174 matches found
CVE-2023-32059
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...
CVE-2023-42443
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...
CVE-2022-39354
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...
CVE-2021-29511
evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform...
VoteMate: a Decentralized Application for Scalable Electronic Voting on EVM-Based Blockchain
Voting is a cornerstone of democracy, allowing citizens to express their will and make collective decisions. With advancing technology, online voting is gaining popularity as it enables voting from anywhere with Internet access, eliminating the need for printed ballots or polling stations. Howeve...
Sei Giga
We introduce the Sei Giga, a multi-concurrent producer parallelized execution EVM layer one blockchain. In an internal testnet Giga has achieved 5 gigagas/sec throughput and sub 400ms finality. Giga uses Autobahn for consensus with separate DA and consensus layers requiring f+1 votes for a PoA on...
CVE-2025-47774
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...
CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...
A Comprehensive Study of Exploitable Patterns in Smart Contracts: from Vulnerability to Defense
With the rapid advancement of blockchain technology, smart contracts have enabled the implementation of increasingly complex functionalities. However, ensuring the security of smart contracts remains a persistent challenge across the stages of development, compilation, and execution...
VApps: Verifiable Applications at Internet Scale
Blockchain technology promises a decentralized, trustless, and interoperable infrastructure. However, widespread adoption remains hindered by issues such as limited scalability, high transaction costs, and the complexity of maintaining coherent verification logic across different blockchain layer...
OpDiffer: LLM-Assisted Opcode-Level Differential Testing of Ethereum Virtual Machine
As Ethereum continues to thrive, the Ethereum Virtual Machine EVM has become the cornerstone powering tens of millions of active smart contracts. Intuitively, security issues in EVMs could lead to inconsistent behaviors among smart contracts or even denial-of-service of the entire blockchain...
[SECURITY] Fedora 42 Update: vyper-0.4.1-1.fc42
Pythonic Smart Contract Language for the EVM...
Vyper 安全漏洞
Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper that stems from multiple evaluations of an iterator expression, which could lead to abnormal program behavior...
CVE-2024-22419
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The concat built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the buildIR for concat doesn't properly adhere to the API of co...
Consensus Attack
github.com/ethereum/go-ethereum is vulnerable to a Consensus Attack. The vulnerability is due to Geth's pre-compiled dataCopy contract performing a shallow copy on invocation, which allows an attacker to manipulate Ethereum Virtual Machine EVM memory and cause a consensus mismatch between nodes...
Brave Desktop 1.70.117 Security Fixes
Added simulation support for EVM transactions. - Added simulation support for Solana transactions. Upgraded Chromium to 129.0.6668.59 — refer to Google Chrome advisories for inherited CVEs...
CVE-2024-39696 Evmos vulnerable to exploit of smart contract account and vesting
Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos Network. Prior to version 19.0.0, a user can create a vesting account with a 3rd party account EOA or contract as funder. Then, this user can create an authorization for the contract.CallerAddress, this is the authorization...
CVE-2024-37159
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. This vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond. This vulnerability is fixed in 18.0.0...
CVE-2024-37158
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks...
CVE-2024-37159 Evmos is missing create validator check
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. This vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond. This vulnerability is fixed in 18.0.0...