The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Missing Authorization vulnerabilities in an interactive lesson.
Start learningUpgrade @openzeppelin/contracts-upgradeable
to version 4.9.1 or higher.
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity.
Affected versions of this package are vulnerable to Missing Authorization. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all.
Note: In order for this attack to succeed, an attacker would need to have prior knowledge of a proposal creation.
Impact:
This issue impacts the Governor
contract in v4.9.0 only, and the GovernorCompatibilityBravo
contract since v4.3.0.
Users unable to upgrade may submit the proposal creation transaction to an endpoint with frontrunning protection.