CVE-2023-46247

Name of the Vulnerable Software and Affected Versions Vyper versions prior to 0.3.8

Description The issue affects contracts containing large arrays, which might underallocate the number of slots they need by 1. This occurs due to a calculation error in determining the required slots for a storage variable, which uses math.ceil(type .size in bytes / 32). The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Specifically, if type .size in bytes is large (> 2**46) and slightly less than a power of 2, the calculation can overestimate the required slots, while if type .size in bytes is slightly more than a power of 2, it can underestimate the required slots. This can lead to overwriting of variables, as demonstrated by example contracts.

Recommendations For versions prior to 0.3.8, update to version 0.3.8 to resolve the issue. As a temporary workaround, consider reviewing contracts for large arrays and manually verifying the allocation of slots to prevent potential overwriting of variables. Restrict access to contracts containing large arrays to minimize the risk of exploitation until the issue is resolved.