EUVD-2024-0178

Malicious code in bioql PyPI...

EUVD-2023-0263

Malicious code in bioql PyPI...

CVE-2024-24567

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...

CVE-2023-30629

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...

PYSEC-2024-151

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...

GHSA-C647-PXM2-C52W Vyper vulnerable to memory corruption in certain builtins utilizing `msize`

Impact In certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. - For rawcall, the argument buffer of the call can be corrupted, leading to incorrect calldata in the sub-context. - For createfromblueprint and createcopyof, the buffer f...

PYSEC-2023-306

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...

PYSEC-2023-306

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In version 0.3.9 and prior, under certain conditions, the memory used by the builtins rawcall, createfromblueprint and createcopyof can be corrupted. For rawcall, the argument buffer of the call can be corrupted,...

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

GHSA-W9G2-3W7P-72G9 Incorrect success value returned in vyper

Background During the audit of Lido's Gate Seals code statemind team identified a weird behavior of the code that uses rawcall: https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vyL164 . Construction like this: vyper success = rawcall...

PYSEC-2023-131

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...

CVE-2023-30629 Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...

PT-2023-22826 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.1 through 0.3.7 Description: The Vyper compiler generates the wrong bytecode in versions 0.3.1 through 0.3.7. Any contract that uses the raw call with revert on failure=False and max outsize=0 receives the wrong response fr...