Openzeppelin Cairo-Contracts vulnerabilities

CVE-2024-45304 [MEDIUM] CWE-670 CVE-2024-45304: Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintended party (pending owner) can gain control of the contr

CVE-2023-23940 [MEDIUM] CWE-345 CVE-2023-23940: OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result, any contract using `is_valid_eth_signature` from the account library (such as the `EthAccount`

CVE-2022-31153 [MEDIUM] CWE-664 CVE-2022-31153: OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts (vanilla and ethereum flavors) in the v0.2.0 release of OpenZeppelin Contracts for Cairo, wh