10 matches found
CVE-2025-47285
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...
CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, concat may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions...
PT-2025-21347 · Vyper · Vyper
Name of the Vulnerable Software and Affected Versions: Vyper versions up to and including 0.4.2rc1 Description: The issue arises from the concat function potentially skipping the evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation tha...
CVE-2022-24787
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
Incorrect Comparison in Vyper
Impact bytestrings can have dirty bytes in them, resulting in the word-for-word comparison to give incorrect results, e.g. vyper b1: Bytes32 = b"abcdef" b1 = sliceb1, 0, 1 b2: Bytes32 = b"abcdef" t: bool = b1 == b2 incorrectly evaluates to True even without dirty nonzero bytes, because there is n...
CVE-2022-24787
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
Design/Logic Flaw
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
CVE-2022-24787 Incorrect Comparison in Vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
CVE-2022-24787 Incorrect Comparison in Vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
CVE-2022-24787 Incorrect Comparison in Vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...