CWE-682
DiscouragedIncorrect Calculation
Abstraction: Pillar · Status: Draft
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
159 vulnerabilities reference this CWE, most recent first.
GHSA-VW53-RMXX-2XMR
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.
{
"affected": [],
"aliases": [
"CVE-2021-3004"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-03T04:15:00Z",
"severity": "HIGH"
},
"details": "The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.",
"id": "GHSA-vw53-rmxx-2xmr",
"modified": "2022-05-24T17:37:52Z",
"published": "2022-05-24T17:37:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3004"
},
{
"type": "WEB",
"url": "https://blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3"
},
{
"type": "WEB",
"url": "https://etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VWW6-323C-PXR2
Vulnerability from github – Published: 2024-03-14 18:30 – Updated: 2024-05-04 18:30Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2023-43490"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-14T17:15:51Z",
"severity": "MODERATE"
},
"details": "Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.",
"id": "GHSA-vww6-323c-pxr2",
"modified": "2024-05-04T18:30:48Z",
"published": "2024-03-14T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43490"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240405-0009"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W37F-PVVX-WCWM
Vulnerability from github – Published: 2022-05-19 00:00 – Updated: 2022-06-02 14:50A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.0"
},
{
"fixed": "4.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "3.9"
},
{
"fixed": "3.9.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "3.10"
},
{
"fixed": "3.10.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "3.11"
},
{
"fixed": "3.11.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-30600"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-02T14:50:29Z",
"nvd_published_at": "2022-05-18T18:15:00Z",
"severity": "CRITICAL"
},
"details": "A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.",
"id": "GHSA-w37f-pvvx-wcwm",
"modified": "2022-06-02T14:50:29Z",
"published": "2022-05-19T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30600"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/59b5858da200f63ecb59a9113af2b99ef1496fe5"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083613"
},
{
"type": "PACKAGE",
"url": "https://github.com/moodle/moodle"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5"
},
{
"type": "WEB",
"url": "https://moodle.org/mod/forum/discuss.php?d=434582"
},
{
"type": "WEB",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-73736"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Incorrect Calculation in moodle"
}
GHSA-WGR6-65QQ-MVC3
Vulnerability from github – Published: 2023-06-19 03:30 – Updated: 2024-04-04 04:55VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.
{
"affected": [],
"aliases": [
"CVE-2023-35848"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-19T03:15:09Z",
"severity": "HIGH"
},
"details": "VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.",
"id": "GHSA-wgr6-65qq-mvc3",
"modified": "2024-04-04T04:55:52Z",
"published": "2023-06-19T03:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35848"
},
{
"type": "WEB",
"url": "https://github.com/virtualsquare/picotcp/pull/15/files"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WJXM-V88J-7GJ4
Vulnerability from github – Published: 2024-06-06 18:30 – Updated: 2024-09-18 15:30An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed.
{
"affected": [],
"aliases": [
"CVE-2024-36736"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-06T18:15:16Z",
"severity": "CRITICAL"
},
"details": "An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed.",
"id": "GHSA-wjxm-v88j-7gj4",
"modified": "2024-09-18T15:30:47Z",
"published": "2024-06-06T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36736"
},
{
"type": "WEB",
"url": "https://gist.github.com/Redmept1on/6de04fb6c7af6956973fe2765c4d4576"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X5M4-43JF-HH65
Vulnerability from github – Published: 2026-01-28 16:18 – Updated: 2026-01-28 16:18Impact
Incorrect rounding direction for signed mul and div operations
The mulDiv(x, y, z) function incorrectly handled cases where both the intermediate product $x * y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was negative, the final result must also be negative, neglecting the sign of $z$.
This resulted in rounding being applied in the wrong direction for cases where both $x * y$ and $z$ were negative. The functions most at risk are fixed_div_floor and fixed_div_ceil, as they often use non-constant numbers as the divisor $z$ in mulDiv.
This error is present in all signed FixedPoint and SorobanFixedPoint implementations, including i64, i128, and I256.
Negative Overflow in i64
The mulDiv(x, y, z) function for i64 used the i128 type to handle "phantom overflows". These are overflows that occur intermediately during a calculation, like when computing the intermediate product $x * y$. When the final result of mulDiv was computed in i128, it was scaled back down to i64 before returning. While the code verified that the result did not exceed i64::MAX, it did not check against i64::MIN.
This caused negative results smaller than i64:MIN to wrap around to a large positive number instead of being caught as an overflow.
This error only exists for the FixedPoint implementation of i64.
Patches
- v1.3.0 users should upgrade to patch v1.3.1
- v1.4.0 users should upgrade to patch v1.4.1
All versions >=v1.4.1 contain the patch.
Workarounds
There are no known workarounds. Upgrade to the patched version.
Credits
soroban-fixed-point-math would like to thank the team at Certora for discovering and reporting the issue.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "soroban-fixed-point-math"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.4.0"
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "soroban-fixed-point-math"
},
"ranges": [
{
"events": [
{
"introduced": "1.3.0"
},
{
"fixed": "1.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.3.0"
]
}
],
"aliases": [
"CVE-2026-24783"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-28T16:18:54Z",
"nvd_published_at": "2026-01-27T22:15:57Z",
"severity": "HIGH"
},
"details": "### Impact\n\n#### Incorrect rounding direction for signed mul and div operations\n\nThe `mulDiv(x, y, z)` function incorrectly handled cases where both the intermediate product $x * y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was negative, the final result must also be negative, neglecting the sign of $z$.\n\nThis resulted in rounding being applied in the wrong direction for cases where both $x * y$ and $z$ were negative. The functions most at risk are `fixed_div_floor` and `fixed_div_ceil`, as they often use non-constant numbers as the divisor $z$ in `mulDiv`. \n\nThis error is present in all signed `FixedPoint` and `SorobanFixedPoint` implementations, including `i64`, `i128`, and `I256`.\n\n#### Negative Overflow in `i64`\n\nThe `mulDiv(x, y, z)` function for `i64` used the `i128` type to handle \"phantom overflows\". These are overflows that occur intermediately during a calculation, like when computing the intermediate product $x * y$. When the final result of `mulDiv` was computed in `i128`, it was scaled back down to `i64` before returning. While the code verified that the result did not exceed `i64::MAX`, it did not check against `i64::MIN`.\n\nThis caused negative results smaller than `i64:MIN` to wrap around to a large positive number instead of being caught as an overflow.\n\nThis error only exists for the `FixedPoint` implementation of `i64`. \n\n### Patches\n\n* v1.3.0 users should upgrade to patch v1.3.1\n* v1.4.0 users should upgrade to patch v1.4.1\n\nAll versions `\u003e=v1.4.1` contain the patch. \n\n### Workarounds\nThere are no known workarounds. Upgrade to the patched version.\n\n### Credits\n\nsoroban-fixed-point-math would like to thank the team at [Certora](https://www.certora.com/) for discovering and reporting the issue.",
"id": "GHSA-x5m4-43jf-hh65",
"modified": "2026-01-28T16:18:54Z",
"published": "2026-01-28T16:18:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/script3/soroban-fixed-point-math/security/advisories/GHSA-x5m4-43jf-hh65"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24783"
},
{
"type": "WEB",
"url": "https://github.com/script3/soroban-fixed-point-math/commit/c9233f7094198a49ed66a4d75786a8a3755c936a"
},
{
"type": "PACKAGE",
"url": "https://github.com/script3/soroban-fixed-point-math"
},
{
"type": "WEB",
"url": "https://github.com/script3/soroban-fixed-point-math/releases/tag/v1.3.1"
},
{
"type": "WEB",
"url": "https://github.com/script3/soroban-fixed-point-math/releases/tag/v1.4.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives"
}
GHSA-XH2P-7P87-FHGH
Vulnerability from github – Published: 2021-08-05 16:56 – Updated: 2021-07-29 20:43TCR is temporarily miscalculated in the batchLiquidateTroves function during Recovery Mode.
The bug lies in batchLiquidateTroves of TroveManager.
When calculating system's entire collateral, we should also exclude the liquidated trove's surplus collateral, since liquidation closes the trove and makes the surplus collateral claimable by the trove owner. This means, this line of code should look like this:
vars.entireSystemColl = vars.entireSystemColl.sub(singleLiquidation.collToSendToSP).sub(singleLiquidation.collSurplus);
Impact
The miscalculated entire collateral is used only to calculate the TCR and check if the system has been able to exit Recovery Mode. The miscalulation only persists temporarily, and within thebatchLiquidateTroves transaction. Once the transaction completes the TCR and Recovery Mode will be calculated properly again. However, the bug could negatively impact the liquidation throughput and the gas efficiency gains from batching multiple liquidations in a single transaction.
In normal situations, the impact of the collateral surplus of a Trove on the global TCR would be tiny. For instance, we have calculated that liquidating a trove with a collateral representing 1% of the total system collateral (so in the order of at least $10M at current values), would lead to an extra 0.53% in the temporary miscalculation of TCR. So for this bug to be meaningful, in such a scenario, the resulting real TCR must be already be very close to the Recovery Mode boundary anyway - i.e. between 149.47% and 150%. The batch liquidation transaction should also be executed with a particular trove ordering to achieve the TCR distortion. When a different trove order for the liquidation transaction is selected, the bug has no impact. In summary, the bug only has a non-negligible impact in a very narrow, specific set of circumstances.
The potential effects of the bug after it occurs are:
- The next trove in the sequence is not liquidated because the
batchLiquidateTrovesfunction calculates a premature exit from Recovery Mode. It could be liquidated in a subsequent transaction if the price of Ether doesn’t recover. - The next trove in the sequence has an ICR below 100% and it’s offset against the Stability Pool instead of redistributed among other troves because the function calculates a premature exit from Recovery Mode. For this to happen, the Ether price must have instantly plummeted by more than 10% (otherwise, the trove would have been already liquidated before).
- The next trove in the sequence is liquidated while its ICR is over the real TCR: the function calculates the TCR as being slightly too high, and thus can liquidate a trove that has ICR less than the calculated TCR, but greater than the true TCR. This is probably the worst outcome - however it is already possible to achieve the same effect, regardless of the bug. A liquidator can craft a
batchLiquidateTrovestransaction whereby they select troves for liquidation such that the TCR increases and makes a given trove liquidateable. To liquidate trove A, they can order troves such that they first liquidate troves which raise the TCR to between A's ICR and 150%. This is intended and expected behavior. As clearly stated in Liquity documentation, to be completely safe and guarantee immunity from liquidation in Recovery Mode, borrowers should keep their ICR above 150%.
We don't believe this bug creates a profitable exploit. Theoretically, and only in a very narrow set of circumstances, a liquidator could try to send a batch liquidation during Recovery Mode that lets the system very temporarily return to Normal Mode earlier than it should. In that case - and only if the Ether price also happens to suddenly plummet by more than 10% - stability providers might take the haircut that should be taken by the borrowers (through redistribution).
Patches
The problem has been patched in the source code but not on mainnet contracts. Liquity protocol is immutable, and this issue is not critical, so it doesn't merit a launch of a new version.
Bug bounty
A reward of $1,000 (the maximum for its category) was awarded to Xiahong (gaoxh06) for reporting this bug.
For more information
If you have any questions or comments about this advisory: * Open an issue in our repo * Email us at security@liquity.org
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@liquity/contracts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2021-07-29T20:43:48Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "TCR is temporarily miscalculated in the `batchLiquidateTroves` function during Recovery Mode.\n\nThe bug lies in [`batchLiquidateTroves` of `TroveManager`](https://github.com/liquity/dev/blob/7c83ea11378454629618b3808b16fbfda69ee3e5/packages/contracts/contracts/TroveManager.sol#L722). \n\nWhen calculating system\u0027s entire collateral, we should also exclude the liquidated trove\u0027s surplus collateral, since liquidation closes the trove and makes the surplus collateral claimable by the trove owner. This means, this line of code should look like this: \n```\nvars.entireSystemColl = vars.entireSystemColl.sub(singleLiquidation.collToSendToSP).sub(singleLiquidation.collSurplus);\n```\n### Impact\n\nThe miscalculated entire collateral is used only to calculate the TCR and check if the system has been able to exit Recovery Mode. The miscalulation only persists temporarily, and within the`batchLiquidateTroves` transaction. Once the transaction completes the TCR and Recovery Mode will be calculated properly again. However, the bug could negatively impact the liquidation throughput and the gas efficiency gains from batching multiple liquidations in a single transaction.\n\nIn normal situations, the impact of the collateral surplus of a Trove on the global TCR would be tiny. For instance, we have calculated that liquidating a trove with a collateral representing 1% of the total system collateral (so in the order of at least $10M at current values), would lead to an extra 0.53% in the temporary miscalculation of TCR. So for this bug to be meaningful, in such a scenario, the resulting real TCR must be already be very close to the Recovery Mode boundary anyway - i.e. between 149.47% and 150%. The batch liquidation transaction should also be executed with a particular trove ordering to achieve the TCR distortion. When a different trove order for the liquidation transaction is selected, the bug has no impact. In summary, the bug only has a non-negligible impact in a very narrow, specific set of circumstances.\n\nThe potential effects of the bug after it occurs are:\n\n- The next trove in the sequence is not liquidated because the `batchLiquidateTroves` function calculates a premature exit from Recovery Mode. It could be liquidated in a subsequent transaction if the price of Ether doesn\u2019t recover.\n- The next trove in the sequence has an ICR below 100% and it\u2019s offset against the Stability Pool instead of redistributed among other troves because the function calculates a premature exit from Recovery Mode. For this to happen, the Ether price must have instantly plummeted by more than 10% (otherwise, the trove would have been already liquidated before).\n- The next trove in the sequence is liquidated while its ICR is over the real TCR: the function calculates the TCR as being slightly too high, and thus can liquidate a trove that has ICR less than the calculated TCR, but greater than the true TCR. This is probably the worst outcome - however it is already possible to achieve the same effect, regardless of the bug. A liquidator can craft a `batchLiquidateTroves` transaction whereby they select troves for liquidation such that the TCR increases and makes a given trove liquidateable. To liquidate trove A, they can order troves such that they first liquidate troves which raise the TCR to between A\u0027s ICR and 150%. This is intended and expected behavior. As clearly stated in Liquity documentation, to be completely safe and guarantee immunity from liquidation in Recovery Mode, borrowers should keep their ICR above 150%.\n\nWe don\u0027t believe this bug creates a profitable exploit. Theoretically, and only in a very narrow set of circumstances, a liquidator could try to send a batch liquidation during Recovery Mode that lets the system very temporarily return to Normal Mode earlier than it should. In that case - _and only if the Ether price also happens to suddenly plummet by more than 10%_ - stability providers might take the haircut that should be taken by the borrowers (through redistribution).\n\n### Patches\nThe problem has been patched in the source code but not on mainnet contracts. Liquity protocol is immutable, and this issue is not critical, so it doesn\u0027t merit a launch of a new version.\n\n### Bug bounty\n\nA reward of $1,000 (the maximum for its category) was awarded to Xiahong (`gaoxh06`) for reporting this bug.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [our repo](https://github.com/liquity/dev)\n* Email us at [security@liquity.org](mailto:security@liquity.org)\n",
"id": "GHSA-xh2p-7p87-fhgh",
"modified": "2021-07-29T20:43:48Z",
"published": "2021-08-05T16:56:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/liquity/dev/security/advisories/GHSA-xh2p-7p87-fhgh"
},
{
"type": "WEB",
"url": "https://github.com/liquity/dev/commit/c69d0bae30b5457e89724d880851a03ba7477905"
},
{
"type": "WEB",
"url": "https://github.com/liquity/dev/blob/7c83ea11378454629618b3808b16fbfda69ee3e5/packages/contracts/contracts/TroveManager.sol#L722"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/@liquity/contracts"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode"
}
GHSA-XRC4-737V-9Q75
Vulnerability from github – Published: 2022-08-18 18:48 – Updated: 2022-08-18 18:48Impact
This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirement, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement.
Analysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue.
Patches
This issue has been patched in v4.7.2.
Workarounds
Avoid lowering quorum requirements if a past proposal was defeated for lack of quorum.
References
https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3561
For more information
If you have any questions or comments about this advisory, or need assistance deploying the fix, email us at security@openzeppelin.com.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@openzeppelin/contracts"
},
"ranges": [
{
"events": [
{
"introduced": "4.3.0"
},
{
"fixed": "4.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@openzeppelin/contracts-upgradeable"
},
"ranges": [
{
"events": [
{
"introduced": "4.3.0"
},
{
"fixed": "4.7.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-31198"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2022-08-18T18:48:41Z",
"nvd_published_at": "2022-08-01T21:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nThis issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token\u0027s total supply. In affected instances, when a proposal is passed to lower the quorum requirement, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement.\n\nAnalysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue.\n\n### Patches\n\nThis issue has been patched in v4.7.2.\n\n### Workarounds\n\nAvoid lowering quorum requirements if a past proposal was defeated for lack of quorum.\n\n### References\n\nhttps://github.com/OpenZeppelin/openzeppelin-contracts/pull/3561\n\n### For more information\n\nIf you have any questions or comments about this advisory, or need assistance deploying the fix, email us at [security@openzeppelin.com](mailto:security@openzeppelin.com).",
"id": "GHSA-xrc4-737v-9q75",
"modified": "2022-08-18T18:48:41Z",
"published": "2022-08-18T18:48:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-xrc4-737v-9q75"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31198"
},
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3561"
},
{
"type": "PACKAGE",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts"
},
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenZeppelin Contracts\u0027s GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals"
}
GHSA-XW37-57QP-9MM4
Vulnerability from github – Published: 2021-06-29 21:14 – Updated: 2023-02-09 19:40Impact
A consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain.
Description
A flaw was repoted at 2020-08-11 by John Youngseok Yang (Software Platform Lab), where a particular sequence of transactions could cause a consensus failure.
- Tx 1:
senderinvokescaller.callerinvokes0xaa.0xaahas 3 wei, does a self-destruct-to-self-
callerdoes a1 wei-call to0xaa, who thereby has 1 wei (the code in0xaastill executed, since the tx is still ongoing, but doesn't redo the selfdestruct, it takes a different path if callvalue is non-zero) -
Tx 2:
senderdoes a 5-wei call to 0xaa. No exec (since no code).
In geth, the result would be that 0xaa had 6 wei, whereas OE reported (correctly) 5 wei. Furthermore, in geth, if the second tx was not executed, the 0xaa would be destructed, resulting in 0 wei. Thus obviously wrong.
It was determined that the root cause was this commit from this PR. The semantics of createObject was subtly changd, into returning a non-nil object (with deleted=true) where it previously did not if the account had been destructed. This return value caused the new object to inherit the old balance:
func (s *StateDB) CreateAccount(addr common.Address) {
newObj, prev := s.createObject(addr)
if prev != nil {
newObj.setBalance(prev.data.Balance)
}
}
It was determined that the minimal possible correct fix was
+++ b/core/state/statedb.go
@@ -589,7 +589,10 @@ func (s *StateDB) createObject(addr common.Address) (newobj, prev *stateObject)
s.journal.append(resetObjectChange{prev: prev, prevdestruct: prevdestruct})
}
s.setStateObject(newobj)
- return newobj, prev
+ if prev != nil && !prev.deleted {
+ return newobj, prev
+ }
+ return newobj, nil
Patches
See above. The fix was included in Geth v1.9.20 "Paragade".
Credits
The bug was found by @johnyangk and reported via bounty@ethereum.org.
For more information
If you have any questions or comments about this advisory: * Open an issue in go-ethereum * Email us at security@ethereum.org
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/ethereum/go-ethereum"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.4"
},
{
"fixed": "1.9.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-26265"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-21T21:15:07Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nA consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. \n\n### Description\n\n\nA flaw was repoted at 2020-08-11 by John Youngseok Yang (Software Platform Lab), where a particular sequence of transactions could cause a consensus failure.\n\n- Tx 1:\n - `sender` invokes `caller`.\n - `caller` invokes `0xaa`. `0xaa` has 3 wei, does a self-destruct-to-self\n - `caller` does a `1 wei` -call to `0xaa`, who thereby has 1 wei (the code in `0xaa` still executed, since the tx is still ongoing, but doesn\u0027t redo the selfdestruct, it takes a different path if callvalue is non-zero)\n\n- Tx 2:\n - `sender` does a 5-wei call to 0xaa. No exec (since no code). \n\nIn geth, the result would be that `0xaa` had `6 wei`, whereas OE reported (correctly) `5` wei. Furthermore, in geth, if the second tx was not executed, the `0xaa` would be destructed, resulting in `0 wei`. Thus obviously wrong. \n\nIt was determined that the root cause was this [commit](https://github.com/ethereum/go-ethereum/commit/223b950944f494a5b4e0957fd9f92c48b09037ad) from [this PR](https://github.com/ethereum/go-ethereum/pull/19953). The semantics of `createObject` was subtly changd, into returning a non-nil object (with `deleted=true`) where it previously did not if the account had been destructed. This return value caused the new object to inherit the old `balance`:\n\n```golang\nfunc (s *StateDB) CreateAccount(addr common.Address) {\n\tnewObj, prev := s.createObject(addr)\n\tif prev != nil {\n\t\tnewObj.setBalance(prev.data.Balance)\n\t}\n}\n```\n\nIt was determined that the minimal possible correct fix was\n\n```diff\n+++ b/core/state/statedb.go\n@@ -589,7 +589,10 @@ func (s *StateDB) createObject(addr common.Address) (newobj, prev *stateObject)\n s.journal.append(resetObjectChange{prev: prev, prevdestruct: prevdestruct})\n }\n s.setStateObject(newobj)\n- return newobj, prev\n+ if prev != nil \u0026\u0026 !prev.deleted {\n+ return newobj, prev\n+ }\n+ return newobj, nil\n```\n\n### Patches\n\nSee above. The fix was included in Geth `v1.9.20` \"Paragade\".\n\n### Credits\n\nThe bug was found by @johnyangk and reported via bounty@ethereum.org.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [go-ethereum](https://github.com/ethereum/go-ethereum)\n* Email us at [security@ethereum.org](mailto:security@ethereum.org)",
"id": "GHSA-xw37-57qp-9mm4",
"modified": "2023-02-09T19:40:33Z",
"published": "2021-06-29T21:14:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26265"
},
{
"type": "WEB",
"url": "https://github.com/ethereum/go-ethereum/pull/21080"
},
{
"type": "WEB",
"url": "https://github.com/ethereum/go-ethereum/pull/21409"
},
{
"type": "WEB",
"url": "https://github.com/ethereum/go-ethereum/commit/87c0ba92136a75db0ab2aba1046d4a9860375d6a"
},
{
"type": "PACKAGE",
"url": "https://github.com/ethereum/go-ethereum"
},
{
"type": "WEB",
"url": "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0105"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Consensus flaw during block processing in github.com/ethereum/go-ethereum"
}
Mitigation
Understand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.
Mitigation MIT-8
Strategy: Input Validation
Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
Mitigation
Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity.
Mitigation
Strategy: Language Selection
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation
Strategy: Libraries or Frameworks
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation MIT-26
Strategy: Compilation or Build Hardening
Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
CAPEC-128: Integer Attacks
An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.