OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the `Governor` contract in v4.9.0 only, and the `GovernorCompatibilityBravo` contract since v4.3.0. This problem has been patched in 4.9.1 by introducing opt-in frontrunning protection. Users are advised to upgrade. Users unable to upgrade may submit the proposal creation transaction to an endpoint with frontrunning protection as a workaround.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-07T17:06:10.154Z

Updated: 2024-08-02T16:01:54.273Z

Reserved: 2023-05-31T13:51:51.169Z

Link: CVE-2023-34234

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-07T18:15:09.977

Modified: 2024-11-21T08:06:49.623

Link: CVE-2023-34234

cve-icon Redhat

No data.