EUVD-2026-21000

web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...

PT-2026-31674

Name of the Vulnerable Software and Affected Versions web3.py versions 6.0.0b3 through 7.15.0 web3.py versions 6.0.0b3 through 8.0.0b2 Description web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in the offchain lookup...

Using controlled delegatecall could in calling _deployTokenManager.tokenManagerDeploy()

Lines of code Vulnerability details Impact The use of delegatecall in this context poses a security risk. When using delegatecall, the called contract's code is executed within the context of the calling contract. This means that the deployTokenManager function is executed as if it is part of the...

External calls can be manipulated

Lines of code Vulnerability details Impact By making external calls to untrusted contracts, the sender might manipulate the contract's state and cause unintended behavior. Proof of Concept In the tokenURI and mint functions, the contract makes external calls to ERC721nftContract.tokenURInftID and...