GSD-2022-1000077

See a problem?
Please try reporting it to the source first.

Source

https://data.gsd.id/GSD-2022-1000077

Import Source

https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1000xxx/GSD-2022-1000077.json

JSON Data

https://api.osv.dev/v1/vulns/GSD-2022-1000077

Withdrawn

2023-03-14T07:04:18.328829Z

Published

2022-02-18T03:50:18.115366Z

Modified

2023-03-14T07:04:18.328829Z

Summary

CWE-749 in Dragos version all versions

Details

In RigoBlock Dragos, all versions as of 2022-02-17 and later (until a major protocol update is accomplished) contain an exposed function (CWE-749), specifically setMultipleAllowances() which was not set to onlyOwner. The setMultipleAllowances() function can be to manipulate tokens with the contract.

References

https://twitter.com/RigoBlock/status/1494351180713050116
https://etherscan.io/tx/0x5a6c108d5a729be2011cd47590583a04444d4e7c85cd0427071b968edc3bfc1f
https://etherscan.io/contractdiffchecker?a1=0x876b9ebd725d1fa0b879fcee12560a6453b51dc8
https://twitter.com/danielvf/status/1494317265835147272

GSD-2022-1000077

Affected packages