CVE-2018-18920

Name of the Vulnerable Software and Affected Versions Py-EVM version 0.2.0-alpha.33

Description The issue allows attackers to make a vm.execute bytecode call that triggers computation with a stack containing values like 100, 100, 0 where a specific byte b'x' was expected, resulting in an execution failure due to an invalid opcode. This is related to the execution of smart contracts without paying gas, potentially allowing them to run indefinitely.

Recommendations For Py-EVM version 0.2.0-alpha.33, as a temporary workaround, consider restricting the vm.execute bytecode call to prevent the execution of smart contracts with invalid opcodes until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.