OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Moderate severity
GitHub Reviewed
Published
Jul 28, 2022
in
OpenZeppelin/openzeppelin-contracts
•
Updated Jul 21, 2023
Description
Published by the National Vulnerability Database
Aug 1, 2022
Published to the GitHub Advisory Database
Aug 14, 2022
Reviewed
Aug 14, 2022
Last updated
Jul 21, 2023
Impact
The target contract of an EIP-165
supportsInterface
query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost.Patches
The issue has been fixed in v4.7.2.
References
OpenZeppelin/openzeppelin-contracts#3587
For more information
If you have any questions or comments about this advisory, or need assistance deploying a fix, email us at security@openzeppelin.com.
References