Homepage
About Snyk

@openzeppelin/contracts-upgradeable@4.8.1 vulnerabilities

Secure Smart Contract library for Solidity

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @openzeppelin/contracts-upgradeable package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Incorrect Calculation

@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Incorrect Calculation. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch have size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by balanceOf.

How to fix Incorrect Calculation?

Upgrade @openzeppelin/contracts-upgradeable to version 4.8.2 or higher.

>=4.8.0 <4.8.2
  • M
Incorrect Calculation

@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Incorrect Calculation. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch have size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by balanceOf.

How to fix Incorrect Calculation?

Upgrade @openzeppelin/contracts-upgradeable to version 4.8.2 or higher.

>=4.8.0 <4.8.2
Go back to all versions of this package