OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/[email protected]` and `@openzeppelin/[email protected]`, all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-08T23:35:24.467Z

Updated: 2024-08-02T22:01:26.056Z

Reserved: 2023-11-30T13:39:50.863Z

Link: CVE-2023-49798

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-09T00:15:06.920

Modified: 2024-11-21T08:33:51.890

Link: CVE-2023-49798

cve-icon Redhat

No data.