vyper@0.4.0b4 vulnerabilities

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') due to the _build_create_IR function of the create_from_blueprint builtin not caching the args argument to the stack, leading to its potential evaluation multiple times instead of retrieving the value from the stack. This could allow an attacker to trigger unintended behavior by exploiting the double evaluation of args.

There is no fixed version for vyper.

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') due to the build_IR function of the sqrt builtin not caching the argument to the stack, leading to potential double evaluation of the argument if it has side-effects. This could allow an attacker to manipulate the outcome of the sqrt function under certain conditions.

There is no fixed version for vyper.

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Improper Input Validation due to the build_IR function of the RawLog class failing to properly unwrap the variables provided as topics. Consequently, incorrect values can be logged which may result in unexpected behavior in client-side applications relying on these logs.

There is no fixed version for vyper.

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Improper Input Validation due to the use of slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or

There is no fixed version for vyper.

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Buffer Overflow due to the improper handling of excessively large values specified as the starting index for an array in _abi_decode. This can cause the read position to overflow, leading to the decoding of values outside the intended array bounds.

There is no fixed version for vyper.

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Out-of-bounds Read due to the extract32 function's caching mechanism. An attacker can access and return dirty memory bytes instead of the expected output by manipulating the start index to change b's content and length.

There is no fixed version for vyper.

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Improper Validation of Array Index due to the handling of array indexes. An attacker can cause unpredictable behavior or access inaccessible elements by using signed integers as indexes for arrays, which bypasses the bounds checker under certain conditions.

Note:

This is only exploitable if the array is sufficiently large and the negative index is small enough in magnitude to pass the bounds checker.

There is no fixed version for vyper.

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the form of an error in stack management when compiling the IR for sha3_64. The height variable is miscalculated, which can lead to incorrect bytecode generation. An attacker can exploit this by manually writing the IR and using the fang binary directly to compile it.

There is no fixed version for vyper.

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Out-of-bounds Read due to improper handling of external contract calls with overlapping input and return buffers. An attacker can cause the contract to overrun the returned data and read return data from the input buffer by supplying malformed return data that is not properly checked against the returned value's length.

There is no fixed version for vyper.

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer via the slice function. An attacker can achieve out-of-bounds access to storage, memory or calldata addresses and potentially corrupt the length slot of the respective array by manipulating the start or length variables to overflow the bounds check.

There is no fixed version for vyper.

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions due to the incorrect handling of value= keyword arguments in the raw_call function when delegatecall or staticcall are used. An attacker can mislead developers into believing that funds are being transferred with the call when, in fact, no value is sent.

A fix was pushed into the master branch but not yet published.

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Classic Buffer Overflow via the concat built-in function. An attacker can alter the contract's intended behavior, that may overwrite valid data, leading to unexpected outcomes.

A fix was pushed into the master branch but not yet published.

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when the unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums) expressions are evaluated. An attacker can cause incorrect control flow by exploiting the right-to-left evaluation of arguments.

Note:

This is only exploitable if one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, raw_call, pop() when used on a Dynamic Array stored in the storage, create_minimal_proxy_to, create_copy_of, create_from_blueprint.

Mitigation: This vulnerability can be mitigated by ensuring that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.

There is no fixed version for vyper.

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Insufficient Validation. It is possible for vyper users who make assumptions about what values certain interface types can return.

There is no fixed version for vyper.