CVE-2024-24567

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...

Code injection

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...

PYSEC-2024-151

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...

CVE-2024-24567 raw_call `value=` kwargs not disabled for static and delegate calls

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...

CVE-2024-24567

The CVE-2024-24567 issue concerns Vyper, a Pythonic language for the Ethereum VM. The vulnerability is in the Vyper compiler’s raw_call builtin, where a value argument can be passed even when the call is delegatecall or staticcall. However, due to the semantics of delegatecall/staticcall opcodes,...

Vyper's raw_call `value=` kwargs not disabled for static and delegate calls

Summary Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value=...

GHSA-X2C2-Q32W-4W6M Vyper's raw_call `value=` kwargs not disabled for static and delegate calls

Summary Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value=...

Yul 'staticcall' return value not checked

Lines of code Vulnerability details Impact Unexpected behavior if call fail. --- The text was updated successfully, but these errors were encountered: All reactions...

evm incorrect state transition

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

Non view function is called with staticcall in CErc20Delegator

Lines of code Vulnerability details Impact When using CToken implementation with CErc20Delegator, the functions borrowRatePerBlock and supplyRatePerBlock will revert when the underlying functions try to update some states. Detail The v1 of borrowRatePerBlock and supplyRatePerBlock were view...

A malicious zone operator can piggyback other transactions, when a caller tries to fulfill the restricted order

Lines of code Vulnerability details If an order has a restricted order type and, if the caller is other than the offerer or zone, then a staticcall to isValidOrder on the zone is made. This call outside the Seaport contract opens up a possible misuse by the zone contract implementation. The zone...