@web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect. For example, if a swapping application derives a wrapped token contract address from the `chainId` *and* a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade.
Attack Vector Network
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Confidentiality Impact None
Integrity Impact High
Availability Impact None
User Interaction Required
No CVSS v3.0
No CVSS v2
Vendors | Products |
---|---|
Uniswap |
|
Configuration 1 [-]
|
References
Link | Resource |
---|---|
https://github.com/Uniswap/web3-react/pull/749 | Issue Tracking Patch |
https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-17T21:02:20.566Z
Updated: 2023-04-17T21:02:20.566Z
Reserved: 2023-04-12T15:19:33.767Z
Link: CVE-2023-30543
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-17T22:15:10.420
Modified: 2023-05-01T13:16:18.050
Link: CVE-2023-30543
JSON object: View
Redhat Information
No data.
CWE