CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32649 – vyper performs double eval of the argument of sqrt
https://notcve.org/view.php?id=CVE-2024-32649
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin doesn't cache the argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. • https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32647 – vyper performs double eval of raw_args in create_from_blueprint
https://notcve.org/view.php?id=CVE-2024-32647
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the `_build_create_IR` function of the `create_from_blueprint` builtin doesn't cache the mentioned `args` argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. • https://github.com/vyperlang/vyper/blob/cedf7087e68e67c7bfbd47ae95dcb16b81ad2e02/vyper/builtins/functions.py#L1847 https://github.com/vyperlang/vyper/security/advisories/GHSA-3whq-64q2-qfj6 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32646 – vyper performs double eval of the slice args when buffer from adhoc locations
https://notcve.org/view.php?id=CVE-2024-32646
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `slice` builtin can result in a double eval vulnerability when the buffer argument is either `msg.data`, `self.code` or `<address>.code` and either the `start` or `length` arguments have side-effects. It can be easily triggered only with the versions `<0.3.4` as `0.3.4` introduced the unique symbol fence. No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. • https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32645 – vyper performs incorrect topic logging in raw_log
https://notcve.org/view.php?id=CVE-2024-32645
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. • https://github.com/vyperlang/vyper/security/advisories/GHSA-xchq-w5r3-4wg3 • CWE-20: Improper Input Validation •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24564 – Vyper extract32 can ready dirty memory
https://notcve.org/view.php?id=CVE-2024-24564
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions. Vyper es un lenguaje de contrato inteligente pitónico para la máquina virtual ethereum. Cuando se utiliza el `extract32(b, start)` integrado, si el índice `start` proporcionado tiene como efecto secundario actualizar `b`, la matriz de bytes de la que extraer `32` bytes, podría ser que "extract32" lea y devuelva algo de memoria sucia. • https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx https://github.com/vyperlang/vyper/commit/3d9c537142fb99b2672f21e2057f5f202cde194f • CWE-125: Out-of-bounds Read •