31 matches found
MAL-2025-47728 Malicious code in sqrt-enhanced (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in sqrt-enhanced (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-42088 Malicious code in sqrt_module (npm)
The package sqrtmodule was found to contain malicious code...
Malicious code in sqrt_module (npm)
The package sqrtmodule was found to contain malicious code...
MAL-2025-41608 Malicious code in sqrt-bn-enhanced (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in sqrt-bn-enhanced (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41607 Malicious code in sqrt-bn (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in sqrt-bn (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-26622
A flaw was found in Vyper’s sqrt builtin function. This vulnerability allows incorrect rounding of square root calculations via improper handling of oscillating final states in the Babylonian method. Mitigation Mitigation for this issue is either not available or the currently available options d...
Incorrect Calculation
Overview vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Incorrect Calculation due to the sqrt function. An attacker can manipulate the output to cause incorrect rounding results by providing specific input values that cause the functio...
Vyper's sqrt doesn't define rounding behavior
Vyper's sqrt builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. the fix is tracked in https://github.com/vyperlang/vyper/pull/4486 Vulnerability Detai...
PYSEC-2025-29
vyper is a Pythonic Smart Contract Language for the EVM. Vyper sqrt builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed a...
PYSEC-2025-29
vyper is a Pythonic Smart Contract Language for the EVM. Vyper sqrt builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed a...
CVE-2025-26622
The CVE concerns vyper’s sqrt() builtin, which uses the Babylonian method for decimals. The problem arises from improper handling of oscillating final states, which can cause sqrt to return a rounded-up value (e.g., for certain inputs, 0.9999999998 → 0.9999999999). The issue is detailed in the GH...
Double Evaluation
vyper is vulnerable to Double Evaluation. The vulnerability is due to the buildIR function of the sqrt builtin not caching the argument to the stack, allowing for multiple evaluations when the argument has side-effects...
vyper performs multiple eval of `sqrt()` argument built in
Summary Using the sqrt builtin can result in multiple eval evaluation of side effects when the argument has side-effects. The bug is more difficult but not impossible! to trigger as of 0.3.4, when the unique symbol fence was introduced https://github.com/vyperlang/vyper/pull/2914. A contract sear...
GHSA-5JRJ-52X8-M64H vyper performs multiple eval of `sqrt()` argument built in
Summary Using the sqrt builtin can result in multiple eval evaluation of side effects when the argument has side-effects. The bug is more difficult but not impossible! to trigger as of 0.3.4, when the unique symbol fence was introduced https://github.com/vyperlang/vyper/pull/2914. A contract sear...
PYSEC-2024-209
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the buildIR function of the sqrt builtin doesn't cache the argument to...
CVE-2024-32649 vyper performs double eval of the argument of sqrt
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the buildIR function of the sqrt builtin doesn't cache the argument to...
Vyper 安全漏洞
Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper 0.3.10 and prior versions, which stems from a security issue with the built-in sqrt parameter...