CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2024-24567 – raw_call `value=` kwargs not disabled for static and delegate calls
https://notcve.org/view.php?id=CVE-2024-24567
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions. • https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/builtins/functions.py#L1100 https://github.com/vyperlang/vyper/security/advisories/GHSA-x2c2-q32w-4w6m • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22419 – concat built-in can corrupt memory in vyper
https://notcve.org/view.php?id=CVE-2024-22419
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. • https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f https://github.com/vyperlang/vyper/issues/3737 https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46247 – Vyper has incorrect storage layout for contracts containing large arrays
https://notcve.org/view.php?id=CVE-2023-46247
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. • https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197 https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74 • CWE-193: Off-by-one Error CWE-682: Incorrect Calculation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42443 – Vyper vulnerable to memory corruption in certain builtins utilizing `msize`
https://notcve.org/view.php?id=CVE-2023-42443
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode. Each builtin has conditions that must be fulfilled for the corruption to happen. For `raw_call`, the `data` argument of the builtin must be `msg.data` and the `value` or `gas` passed to the builtin must be some complex expression that results in writing to the memory. • https://github.com/vyperlang/vyper/issues/3609 https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42441 – Vyper has incorrect re-entrancy lock when key is empty string
https://notcve.org/view.php?id=CVE-2023-42441
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string. Vyper es un Lenguaje de Contrato Inteligente de Python para la Máquina Virtual Ethereum (EVM). • https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83 https://github.com/vyperlang/vyper/pull/3605 https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m • CWE-667: Improper Locking CWE-833: Deadlock •