Ptrcarta

**Name of the Vulnerable Software and Affected Versions** Vyper versions prior to 0.3.8 **Description** The issue concerns internal calls with default arguments in Vyper, a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, these calls are compiled incorrectly, adding default arguments from left-to-right instead of right-to-left. This can bypass type checking if the types are incompatible. The ability to pass kwargs to internal functions is an undocumented feature. **Recommendations** For versions prior to 0.3.8, update to version 0.3.8 to resolve the issue. As a temporary workaround, consider avoiding the use of default arguments in internal calls or carefully reviewing the code to ensure type compatibility. Restrict the use of undocumented features, such as passing kwargs to internal functions, to minimize the risk of exploitation.