Lucene search
+L

174 matches found

Vulnrichment
Vulnrichment
added 2023/09/18 8:19 p.m.9 views

CVE-2023-42441 Vyper has incorrect re-entrancy lock when key is empty string

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...

5.3CVSS6.6AI score0.00423EPSS
Exploits1References3
OSV
OSV
added 2023/09/18 8:19 p.m.31 views

CVE-2023-42441 Vyper has incorrect re-entrancy lock when key is empty string

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...

5.3CVSS5.1AI score0.00423EPSS
Exploits1References5
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.10 views

abi.encode() function does not support dynamic arrays in Solidity version 0.8.16 or earlier.

Lines of code Vulnerability details Description The bug is in the burnAndCallAxelar function. The function uses the abi.encode function to encode the payload to send to the AxelarGateway contract. However, the abi.encode function was changed in Solidity version 0.8.17 to remove the support for...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2023/08/07 6:40 p.m.50 views

CVE-2023-39363 Vyper incorrectly allocated named re-entrancy locks

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in...

9.1CVSS5.8AI score0.00706EPSS
Exploits1References5
OSV
OSV
added 2023/07/25 9:15 p.m.65 views

PYSEC-2023-133

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS6.9AI score0.00487EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/07/25 8:5 p.m.14 views

CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS5.3AI score0.00487EPSS
Exploits1References2
OSV
OSV
added 2023/07/25 8:5 p.m.40 views

CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS5.5AI score0.00487EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/07/25 8:5 p.m.81 views

CVE-2023-37902 Vyper's ecrecover can return undefined data if signature does not verify

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS5.6AI score0.00487EPSS
Exploits1References2
Prion
Prion
added 2023/05/11 10:15 p.m.20 views

Design/Logic Flaw

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...

5CVSS7.4AI score0.00725EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2023/05/11 9:15 p.m.9 views

PYSEC-2023-78

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...

7.5CVSS7.1AI score0.00913EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/05/11 9:15 p.m.16 views

Buffer overflow

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...

5CVSS7.6AI score0.00913EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/05/11 9:1 p.m.37 views

CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...

7.5CVSS7.3AI score0.00725EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/05/11 8:51 p.m.71 views

CVE-2023-31146 Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

7.5CVSS9.5AI score0.01241EPSS
Exploits1References2
PyPA
PyPA
added 2023/05/08 5:15 p.m.8 views

PYSEC-2023-76

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8...

7.5CVSS6.8AI score0.00697EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/04/24 10:15 p.m.52 views

CVE-2023-30629

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...

7.5CVSS7.5AI score0.00883EPSS
Exploits1References5
OSV
OSV
added 2023/04/24 10:15 p.m.26 views

PYSEC-2023-131

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...

7.5CVSS7AI score0.00883EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/04/24 9:58 p.m.12 views

CVE-2023-30629 Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...

7.5CVSS7.5AI score0.00883EPSS
Exploits1References5
OSV
OSV
added 2023/04/24 9:58 p.m.37 views

CVE-2023-30629 Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...

7.5CVSS7.3AI score0.00883EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.7 views

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions 0.3.1 through 0.3.7, which stems from the Vyper compiler generating incorrect bytecode...

7.5CVSS7.2AI score0.00883EPSS
Exploits1References6
NVD
NVD
added 2022/10/25 7:15 p.m.55 views

CVE-2022-39354

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

7.5CVSS0.00538EPSS
Exploits0References2
Rows per page
Query Builder