Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-32647— vyper performs double eval of raw_args in create_from_blueprint

CVSS 5.3 · Medium EPSS 0.51% · P66
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-32647

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
vyper performs double eval of raw_args in create_from_blueprint
Source: NVD (National Vulnerability Database)
Vulnerability Description
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the `_build_create_IR` function of the `create_from_blueprint` builtin doesn't cache the mentioned `args` argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions exist.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Vyper 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Vyper是EVM 的 Pythonic 智能合约语言。 Vyper 0.3.10 及之前版本存在安全漏洞,该漏洞源于使用 create_from_blueprint内置函数可能会导致安全问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
vyperlangvyper <= 0.3.10 -

II. Public POCs for CVE-2024-32647

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-32647

登录查看更多情报信息。

Same Patch Batch · vyperlang · 2024-04-25 · 6 CVEs total

CVE-2024-326495.3 MEDIUMvyper performs double eval of the argument of sqrt
CVE-2024-324815.3 MEDIUMvyper's range(start, start + N) reverts for negative numbers
CVE-2024-326485.3 MEDIUMvyper default functions don't respect nonreentrancy keys
CVE-2024-326465.3 MEDIUMvyper performs double eval of the slice args when buffer from adhoc locations
CVE-2024-326455.3 MEDIUMvyper performs incorrect topic logging in raw_log

IV. Related Vulnerabilities

Same product: vyper
Same vendor: vyperlang
Same weakness: CWE-95

V. Comments for CVE-2024-32647

No comments yet

Leave a comment