EUVD-2024-0184

Malicious code in bioql PyPI...

CVE-2024-32647

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

PYSEC-2024-208

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

CVE-2024-32647 vyper performs double eval of raw_args in create_from_blueprint

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

PT-2024-24740 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and prior Description: Using the create from blueprint builtin can result in a double eval vulnerability when raw args=True and the args argument has side-effects. The build create IR function of the create from blueprin...

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper 0.3.10 and earlier versions, which stems from the use of the createfromblueprint built-in function may lead to a security issue...

GHSA-C647-PXM2-C52W Vyper vulnerable to memory corruption in certain builtins utilizing `msize`

Impact In certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. - For rawcall, the argument buffer of the call can be corrupted, leading to incorrect calldata in the sub-context. - For createfromblueprint and createcopyof, the buffer f...

PYSEC-2023-306

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...

PYSEC-2023-306

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...

Vyper Buffer Error Vulnerability

Vyper is the Pythonic smart contract language for EVM. A buffer error vulnerability exists in versions of Vyper prior to 0.3.10, which stems from the fact that the memory createfromblueprint and possibly createcopyof used by built-in functions can become corrupted under certain circumstances...