GHSA-9P8R-4XP4-GW5W Vyper's `_abi_decode` vulnerable to Memory Overflow

Summary If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to bugs in contracts that use arrays within abidecode. The...

Vyper's `_abi_decode` vulnerable to Memory Overflow

Summary If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to bugs in contracts that use arrays within abidecode. The...

Buffer Overflow

Vyper is vulnerable to Buffer Overflow Vulnerability. The vulnerability is due to the improper bounds check for slices because it does not account for the potential overflow of start + length when non-literal values are used. This issue can be exploited by an attacker to perform out of bounds...

Design/Logic Flaw

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice function uses a non-literal argument for the start ...

PT-2024-20452 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and earlier Description: The bounds check for slices in Vyper does not account for the ability for start + length to overflow when the values aren't literals. This issue can be used to do out-of-bounds OOB access to...

GHSA-C647-PXM2-C52W Vyper vulnerable to memory corruption in certain builtins utilizing `msize`

Impact In certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. - For rawcall, the argument buffer of the call can be corrupted, leading to incorrect calldata in the sub-context. - For createfromblueprint and createcopyof, the buffer f...

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...

PT-2023-27209 · Openzeppelin · Openzeppelin Contracts

Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 4.0.0 through 4.9.3 Description: OpenZeppelin Contracts is a library for secure smart contract development. Contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0...

sendToken() shouldn't have metadata parameter

Lines of code Vulnerability details Impact Users calling sendToken with metadata may trigger a revert or lose the calldata if its size is 1-3 bytes when the destination is an EOA. Proof of Concept In transmitSendToken, we discard the calldata if it's less than 4 bytes, and revert if it's bigger o...

Allowed calls in LSP6KeyManager doesn't allow calls with empty calldata

Lines of code Vulnerability details Bug Description Whenever a controller attempts to call a LSP0 account's execute function without the relevant SUPER permissions, LSP6ExecuteModule will check that the call is one of the whitelisted allowed calls. If the controller is trying to perform a call wi...

GHSA-VXMM-CWH2-Q762 Vyper's nonpayable default functions are sometimes payable

Impact in contracts with at least one regular nonpayable function, due to the callvalue check being inside of the selector section, it is possible to send funds to the default function by using less than 4 bytes of calldata, even if the default function is marked nonpayable. this applies to...

Vyper's nonpayable default functions are sometimes payable

Impact in contracts with at least one regular nonpayable function, due to the callvalue check being inside of the selector section, it is possible to send funds to the default function by using less than 4 bytes of calldata, even if the default function is marked nonpayable. this applies to...

GHSA-MGV8-GGGW-MRG6 vyper vulnerable to storage allocator overflow

Impact The storage allocator does not guard against allocation overflows. This can result in vulnerabilities like the following: vyper owner: publicaddress takeupsomespace: publicuint25610 buffer: publicuint256maxvalueuint256 @external def initialize: self.owner = msg.sender @external def fooidx:...

GovernorCompatibilityBravo may trim proposal calldata

Impact The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would...

GHSA-93HQ-5WGC-JC82 GovernorCompatibilityBravo may trim proposal calldata

Impact The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be ignored, and if the proposal succeeds the corresponding actions would...

CVE-2023-30541 TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...

GHSA-MX2Q-35M2-X2RH OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated

Impact A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from...

OpenZeppelin 安全漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts prior to version 4.8.3, which stems from the fact that if conflicting functions have different signatures and incompatible ABI encodings, an agent may...

CVE-2023-30542

OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be...

Design/Logic Flaw

OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be...