100 matches found
CVE-2024-24561
CVE-2024-24561 (Vyper) : The vulnerability is in the built-in slice() bounds check for Vyper up to version 0.3.10, where the runtime check does not account for overflow of start + length when arguments are non-literal. This can enable out-of-bounds (OOB) access to storage, memory, or calldata and...
CVE-2024-24567
The CVE-2024-24567 issue concerns Vyper, a Pythonic language for the Ethereum VM. The vulnerability is in the Vyper compiler’s raw_call builtin, where a value argument can be passed even when the call is delegatecall or staticcall. However, due to the semantics of delegatecall/staticcall opcodes,...
CVE-2024-22419 concat built-in can corrupt memory in vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The concat built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the buildIR for concat doesn't properly adhere to the API of co...
CVE-2023-46247
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceiltype.sizeinbytes / 32. T...
Design/Logic Flaw
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceiltype.sizeinbytes / 32. T...
CVE-2023-46247 Vyper has incorrect storage layout for contracts containing large arrays
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceiltype.sizeinbytes / 32. T...
CVE-2023-46247 Vyper has incorrect storage layout for contracts containing large arrays
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceiltype.sizeinbytes / 32. T...
CVE-2023-42460
Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...
Out-of-bounds
Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...
CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper
Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...
CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper
Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...
CVE-2023-42443
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...
CVE-2023-42441
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...
Design/Logic Flaw
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...
Design/Logic Flaw
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...
CVE-2023-42443 Vyper vulnerable to memory corruption in certain builtins utilizing `msize`
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...
CVE-2023-42443 Vyper vulnerable to memory corruption in certain builtins utilizing `msize`
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...
CVE-2023-42441 Vyper has incorrect re-entrancy lock when key is empty string
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...
CVE-2023-42441 Vyper has incorrect re-entrancy lock when key is empty string
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...
CVE-2023-42441 Vyper has incorrect re-entrancy lock when key is empty string
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...