PT-2023-23951 · Vyper · Vyper

Charles-Cooper

Publicado

2023-05-19

Atualizado

2023-10-26

CVE-2023-32675

CVSS v4.0

6.3

Média

Vetor

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Vyper versions prior to 0.3.8

Description In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked nonpayable. This issue was fixed by the removal of the global calldatasize check.

Recommendations For versions prior to 0.3.8, upgrade to version 0.3.8. For users unable to upgrade, avoid use of nonpayable default functions.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-670

Identificadores relacionados

CVE-2023-32675

GHSA-VXMM-CWH2-Q762

PYSEC-2023-80

Produtos afetados

Vyper

PT-2023-23951 · Vyper · Vyper

CVE-2023-32675

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14