CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32649 – vyper performs double eval of the argument of sqrt
https://notcve.org/view.php?id=CVE-2024-32649
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin doesn't cache the argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. • https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32647 – vyper performs double eval of raw_args in create_from_blueprint
https://notcve.org/view.php?id=CVE-2024-32647
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the `_build_create_IR` function of the `create_from_blueprint` builtin doesn't cache the mentioned `args` argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. • https://github.com/vyperlang/vyper/blob/cedf7087e68e67c7bfbd47ae95dcb16b81ad2e02/vyper/builtins/functions.py#L1847 https://github.com/vyperlang/vyper/security/advisories/GHSA-3whq-64q2-qfj6 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32646 – vyper performs double eval of the slice args when buffer from adhoc locations
https://notcve.org/view.php?id=CVE-2024-32646
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. • https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32645 – vyper performs incorrect topic logging in raw_log
https://notcve.org/view.php?id=CVE-2024-32645
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. • https://github.com/vyperlang/vyper/security/advisories/GHSA-xchq-w5r3-4wg3 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32481 – vyper's range(start, start + N) reverts for negative numbers
https://notcve.org/view.php?id=CVE-2024-32481
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a `range` of the form `range(start, start + N)`, if `start` is negative, the execution will always revert. This issue is caused by an incorrect assertion inserted by the code generation of the range `stmt.parse_For_range()`. The issue arises when `start` is signed, instead of using `sle`, `le` is used and `start` is interpreted as an unsigned integer for the comparison. If it is a negative number, its 255th bit is set to `1` and is hence interpreted as a very large unsigned integer making the assertion always fail. • https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/codegen/stmt.py#L286-L287 https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868 https://github.com/vyperlang/vyper/commit/5319cfbe14951e007ccdb323257e5ada869b35d5 https://github.com/vyperlang/vyper/security/advisories/GHSA-ppx5-q359-pvwj • CWE-681: Incorrect Conversion between Numeric Types •