Lucene search
PRIOn knowledge basePRION:CVE-2023-32059HistoryMay 11, 2023 - 10:15 p.m.
Design/Logic Flaw
2023-05-1122:15:00
PRIOn knowledge base
www.prio-n.com
5
vyper
pythonic
smart contract
ethereum virtual machine
internal calls
default arguments
typechecking bypassed
undocumented feature
version 0.3.8 patch
0.001 Low
EPSS
Percentile
31.1%
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.
Related
veracode
veracode
Improper Access Control
2023-05-31 08:35:50
github
github
cve
cve
CVE-2023-32059
2023-05-11 22:15:11
nvd
nvd
CVE-2023-32059
2023-05-11 22:15:11
osv
osv
Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls
2023-05-12 20:21:00
PYSEC-2023-79
2023-05-11 22:15:00
CVE-2023-32059
2023-05-11 22:15:11
cvelist
cvelist