PT-2025-21348 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions up to and including 0.4.2rc1 Description: The issue concerns the slice builtin in Vyper, which can elide side effects when the output length is 0 and the source bytestring is a builtin, such as msg.data or .code. This occurs...

CVE-2022-24788

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

Improper Input Validation

vyper is vulnerable to Improper Input Validation. The vulnerability is caused by improper handling of memory or storage arguments in the rawlog builtin, which results in incorrect values being logged when these arguments are used as topics...

PT-2023-28356 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.10 Description: The abi decode function in Vyper does not validate input when it is nested in an expression, allowing for bounds checking to be bypassed and resulting in incorrect results. This can be triggered by...

PT-2023-28342 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.2.9 through 0.3.9 Description: The issue concerns locks of the type @nonreentrant"" or @nonreentrant'' that do not produce reentrancy checks at runtime. This can be mitigated by ensuring the lock name is a non-empty string...