Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-31198

Published: 01/08/2022 Updated: 06/12/2022
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Contracts

Vulnerability Summary

OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirements, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement. Analysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue. This issue has been patched in v4.7.2. Users are advised to upgrade. Users unable to upgrade should consider avoiding lowering quorum requirements if a past proposal was defeated for lack of quorum.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openzeppelin contracts

openzeppelin contracts upgradeable

Github Repositories

https://github.com/OpenZeppelin/governor-quorum-bot

Forta detection bot to alert about changes in quorum quantity in a Governor contract

Governance Quorum Change Agent Bot ID 0xb4e40907 Description This agent detects when a proposal is created to lower the quorum and it will be affected by CVE-2022-31198 Supported Chains Ethereum Optimism BSC Polygon Avalanche Alerts GOVERNOR-QUORUM-UPDATE-PROPOSAL-1 Fired when a a proposal was created to lower the quorum numerator Only fires when a contract has a bug af

References

CWE-682https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3561https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-xrc4-737v-9q75https://nvd.nist.govhttps://github.com/OpenZeppelin/governor-quorum-bot
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook