Vulnerabilities

CVE-2024-24564

by Fred · 26/02/2024

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability is fixed in 0.4.0.

More information : https://github.com/vyperlang/vyper/commit/3d9c537142fb99b2672f21e2057f5f202cde194f

Similar

Tags: Cybersecurity Alert