Double Evaluation

vyper is vulnerable to Double Evaluation. The vulnerability is due to the buildIR function of the sqrt builtin not caching the argument to the stack, allowing for multiple evaluations when the argument has side-effects...

vyper performs incorrect topic logging in raw_log

Summary Incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. In particular, no uses of rawlog were found at all in production; it is apparently not ...

CVE-2024-32649

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the buildIR function of the sqrt builtin doesn't cache the argument to...

PYSEC-2024-206

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in...

Buffer Overflow

Vyper is vunlnerable to Buffer Overflow. The vulnerability is caused by buildIR for concat improperly adhering to the API of copy functions for =0.3.2 the copybytes function which results in Buffer Overflow...