Vyper · Vyper · CVE-2023-30837
**Name of the Vulnerable Software and Affected Versions**
Vyper versions prior to 0.3.8
**Description**
The storage allocator in Vyper does not guard against allocation overflows, allowing an attacker to overwrite the `owner` variable. This issue can be exploited by calling a contract with specific calldata, enabling the attacker to modify the owner variable. The issue was fixed in version 0.3.8.
**Recommendations**
For versions prior to 0.3.8, update to version 0.3.8 to resolve the issue. As a temporary workaround, consider restricting access to the `foo` function until the update is applied. Avoid using the `buffer` variable in the affected contract until the issue is resolved.