{ "GSD": { "vendor_name": "RigoBlock", "product_name": "Dragos", "product_version": "all versions", "vulnerability_type": "CWE-749", "affected_component": "setMultipleAllowances() was not set to onlyOwner", "attack_vector": "Call setMultipleAllowances() ", "impact": "Manipulation of tokens", "credit": "", "references": [ "https://twitter.com/RigoBlock/status/1494351180713050116", "https://etherscan.io/tx/0x5a6c108d5a729be2011cd47590583a04444d4e7c85cd0427071b968edc3bfc1f", "https://etherscan.io/contractdiffchecker?a1=0x876b9ebd725d1fa0b879fcee12560a6453b51dc8", "https://twitter.com/danielvf/status/1494317265835147272" ], "reporter": "kurtseifried", "reporter_id": 582211, "notes": "", "description": "In RigoBlock Dragos, all versions as of 2022-02-17 and later (until a major protocol update is accomplished) contain an exposed function (CWE-749), specifically setMultipleAllowances() which was not set to onlyOwner. The setMultipleAllowances() function can be to manipulate tokens with the contract. " }, "OSV": { "id": "GSD-2022-1000077", "modified": "2022-02-18T03:50:18.115366Z", "published": "2022-02-18T03:50:18.115366Z", "summary": "CWE-749 in Dragos version all versions", "details": "In RigoBlock Dragos, all versions as of 2022-02-17 and later (until a major protocol update is accomplished) contain an exposed function (CWE-749), specifically setMultipleAllowances() which was not set to onlyOwner. The setMultipleAllowances() function can be to manipulate tokens with the contract. ", "affected": [ { "package": { "name": "Dragos", "ecosystem": "GSD" }, "versions": [ "all versions" ] } ], "references": [ { "type": "WEB", "url": "https://twitter.com/RigoBlock/status/1494351180713050116" }, { "type": "WEB", "url": "https://etherscan.io/tx/0x5a6c108d5a729be2011cd47590583a04444d4e7c85cd0427071b968edc3bfc1f" }, { "type": "WEB", "url": "https://etherscan.io/contractdiffchecker?a1=0x876b9ebd725d1fa0b879fcee12560a6453b51dc8" }, { "type": "WEB", "url": "https://twitter.com/danielvf/status/1494317265835147272" } ] } }