Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45

GovernorCompatibilityBravo may trim proposal calldata

Impact

The proposal creation entrypoint (propose) in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would eventually execute without any calldata. The ProposalCreated event correctly represents what will eventually execute, but the proposal parameters as queried through getActions appear to respect the original intended calldata.

Patches

This issue has been patched in v4.8.3.

Workarounds

Ensure that all proposals that pass through governance have equal length signatures and calldatas parameters.

Permalink: https://github.com/advisories/GHSA-93hq-5wgc-jc82
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: almost 1 year ago

CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-93hq-5wgc-jc82, CVE-2023-30542
References:

• https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-93hq-5wgc-jc82
• https://nvd.nist.gov/vuln/detail/CVE-2023-30542
• https://github.com/OpenZeppelin/openzeppelin-contracts/commit/8d633cb7d169f2f8595b273660b00b69e845c2fe
• https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.8.3
• https://github.com/advisories/GHSA-93hq-5wgc-jc82

Repository: https://github.com/OpenZeppelin/openzeppelin-contracts
Blast Radius: 40.0

Affected Packages