676 matches found
CVE-2021-41122
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0...
PYSEC-2021-366
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0...
Out-of-bounds
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0...
2vyper (=0.3.0), async-web3 (>=0.1.0 <=0.3.1) +11 more potentially affected by CVE-2021-41122 via vyper (>=0.1.0b12 <=0.2.8)
vyper PYPI version =0.1.0b12, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =1.4.0, =0.2.1, =0.1.3, =2.0.24, =0.1.2b2, =0.1.0, =0.2.4 Source cves: CVE-2021-41122 Source advisory: OSV:PYSEC-2021-366...
PYSEC-2021-366
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0...
CVE-2021-41122
CVE-2021-41122 affects the Vyper smart contract language. The issue is that in affected versions, external functions did not properly validate the bounds of decimal arguments, enabling logic errors. The root cause is insufficient bounds checking for decimal inputs in external function definitions...
Vyper 安全漏洞
Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper that stems from an external function that does not properly validate the bounds of a decimal argument...
eth-brownie (=1.15.0) potentially affected by unknown CVE via vyper (=0.2.14)
vyper PYPI version =0.2.14 is affected by a known vulnerability. The following packages have a transitive dependency on vyper and may be impacted: - eth-brownie =1.15.0 Source cves: unknown CVE Source advisory: OSV:GHSA-7F92-RR6W-CQ64...
Data Corruption
vyper causes data corruption. Incorrect data handling allows an attacker to cause a data corruption via certain Web3 libraries with Vyper-deploy forwarder proxy contracts using Vyper's built-in createforwarderto function...
2vyper (=0.3.0), black-mamba (>=0.1.0 <=0.4.2) +4 more potentially affected by unknown CVE via vyper (>=0.1.0b12 <=0.2.11)
vyper PYPI version =0.1.0b12, =0.1.0, =1.4.0, =0.1.3, =0.1.2b2, =0.1.2b4 Source cves: unknown CVE Source advisory: OSV:GHSA-22WC-C9WJ-6Q2V...
2vyper (=0.3.0), async-web3 (>=0.1.0 <=0.3.1) +11 more potentially affected by unknown CVE via vyper (>=0.1.0b12 <=0.2.8)
vyper PYPI version =0.1.0b12, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =1.4.0, =0.2.1, =0.1.3, =2.0.24, =0.1.2b2, =0.1.0, =0.2.4 Source cves: unknown CVE Source advisory: OSV:GHSA-375M-5FVV-XQ23...
VVE-2021-0002: Incorrect `returndatasize` when using simple forwarder proxies deployed prior to EIP-1167 adoption
Background @tjayrush reported a data handling issue with certain Web3 libraries using Vyper-deploy forwarder proxy contracts using our Vyper's built-in createforwarderto function prior to our change to support EIP-1167 style forwarder proxies. Impact If you are an end user of a forwarder-style...
Information Disclosure
vyper is vulnerable to information disclosure. Improper handling of integer types in the Vyper interfaces could allow a user to read an interface that returns a uint8 value to be stored into a uint256 variable without any explicit casting or input validation...
2vyper (=0.3.0), black-mamba (>=0.1.0 <=0.3.0) +1 more potentially affected by unknown CVE via vyper (>=0.1.0b12 <=0.1.0b16)
vyper PYPI version =0.1.0b12, =0.1.0, =1.4.0, =1.6.7 Source cves: unknown CVE Source advisory: OSV:GHSA-MR6R-MVW4-736G...
GHSA-MR6R-MVW4-736G Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
VVE-2020-0001 Earlier today, we received a responsible disclosure of a potential issue from @montyly security researcher at @trailofbits for Vyper users who make assumptions about what values certain interface types can return. Impact We determined the issue to be mild and unlikely to be exploite...
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
VVE-2020-0001 Earlier today, we received a responsible disclosure of a potential issue from @montyly security researcher at @trailofbits for Vyper users who make assumptions about what values certain interface types can return. Impact We determined the issue to be mild and unlikely to be exploite...