Vyper Security Vulnerabilities and Issues — Vyper CVE List

Lucene search

VyperlangVyper

8 matches found

CVE•added 2024/01/18 7:15 p.m.•202 views

CVE-2024-22419

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The concat built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the build_IR for concat doesn't properly adhere to the API of cop...

9.8CVSS8.7AI score0.00412EPSS

CVE•added 2022/04/13 10:15 p.m.•103 views

CVE-2022-24845

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of .returns_int128() is not validated to fall within the bounds of int128. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, ....

9.8CVSS9.1AI score0.00376EPSS

CVE•added 2022/04/13 7:15 p.m.•82 views

CVE-2022-24788

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a buff...

9.8CVSS8.3AI score0.00312EPSS

CVE•added 2025/02/21 10:15 p.m.•75 views

CVE-2025-27105

vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bou...

9.1CVSS6.5AI score0.0011EPSS

CVE•added 2023/08/07 7:15 p.m.•45 views

CVE-2023-39363

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in ...

9.1CVSS5.5AI score0.00072EPSS

CVE•added 2024/02/07 5:15 p.m.•41 views

CVE-2024-24563

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of sig...

9.8CVSS9.1AI score0.00169EPSS

CVE•added 2023/05/11 9:15 p.m.•39 views

CVE-2023-31146

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. ...

9.1CVSS8.5AI score0.00165EPSS

CVE•added 2024/02/01 5:15 p.m.•38 views

CVE-2024-24561

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start ...

9.8CVSS9.5AI score0.0119EPSS