GHSA-CX2Q-HFXR-RJ97 Vyper's `_abi_decode` input not validated in complex expressions

Impact abidecode does not validate input when it is nested in an expression. the following example gets correctly validated bounds checked: vyper x: int128 = abidecodeslicemsg.data, 4, 32, int128 however, the following example is not bounds checked vyper @external def abidecodex: uint256 - uint25...

PYSEC-2023-306

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...

PT-2023-28343 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.9 and prior Description: The memory used by the builtins raw call, create from blueprint, and create copy of can be corrupted under certain conditions, leading to incorrect calldata in the sub-context or deploying incorrect...

Misuse of a Boolean constant

Lines of code Vulnerability details Impact Use of Boolean constants true/false in code is indicative of flawed logic. Boolean constants in code have only a few legitimate uses. Other uses in complex expressions, as conditionals indicate either an error or, most likely, the persistence of faulty...

GHSA-J2X6-9323-FP7H Integer bounds error in Vyper

Impact in the following code, the return of .returnsint128 is not validated to fall within the bounds of int128. as of v0.3.0, .returnsint128 is validated in simple expressions, but not complex expressions. vyper interface iface: def returnsint128 - int128: view def returnsBytes33 - Bytes33: view...

PYSEC-2022-198

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of .returnsint128 is not validated to fall within the bounds of int128. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0,...