CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26149 – Vyper _abi_decode Memory Overflow
https://notcve.org/view.php?id=CVE-2024-26149
26 Feb 2024 — Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions. Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtua... • https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24563 – Vyper array negative index vulnerability
https://notcve.org/view.php?id=CVE-2024-24563
07 Feb 2024 — Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. • https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541 • CWE-129: Improper Validation of Array Index •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24559 – Vyper SHA3 code generation bug
https://notcve.org/view.php?id=CVE-2024-24559
05 Feb 2024 — Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. • https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24560 – Vyper external calls can overflow return data to return input buffer
https://notcve.org/view.php?id=CVE-2024-24560
02 Feb 2024 — Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value's length. As a result, malformed return data can cause the contract to mistake data from the input buffer for ... • https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24561 – Vyper bounds check on built-in `slice()` function can be overflowed
https://notcve.org/view.php?id=CVE-2024-24561
01 Feb 2024 — Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the lengt... • https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2024-24567 – raw_call `value=` kwargs not disabled for static and delegate calls
https://notcve.org/view.php?id=CVE-2024-24567
30 Jan 2024 — Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amoun... • https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/builtins/functions.py#L1100 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22419 – concat built-in can corrupt memory in vyper
https://notcve.org/view.php?id=CVE-2024-22419
18 Jan 2024 — Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the c... • https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46247 – Vyper has incorrect storage layout for contracts containing large arrays
https://notcve.org/view.php?id=CVE-2023-46247
13 Dec 2023 — Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than ... • https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197 • CWE-193: Off-by-one Error CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42460 – _abi_decode input not validated in complex expressions in Vyper
https://notcve.org/view.php?id=CVE-2023-42460
26 Sep 2023 — Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626. • https://github.com/vyperlang/vyper/pull/3626 • CWE-682: Incorrect Calculation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42443 – Vyper vulnerable to memory corruption in certain builtins utilizing `msize`
https://notcve.org/view.php?id=CVE-2023-42443
18 Sep 2023 — Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecod... • https://github.com/vyperlang/vyper/issues/3609 • CWE-787: Out-of-bounds Write •