CRITICAL🇵🇱 Wersja polska

CVE-2024-24561

CVSS 9.8v3.1pub. 2024-02-01upd. 2024-11-21

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.

🤖 AI Analysis
How it works

The slice() function applies a bounds checking mechanism, however it does not account for situations where the sum of the start and length arguments can undergo arithmetic overflow (integer overflow) if they are not literal values. An attacker can pass appropriately crafted dynamic values that cause overflow and bypass range verification. This results in the ability to perform out-of-bounds (OOB) read or write operations in storage, memory, or calldata space.

Impact

An attacker can gain unauthorized access to data outside the permitted range (OOB read/write) in storage, memory, or calldata areas of the contract, and can overwrite the slot storing the array length, potentially leading to contract state corruption or privilege escalation in its logic.

Mitigation & patch

Update the Vyper compiler to a version newer than 0.3.10. Detailed information about available patches is available in the project repository and the GHSA-9x7f-gwxq-6f2c security advisory. Contracts compiled with the vulnerable compiler version should be recompiled and redeployed after updating.

Who is affected

Vyperlang Vyper version 0.3.10 and earlier — affects smart contracts compiled with this compiler that use the slice() function with non-literal start or length arguments.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Vyperlang Vyper

    APP
    Vyperlang
    ≤ 0.3.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-24563CRITICAL9.8PL ✓ten sam produkt

Vyper: nieprawidłowa walidacja indeksu tablicy — dostęp przez liczby ujemne

CVE-2023-39363CRITICAL9.1ten sam produkt

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16...

CVE-2024-22419HIGH7.3ten sam produkt

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write ...

CVE-2023-46247HIGH7.5ten sam produkt

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large...

CVE-2023-42443HIGH8.1ten sam produkt

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior...