In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover.
References
Link | Resource |
---|---|
https://blog.openzeppelin.com/argent-vulnerability-report/ | Exploit Technical Description Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-25T19:58:07
Updated: 2020-06-25T19:58:07
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15302
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-06-25T20:15:11.270
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-15302
JSON object: View
Redhat Information
No data.
CWE