47 matches found
EUVD-2022-0355
Malicious code in bioql PyPI...
EUVD-2023-0270
Malicious code in bioql PyPI...
EUVD-2023-0272
Malicious code in bioql PyPI...
EUVD-2024-0173
Malicious code in bioql PyPI...
EUVD-2022-0356
Malicious code in bioql PyPI...
EUVD-2024-0176
Malicious code in bioql PyPI...
CVE-2024-32645
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in...
CVE-2024-26149
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potential...
CVE-2023-30837
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8...
CVE-2023-32059
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...
CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...
CVE-2025-26622 sqrt doesn't define rounding behavior in Vyper
vyper is a Pythonic Smart Contract Language for the EVM. Vyper sqrt builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed a...
Vyper 安全漏洞
Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper that stems from multiple evaluations of an iterator expression, which could lead to abnormal program behavior...
Vyper 安全漏洞
Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper that stems from improper boundary checking for dynamic array operations...
PYSEC-2025-33
Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall executi...
CVE-2025-21607 Success of Certain Precompile Calls not Checked in Vyper
Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall executi...
CVE-2024-32647
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...
PYSEC-2024-208
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...
CVE-2024-32649
Vyper CVE-2024-32649 affects versions 0.3.10 and earlier, where the sqrt builtin’s build_IR does not cache its argument, allowing potential double evaluation when the argument has side-effects. The affected component is the sqrt builtin in Vyper’s IR generation, leading to multiple evaluations of...
CVE-2024-32481
Vyper (Pythonic EVM language) is affected by CVE-2024-32481 in versions from 0.3.8 up to, but not including, 0.4.0b1. The vulnerability arises when looping with range(start, start + N) where start is negative; an incorrect assertion in the code generation of the range statement (stmt.parse_For_ra...