CVE-2025-26622
The CVE concerns vyper’s sqrt() builtin, which uses the Babylonian method for decimals. The problem arises from improper handling of oscillating final states, which can cause sqrt to return a rounded-up value (e.g., for certain inputs, 0.9999999998 → 0.9999999999). The issue is detailed in the GH...