Lucene search

K

6 matches found

CVE
CVE
added 2024/02/05 9:15 p.m.151 views

CVE-2024-24559

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha3_64. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand (that is, it cannot be triggered from regular v...

5.3CVSS5.3AI score0.00188EPSS
CVE
CVE
added 2024/02/26 8:19 p.m.110 views

CVE-2024-24564

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32(b, start), if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This...

5.3CVSS3.8AI score0.00475EPSS
CVE
CVE
added 2024/02/26 8:19 p.m.106 views

CVE-2024-26149

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in _abi_decode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potential...

5.3CVSS3.9AI score0.0039EPSS
CVE
CVE
added 2024/02/07 5:15 p.m.41 views

CVE-2024-24563

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of sig...

9.8CVSS9.1AI score0.00169EPSS
CVE
CVE
added 2024/02/01 5:15 p.m.38 views

CVE-2024-24561

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start ...

9.8CVSS9.5AI score0.0119EPSS
CVE
CVE
added 2024/02/02 5:15 p.m.34 views

CVE-2024-24560

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic typ...

5.3CVSS5.3AI score0.00644EPSS