Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2024/04/25 7:51 p.m.24 views

vyper performs double eval of the slice start/length args in certain cases

Summary Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects. A contract search was performed and no vulnerable contracts were found in production. Having...

5.3CVSS5.5AI score0.00451EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/25 7:50 p.m.46 views

vyper performs multiple eval of `sqrt()` argument built in

Summary Using the sqrt builtin can result in multiple eval evaluation of side effects when the argument has side-effects. The bug is more difficult but not impossible! to trigger as of 0.3.4, when the unique symbol fence was introduced https://github.com/vyperlang/vyper/pull/2914. A contract sear...

5.3CVSS5.4AI score0.00451EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/04/25 6:15 p.m.41 views

CVE-2024-32646

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

5.3CVSS5.5AI score0.00451EPSS
Exploits0References1
CVE
CVE
added 2024/04/25 5:21 p.m.74 views

CVE-2024-32646

Vyper CVE-2024-32646 affects the Pythonic smart contract language. The vulnerability concerns the builtin slice when the buffer is msg.data, self.code, or .code and either the start or length has side-effects, causing a double evaluation of those side-effects. It is triggerable only in versions e...

5.3CVSS7AI score0.00451EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder