Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24845 | 1 Vyperlang | 1 Vyper | 2023-08-02 | 7.5 HIGH | 9.8 CRITICAL |
| Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue. | |||||
| CVE-2021-41122 | 1 Vyperlang | 1 Vyper | 2023-08-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0. | |||||
| CVE-2023-32059 | 1 Vyperlang | 1 Vyper | 2023-08-02 | N/A | 7.5 HIGH |
| Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8. | |||||
| CVE-2023-31146 | 1 Vyperlang | 1 Vyper | 2023-08-02 | N/A | 9.1 CRITICAL |
| Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue. | |||||
| CVE-2022-29255 | 1 Vyperlang | 1 Vyper | 2023-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4. | |||||
| CVE-2021-41121 | 1 Vyperlang | 1 Vyper | 2023-08-02 | 6.5 MEDIUM | 8.8 HIGH |
| Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0. | |||||