Vyper Security Vulnerabilities and Issues — Vyper CVE List

Lucene search

VyperlangVyper

10 matches found

CVE•added 2022/04/04 6:15 p.m.•69 views

CVE-2022-24787

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends...

7.5CVSS7.5AI score0.00326EPSS

CVE•added 2025/02/21 10:15 p.m.•61 views

CVE-2025-26622

vyper is a Pythonic Smart Contract Language for the EVM. Vyper sqrt() builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed a...

7.5CVSS6.4AI score0.00049EPSS

CVE•added 2025/01/14 6:16 p.m.•60 views

CVE-2025-21607

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execu...

7.5CVSS8.2AI score0.00043EPSS

CVE•added 2025/02/21 10:15 p.m.•59 views

CVE-2025-27104

vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a storage variable upd...

7.5CVSS6.3AI score0.00118EPSS

CVE•added 2023/05/11 9:15 p.m.•55 views

CVE-2023-32058

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of ty...

7.5CVSS7.6AI score0.00186EPSS

CVE•added 2023/05/08 5:15 p.m.•53 views

CVE-2023-30837

Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.

7.5CVSS7.3AI score0.0016EPSS

CVE•added 2023/09/27 3:19 p.m.•47 views

CVE-2023-42460

Vyper is a Pythonic Smart Contract Language for the EVM. The _abi_decode() function does not validate input when it is nested in an expression. Uses of _abi_decode() can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, ...

7.5CVSS6.2AI score0.00048EPSS

CVE•added 2023/05/11 10:15 p.m.•41 views

CVE-2023-32059

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types ...

7.5CVSS7.4AI score0.00064EPSS

CVE•added 2023/04/24 10:15 p.m.•39 views

CVE-2023-30629

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the raw_call with revert_on_failure=False and max_outsize=0 receives the wrong response from raw_call. Depending on ...

7.5CVSS7.5AI score0.00205EPSS

CVE•added 2023/12/13 8:15 p.m.•23 views

CVE-2023-46247

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceil(type_.size_in_bytes / 3...

7.5CVSS7.3AI score0.00336EPSS