1 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The problem arises when there is a String or Array with more 256-bit words allocated than initialized. It results in the second word’s index unset, that is effectively set to 0, so the first immutable value with the actual 0 index is overwritten in the ImmutableSimulator. Version 1.3.10 fixes this issue by setting all indexes in advance. • https://github.com/matter-labs/era-compiler-vyper/commit/8be305a1b9c68d0fd47dad3434224ed85944ca25 https://github.com/matter-labs/era-compiler-vyper/security/advisories/GHSA-h8jv-969m-94r4 https://github.com/matter-labs/era-system-contracts/blob/main/contracts/ImmutableSimulator.sol#L37 • CWE-471: Modification of Assumed-Immutable Data (MAID) •