CVE-2024-24567
30.01.2024, 21:15
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions.Enginsight
Vendor | Product | Version |
---|---|---|
vyperlang | vyper | 𝑥 ≤ 0.3.10 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References