendor "Openzeppelin"		Contracts Search vendor "Openzeppelin" for product "Contracts"				>= 4.0.0 < 4.7.1 Search vendor "Openzeppelin" for product "Contracts" and version " >= 4.0.0 < 4.7.1"		node.js		Affected