CVE-2023-40015

Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*

History

No history.

Information

Published : 2023-09-04 18:15

Updated : 2023-09-08 13:58

NVD link : CVE-2023-40015

Mitre link : CVE-2023-40015

CVE.ORG link : CVE-2023-40015

JSON object : View

Products Affected

vyperlang

vyper

CWE

CWE-670

Always-Incorrect Control Flow Implementation

{"id": "CVE-2023-40015", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2023-09-04T18:15:07.880", "references": [{"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-670"}]}], "descriptions": [{"lang": "en", "value": "Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects."}, {"lang": "es", "value": "Vyper es un Lenguaje de Contratos Inteligentes de Python. Para la siguiente lista de expresiones (probablemente no exhaustiva), el compilador eval\u00faa los argumentos de derecha a izquierda en lugar de izquierda a derecha. \"unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (cuando lhs y rhs son enums)\". Este comportamiento se convierte en un problema cuando la evaluaci\u00f3n de uno de los argumentos produce efectos secundarios de los que dependen otros argumentos. Las siguientes expresiones pueden producir efectos secundarios: llamada externa que modifica el estado, llamada interna que modifica el estado, \"raw_call\", \"pop()\" cuando se utiliza un array din\u00e1mico almacenado en el almacenamiento, \"create_minimal_proxy_to\", \"create_copy_of\" y \"create_from_blueprint\". Este problema a\u00fan no se ha solucionado. Se aconseja a los usuarios que se aseguren de que los argumentos de la expresi\u00f3n no producen efectos secundarios o, si alguno los produce, de que ning\u00fan otro argumento depende de esos efectos secundarios. "}], "lastModified": "2023-09-08T13:58:23.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "56FB25B4-6446-4B4B-87AA-D4368B4B8685", "versionEndIncluding": "0.3.9"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}