OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow
is not expected to revert. However, an incorrect assumption about Solidity 0.8s abi.decode
allows some cases to revert, given a target contract that doesnt implement EIP-1271 as expected. The contracts that may be affected are those that use SignatureChecker
to check the validity of a signature and handle invalid signatures in a way other than reverting. The issue was patched in version 4.7.1.
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Contracts | Openzeppelin | 4.1.0 (including) | 4.7.1 (excluding) |