GHSA-VGF2-GVX8-XWC3 Vyper Does Not Check the Success of Certain Precompile Calls

Summary When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be...

PT-2025-4296 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.2.0 through 0.4.0 Description: The Vyper Compiler has a vulnerability when using the precompiles EcRecover 0x1 and Identity 0x4, where the success flag of the call is not checked. This allows an attacker to provide a specific...

Vyper 安全漏洞

Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper 0.4.0 and earlier versions, which stems from the compiler failing to check the success flag of a call when using pre-compiled EcRecover and Identity, which could lead to incorre...