GitHub Advisory DatabaseGHSA-M2V9-W374-5HJ9vyper default functions don't respect nonreentrancy keys
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
Summary
Prior to v0.3.0, __default__() functions did not respect the @nonreentrancy decorator and the lock was not emitted. This is a known bug and was already visible in the issue tracker (https://github.com/vyperlang/vyper/issues/2455), but it is being re-issued as an advisory so that tools relying on the advisory publication list can incorporate it into their searches.
A contract search was additionally performed and no vulnerable contracts were found in production.
PoC
@external
@payable
@nonreentrant("default")
def __default__():
pass
after codegen:
[seq,
[if, [lt, calldatasize, 4], [goto, fallback]],
[mstore, 28, [calldataload, 0]],
[with, _func_sig, [mload, 0], seq],
[seq_unchecked,
[label, fallback],
[seq,
pass,
# Line 5
pass,
pass,
# Line 4
stop]]],
Impact
No vulnerable production contracts were found. Additionally, using a lock on a default function is a very sparsely used pattern. As such, the impact is low.
Affected configurations
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%