EUVD-2021-0543

Malware in sbrugna...

GHSA-M2V9-W374-5HJ9 vyper default functions don't respect nonreentrancy keys

Summary Prior to v0.3.0, default functions did not respect the @nonreentrancy decorator and the lock was not emitted. This is a known bug and was already visible in the issue tracker https://github.com/vyperlang/vyper/issues/2455, but it is being re-issued as an advisory so that tools relying on...

PT-2024-24741

Name of the Vulnerable Software and Affected Versions Vyper versions prior to 0.3.0 Description The issue concerns the default function not respecting the @nonreentrancy decorator, and the lock not being emitted. This is a known bug with low impact, as using a lock on a default function is a...

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper 0.3.10 and earlier versions, which stems from a default function that does not take into account non-re-entrant keys and does not emit locks...

Vyper's nonpayable default functions are sometimes payable

Impact in contracts with at least one regular nonpayable function, due to the callvalue check being inside of the selector section, it is possible to send funds to the default function by using less than 4 bytes of calldata, even if the default function is marked nonpayable. this applies to...

CVE-2023-32675

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked nonpayable. This applies to contracts compiled with vyper version...

PYSEC-2023-80

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked nonpayable. This applies to contracts compiled with vyper version...

PYSEC-2023-80

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked nonpayable. This applies to contracts compiled with vyper version...

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in versions of Vyper prior to 0.3.8 that stems from the ability to send funds to a default function in a contract with multiple regular non-payable functions, even if the default function is marked as non-payab...

PT-2023-23951 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.8 Description: In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked nonpayable. This issue was fixed by the remov...

Access Restriction Bypass

kubeview is vulnerable to access restriction bypass. The vulnerability exists in default function of api.js, because api/scrape/kube-system does not require authentication which allows an attacker to bypass the restrictions and retrieve certificate files that can be used to authenticate as...

Default credentials

The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below...

CVE-2021-23329 Prototype Pollution

The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below...