vyper@0.3.10rc5 vulnerabilities
Vyper: the Pythonic Programming Language for the EVM
-
latest version
0.4.0
-
first published
6 years ago
-
latest version published
5 months ago
-
licenses detected
- [0.2.9,)
Direct Vulnerabilities
Known vulnerabilities in the vyper package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') due to the How to fix Improper Control of Generation of Code ('Code Injection')? Upgrade |
[0,0.4.0)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') due to the How to fix Improper Control of Generation of Code ('Code Injection')? Upgrade |
[0.3.4,0.4.0)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Improper Input Validation due to the How to fix Improper Input Validation? Upgrade |
[0,0.4.0)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Improper Input Validation due to the use of slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects.How to fix Improper Input Validation? Upgrade |
[0.3.4,0.4.0)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to an incorrect assertion in the code generation for the Note:
The issue arises when start is signed, instead of using How to fix Incorrect Type Conversion or Cast? Upgrade |
[0.3.8,0.4.0b1)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Buffer Overflow due to the improper handling of excessively large values specified as the starting index for an array in How to fix Buffer Overflow? Upgrade |
[0,0.4.0)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Out-of-bounds Read due to the How to fix Out-of-bounds Read? There is no fixed version for |
[0,)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Improper Validation of Array Index due to the handling of array indexes. An attacker can cause unpredictable behavior or access inaccessible elements by using signed integers as indexes for arrays, which bypasses the bounds checker under certain conditions. Note: This is only exploitable if the array is sufficiently large and the negative index is small enough in magnitude to pass the bounds checker. How to fix Improper Validation of Array Index? Upgrade |
[0,0.4.0)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the form of an error in stack management when compiling the How to fix Improper Validation of Specified Quantity in Input? Upgrade |
[0,0.4.0)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Out-of-bounds Read due to improper handling of external contract calls with overlapping input and return buffers. An attacker can cause the contract to overrun the returned data and read return data from the input buffer by supplying malformed return data that is not properly checked against the returned value's length. How to fix Out-of-bounds Read? Upgrade |
[0,0.4.0)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer via the How to fix Improper Restriction of Operations within the Bounds of a Memory Buffer? Upgrade |
[0,0.4.0)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to the incorrect handling of How to fix Improper Check for Unusual or Exceptional Conditions? Upgrade |
[0,0.4.0)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Classic Buffer Overflow via the How to fix Classic Buffer Overflow? Upgrade |
[0.3.2,0.4.0)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when the Note: This is only exploitable if one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, Mitigation: This vulnerability can be mitigated by ensuring that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects. How to fix Always-Incorrect Control Flow Implementation? There is no fixed version for |
[0,)
|
vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Insufficient Validation. It is possible for vyper users who make assumptions about what values certain interface types can return. How to fix Insufficient Validation? There is no fixed version for |
[0,)
|