Vyper@0.3.10 Security Vulnerabilities and Issues — Vyper@0.3.10 CVE List

Lucene search

VyperlangVyper0.3.10

8 matches found

CVE•added 2024/01/18 7:15 p.m.•203 views

CVE-2024-22419

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The concat built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the build_IR for concat doesn't properly adhere to the API of cop...

9.8CVSS8.7AI score0.00412EPSS

CVE•added 2024/02/05 9:15 p.m.•152 views

CVE-2024-24559

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha3_64. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand (that is, it cannot be triggered from regular v...

5.3CVSS5.3AI score0.00188EPSS

CVE•added 2024/02/26 8:19 p.m.•107 views

CVE-2024-26149

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in _abi_decode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potential...

5.3CVSS3.9AI score0.0039EPSS

CVE•added 2024/01/30 9:15 p.m.•58 views

CVE-2024-24567

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of...

5.3CVSS5.1AI score0.00194EPSS

CVE•added 2024/04/25 5:15 p.m.•47 views

CVE-2024-32481

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form range(start, start + N), if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

5.3CVSS6.7AI score0.01172EPSS

CVE•added 2024/02/07 5:15 p.m.•42 views

CVE-2024-24563

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of sig...

9.8CVSS9.1AI score0.00169EPSS

CVE•added 2024/02/01 5:15 p.m.•39 views

CVE-2024-24561

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start ...

9.8CVSS9.5AI score0.0119EPSS

CVE•added 2024/02/02 5:15 p.m.•37 views

CVE-2024-24560

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic typ...

5.3CVSS5.3AI score0.00644EPSS