CVE-2025-26622 sqrt doesn't define rounding behavior in Vyper

vyper is a Pythonic Smart Contract Language for the EVM. Vyper sqrt builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed a...

PT-2025-7605 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.4.1 Description: The issue arises from the improper handling of oscillating final states in the sqrt function, which uses the babylonian method to calculate square roots of decimals. This can lead to sqrt incorrectly...