Browse all 40 CVE security advisories affecting vyperlang. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Vyperlang is a statically typed, Pythonic programming language designed for writing smart contracts on the Ethereum blockchain, prioritizing security and simplicity over flexibility. Its primary use case involves creating decentralized applications where code immutability and auditability are critical. Historically, vulnerabilities in Vyperlang implementations have frequently stemmed from logic errors rather than traditional web-based exploits like XSS or RCE, though improper handling of external calls has led to reentrancy issues. The codebase has recorded 40 CVEs, many involving integer overflows or unchecked return values from external contracts. Notable incidents include exploits where attackers manipulated state variables due to insufficient access controls, highlighting the importance of rigorous formal verification. While the language itself aims to mitigate common Solidity pitfalls, implementation flaws in deployed contracts remain the primary vector for security breaches, necessitating strict adherence to best practices in contract development and auditing.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-32058 | Vyper vulnerable to integer overflow in loop — vyperCWE-190 | 7.5 | High | 2023-05-11 |
| CVE-2023-31146 | Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment — vyperCWE-787 | 7.5 | High | 2023-05-11 |
| CVE-2023-30837 | Vyper storage allocator overflow — vyperCWE-789 | 7.5 | High | 2023-05-08 |
| CVE-2023-30629 | Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value — vyperCWE-670 | 7.5 | High | 2023-04-24 |
| CVE-2022-29255 | Multiple evaluation of contract address in call in vyper — vyperCWE-670 | 8.2 | High | 2022-06-06 |
| CVE-2022-24845 | Integer bounds error in Vyper — vyperCWE-190 | 8.8 | High | 2022-04-13 |
| CVE-2022-24788 | Buffer overflow in Vyper — vyperCWE-120 | 7.1 | High | 2022-04-13 |
| CVE-2022-24787 | Incorrect Comparison in Vyper — vyperCWE-697 | 7.5 | High | 2022-04-04 |
| CVE-2021-41121 | Memory corruption in Vyper — vyperCWE-119 | 7.5 | High | 2021-10-06 |
| CVE-2021-41122 | Bounds check missing for decimal args in Vyper — vyperCWE-682 | 4.3 | Medium | 2021-10-05 |
This page lists every published CVE security advisory associated with vyperlang. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.