-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| openzeppelin-cairo-contracts | pip | < 0.2.1 | 0.2.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from incorrect handling of the ecdsa_ptr signature builtin reference. The pre-patch code in library.cairo's execute function created a local ecdsa_ptr via alloc() (line 203 in v0.2.0), which StarkNet's runtime rejected as it expects signature validation to use the system-provided ecdsa_ptr. The patch in 2cd6027 added ecdsa_ptr as an implicit parameter to execute and _unsafe_execute, resolving the validation failure. The vulnerable functions directly handled signature validation with improper pointer management, making them root causes of the transaction processing failure on Goerli.
KEV Misses 88% of Exploited CVEs- Get the report