Homepage

vyper@0.4.1rc3 vulnerabilities

Vyper: the Pythonic Programming Language for the EVM

  • latest version

    0.4.1

  • first published

    6 years ago

  • latest version published

    1 months ago

  • licenses detected

  • View vyper package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the vyper package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Incorrect Calculation

    vyper is a Pythonic Smart Contract Language for the EVM.

    Affected versions of this package are vulnerable to Incorrect Calculation due to the sqrt function. An attacker can manipulate the output to cause incorrect rounding results by providing specific input values that cause the function to oscillate between two close values.

    How to fix Incorrect Calculation?

    Upgrade vyper to version 0.4.1 or higher.

    [,0.4.1)
    • M
    Out-of-bounds Write

    vyper is a Pythonic Smart Contract Language for the EVM.

    Affected versions of this package are vulnerable to Out-of-bounds Write through the evaluation of AugAssign statements in conjunction with dynamic array operations. An attacker can cause an out-of-bounds write by manipulating the array size during the assignment operation.

    How to fix Out-of-bounds Write?

    Upgrade vyper to version 0.4.1 or higher.

    [,0.4.1)
    • M
    Insufficient Control Flow Management

    vyper is a Pythonic Smart Contract Language for the EVM.

    Affected versions of this package are vulnerable to Insufficient Control Flow Management due to the evaluation of iterator expressions in the loop body that can consume side effects from the loop iterations. An attacker can manipulate the program's state and cause unexpected behavior by exploiting the side effects in the loop body.

    How to fix Insufficient Control Flow Management?

    Upgrade vyper to version 0.4.1 or higher.

    [,0.4.1)
    • L
    Always-Incorrect Control Flow Implementation

    vyper is a Pythonic Smart Contract Language for the EVM.

    Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when the unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums) expressions are evaluated. An attacker can cause incorrect control flow by exploiting the right-to-left evaluation of arguments.

    Note:

    This is only exploitable if one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, raw_call, pop() when used on a Dynamic Array stored in the storage, create_minimal_proxy_to, create_copy_of, create_from_blueprint.

    Mitigation: This vulnerability can be mitigated by ensuring that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.

    How to fix Always-Incorrect Control Flow Implementation?

    There is no fixed version for vyper.

    [0,)
    • L
    Insufficient Validation

    vyper is a Pythonic Smart Contract Language for the EVM.

    Affected versions of this package are vulnerable to Insufficient Validation. It is possible for vyper users who make assumptions about what values certain interface types can return.

    How to fix Insufficient Validation?

    There is no fixed version for vyper.

    [0,)
    Go back to all versions of this package