Vulnerability — CVE-2022-25335

CVE-2022-25335

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-25335
Description:: RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the vendor's vulnerability announcement date, the vulnerability will not be remediated until a major protocol upgrade occurs.
Last updated date:: 03/01/2022

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 02/18/2022
Reference url to background: https://nvd.nist.gov/vuln/detail/CVE-2022-25335

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/01/2022
Reference url to background: https://raw.globalsecuritydatabase.org/GSD-2022-1000077

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/01/2022
Reference url to background: https://twitter.com/RigoBlock/status/1494351180713050116

Type:: exploit
Confidence:: HIGH
Date of publishing:: 03/01/2022
Reference url to background: https://twitter.com/danielvf/status/1494317265835147272