CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30837 – Vyper storage allocator overflow
https://notcve.org/view.php?id=CVE-2023-30837
08 May 2023 — Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8. • https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30629 – Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value
https://notcve.org/view.php?id=CVE-2023-30629
24 Apr 2023 — Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. • https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29255 – Multiple evaluation of contract address in call in vyper
https://notcve.org/view.php?id=CVE-2022-29255
06 Jun 2022 — Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4. Vyper es un Lenguaje de Contratos Inteligentes de Python para la máquina virtual de Ethereum. • https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24845 – Integer bounds error in Vyper
https://notcve.org/view.php?id=CVE-2022-24845
13 Apr 2022 — Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. • https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24788 – Buffer overflow in Vyper
https://notcve.org/view.php?id=CVE-2022-24788
13 Apr 2022 — Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue. • https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24787 – Incorrect Comparison in Vyper
https://notcve.org/view.php?id=CVE-2022-24787
04 Apr 2022 — Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds. • https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508 • CWE-697: Incorrect Comparison •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41121 – Memory corruption in Vyper
https://notcve.org/view.php?id=CVE-2021-41121
06 Oct 2021 — Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0. Vyper es un Lenguaje de Contrato Inteligente de Python para el EVM. En las versiones afectadas, cuando se lleva a cabo una llamada a una función dentro de una estructura literal, se presenta un problema de corrupción de me... • https://github.com/vyperlang/vyper/pull/2447 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41122 – Bounds check missing for decimal args in Vyper
https://notcve.org/view.php?id=CVE-2021-41122
05 Oct 2021 — Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0. Vyper es un lenguaje de contrato inteligente de Python para el EVM. • https://github.com/vyperlang/vyper/pull/2447 • CWE-682: Incorrect Calculation •