Vyper@* Security Vulnerabilities and Issues — Vyper@* CVE List

Lucene search

VyperlangVyper*

14 matches found

CVE•added 2023/07/25 9:15 p.m.•67 views

CVE-2023-37902

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS5.2AI score0.00072EPSS

CVE•added 2023/05/11 9:15 p.m.•55 views

CVE-2023-32058

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of ty...

7.5CVSS7.6AI score0.00186EPSS

CVE•added 2023/05/08 5:15 p.m.•53 views

CVE-2023-30837

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.

7.5CVSS7.3AI score0.0016EPSS

CVE•added 2023/09/18 9:16 p.m.•53 views

CVE-2023-42441

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant("") or @nonreentrant('') do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, en...

5.3CVSS5AI score0.00151EPSS

CVE•added 2023/09/04 6:15 p.m.•47 views

CVE-2023-40015

Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprec...

5.3CVSS4.5AI score0.00072EPSS

CVE•added 2023/09/27 3:19 p.m.•47 views

CVE-2023-42460

Vyper is a Pythonic Smart Contract Language for the EVM. The _abi_decode() function does not validate input when it is nested in an expression. Uses of _abi_decode() can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, ...

7.5CVSS6.2AI score0.00048EPSS

CVE•added 2023/05/19 8:15 p.m.•45 views

CVE-2023-32675

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked nonpayable. This applies to contracts compiled with vyper versions ...

5.3CVSS4.6AI score0.00182EPSS

CVE•added 2023/08/07 7:15 p.m.•45 views

CVE-2023-39363

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in ...

9.1CVSS5.5AI score0.00072EPSS

CVE•added 2023/09/18 9:16 p.m.•45 views

CVE-2023-42443

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins raw_call, create_from_blueprint and create_copy_of can be corrupted. For raw_call, the argument buffer of the call can be corrupt...

8.1CVSS8.2AI score0.00225EPSS

CVE•added 2023/05/11 10:15 p.m.•41 views

CVE-2023-32059

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types ...

7.5CVSS7.4AI score0.00064EPSS

CVE•added 2023/09/04 6:15 p.m.•40 views

CVE-2023-41052

Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256_addmod, uint256_mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side e...

5.3CVSS4.7AI score0.0007EPSS

CVE•added 2023/04/24 10:15 p.m.•39 views

CVE-2023-30629

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the raw_call with revert_on_failure=False and max_outsize=0 receives the wrong response from raw_call. Depending on ...

7.5CVSS7.5AI score0.00205EPSS

CVE•added 2023/05/11 9:15 p.m.•39 views

CVE-2023-31146

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. ...

9.1CVSS8.5AI score0.00165EPSS

CVE•added 2023/12/13 8:15 p.m.•23 views

CVE-2023-46247

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceil(type_.size_in_bytes / 3...

7.5CVSS7.3AI score0.00336EPSS