Key Information about the Vulnerability Overview Title: First Immutable Variable Initialization Severity: Moderate Published by: hedgar2017 on Oct 25, 2023 GHSA ID: GHSA-h8jv-969m-94r4 CVE ID: CVE-2023-46232 Affected Package Package: zkvyper (Vyper) Affected Versions: =1.3.10 Description The bug prevented the initialization of the first immutable variable for Vyper contracts when a String or Array with more than 256-bit words was allocated but not fully initialized. This resulted in the second word's index being set to 0, overwriting the first immutable value. Impact The issue occurs when a string with 64 bytes is allocated, but only 4 (32) are written. In the , this problem manifests as the first immutable value with the actual 0 index being overwritten. Patches Fix Version: 1.3.10 The compiler now sets all indexes in advance to resolve the issue. Workarounds Upgrading and redeploying affected contracts. Additional Notes No contracts were found to be affected by the time the advisory was published. No related CWEs are identified. Credits: pcaversaccio (Finder)