CVE-2022-24787 – Incorrect Comparison in Vyper
https://notcve.org/view.php?id=CVE-2022-24787
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds. • https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508 https://github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwm • CWE-697: Incorrect Comparison •
CVE-2021-41121 – Memory corruption in Vyper
https://notcve.org/view.php?id=CVE-2021-41121
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0. Vyper es un Lenguaje de Contrato Inteligente de Python para el EVM. En las versiones afectadas, cuando se lleva a cabo una llamada a una función dentro de una estructura literal, se presenta un problema de corrupción de memoria que se produce debido a un puntero incorrecto en la parte superior de la pila. • https://github.com/vyperlang/vyper/pull/2447 https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-41122 – Bounds check missing for decimal args in Vyper
https://notcve.org/view.php?id=CVE-2021-41122
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0. Vyper es un lenguaje de contrato inteligente de Python para el EVM. • https://github.com/vyperlang/vyper/pull/2447 https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46 • CWE-682: Incorrect Calculation •