Lucene search

K

23 matches found

CVE
CVE
added 2024/02/26 8:19 p.m.111 views

CVE-2024-24564

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32(b, start), if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This...

5.3CVSS3.8AI score0.00475EPSS
CVE
CVE
added 2022/04/13 10:15 p.m.105 views

CVE-2022-24845

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of .returns_int128() is not validated to fall within the bounds of int128. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, ....

9.8CVSS9.1AI score0.00376EPSS
CVE
CVE
added 2022/06/09 9:15 a.m.86 views

CVE-2022-29255

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue ...

8.2CVSS7.5AI score0.00097EPSS
CVE
CVE
added 2022/04/13 7:15 p.m.83 views

CVE-2022-24788

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a buff...

9.8CVSS8.3AI score0.00312EPSS
CVE
CVE
added 2025/02/21 10:15 p.m.76 views

CVE-2025-27105

vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bou...

9.1CVSS6.5AI score0.00167EPSS
CVE
CVE
added 2023/07/25 9:15 p.m.69 views

CVE-2023-37902

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS5.2AI score0.00072EPSS
CVE
CVE
added 2021/10/05 11:15 p.m.68 views

CVE-2021-41122

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.

4.3CVSS4.5AI score0.00203EPSS
CVE
CVE
added 2025/02/21 10:15 p.m.62 views

CVE-2025-26622

vyper is a Pythonic Smart Contract Language for the EVM. Vyper sqrt() builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed a...

7.5CVSS6.4AI score0.00058EPSS
CVE
CVE
added 2025/01/14 6:16 p.m.61 views

CVE-2025-21607

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execu...

7.5CVSS8.2AI score0.00077EPSS
CVE
CVE
added 2025/02/21 10:15 p.m.60 views

CVE-2025-27104

vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a storage variable upd...

7.5CVSS6.3AI score0.00143EPSS
CVE
CVE
added 2021/10/06 6:15 p.m.58 views

CVE-2021-41121

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.

8.8CVSS8.3AI score0.00423EPSS
CVE
CVE
added 2023/05/11 9:15 p.m.58 views

CVE-2023-32058

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of ty...

7.5CVSS7.6AI score0.00186EPSS
CVE
CVE
added 2024/04/25 6:15 p.m.57 views

CVE-2024-32649

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the build_IR function of the sqrt builtin doesn't cache the argument to ...

5.3CVSS6.8AI score0.00685EPSS
CVE
CVE
added 2024/04/25 6:15 p.m.56 views

CVE-2024-32647

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the create_from_blueprint builtin can result in a double eval vulnerability when raw_args=True and the args argument has side-effects. It can be seen that the _build_create_IR function ...

5.3CVSS6.8AI score0.00505EPSS
CVE
CVE
added 2023/05/08 5:15 p.m.54 views

CVE-2023-30837

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.

7.5CVSS7.3AI score0.0016EPSS
CVE
CVE
added 2024/04/25 6:15 p.m.54 views

CVE-2024-32646

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects. I...

5.3CVSS7AI score0.00589EPSS
CVE
CVE
added 2024/04/25 6:15 p.m.53 views

CVE-2024-32648

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0, default functions don't respect nonreentrancy keys and the lock isn't emitted. No vulnerable production contracts were found. Additionally, using a lock on a default function is a very sparsely use...

5.3CVSS6.7AI score0.00257EPSS
CVE
CVE
added 2023/09/18 9:16 p.m.48 views

CVE-2023-42443

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins raw_call, create_from_blueprint and create_copy_of can be corrupted. For raw_call, the argument buffer of the call can be corrupt...

8.1CVSS8.2AI score0.00225EPSS
CVE
CVE
added 2023/05/19 8:15 p.m.47 views

CVE-2023-32675

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked nonpayable. This applies to contracts compiled with vyper versions ...

5.3CVSS4.6AI score0.00182EPSS
CVE
CVE
added 2024/04/25 6:15 p.m.47 views

CVE-2024-32645

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when raw_log builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in ...

5.3CVSS5.3AI score0.00589EPSS
CVE
CVE
added 2023/05/11 10:15 p.m.43 views

CVE-2023-32059

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types ...

7.5CVSS7.4AI score0.00064EPSS
CVE
CVE
added 2023/05/11 9:15 p.m.42 views

CVE-2023-31146

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. ...

9.1CVSS8.5AI score0.00165EPSS
CVE
CVE
added 2023/12/13 8:15 p.m.24 views

CVE-2023-46247

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceil(type_.size_in_bytes / 3...

7.5CVSS7.3AI score0.00336EPSS