PYSEC-2023-76

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8...

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions prior to 0.3.8, which stems from the inability of the storage allocator to prevent allocation overflows, and can be exploited by an attacker to overwrite the owner variable...

GHSA-MGV8-GGGW-MRG6 vyper vulnerable to storage allocator overflow

Impact The storage allocator does not guard against allocation overflows. This can result in vulnerabilities like the following: vyper owner: publicaddress takeupsomespace: publicuint25610 buffer: publicuint256maxvalueuint256 @external def initialize: self.owner = msg.sender @external def fooidx:...

Undercollateralized vaults' owner can be overwritten

Handle cmichel Vulnerability details The witch can Witch.grab vaults and the vaultOwnersvaultId field is set to the original owner. However, when the auction time is over and the debt has not been fully paid back, the original owner is not restored, and the witch can grab the same vault again,...