Out-of-bounds Write Affecting vyper package, versions [,0.3.10rc4)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    Exploit Maturity
    Proof of concept
    EPSS
    0.14% (52nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-VYPER-5905487
  • published 19 Sep 2023
  • disclosed 18 Sep 2023
  • credit trocher

How to fix?

Upgrade vyper to version 0.3.10rc4 or higher.

Overview

vyper is a Pythonic Smart Contract Language for the EVM.

Affected versions of this package are vulnerable to Out-of-bounds Write via the builtins raw_call, create_from_blueprint and create_copy_of. An attacker can corrupt the memory used, leading to incorrect calldata in the sub-context or deploying incorrect bytecode by passing complex expressions that result in writing to the memory.

Note: This is only exploitable if:

  1. the data argument of the raw_call builtin is msg.data and the value or gas passed to the builtin is a complex expression that results in writing to the memory.

  2. For create_copy_of and create_from_blueprint, the value or salt passed to the builtin must be a complex expression that results in writing to the memory. For create_from_blueprint, either no constructor parameters should be passed to the builtin or raw_args should be set to True.

Workaround:

This vulnerability can be mitigated by caching the complex expressions that are being passed as kwargs to the builtin in memory prior to the call to the builtin.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
8.1 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    High
Expand this section

NVD

8.1 high