ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Addressing Vulnerabilities in Outdated OpenZeppelin v4.9.2 Implementation.

0xgenaudits

Summary

This report details the vulnerabilities discovered in a project that utilizes an outdated version of the OpenZeppelin library (v4.9.2).
The identified issues are critical to the security and functionality of the smart contracts within the project,
and updating to a more recent version is strongly recommended.

Vulnerability Details

The project relies on OpenZeppelin v4.9.2, which is known to have several vulnerabilities that could be exploited by malicious actors.
These vulnerabilities include:

This is the OpenZeppelin used: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/e50c24f5839db17f46991478384bfda14acfb830/package.json#L2-L4

"name": "openzeppelin-solidity",
"description": "Secure Smart Contract library for Solidity",
"version": "4.9.2",

Impact

Using outdated Openzeppelin can lead to open new vector attacks.

Recommendations

Upgrade OpenZeppelin Library: Update to the latest version of OpenZeppelin at least v5.0.2 or newer.

https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/package.json

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.