CVE-2022-24787

Name of the Vulnerable Software and Affected Versions Vyper versions 0.3.1 and prior

Description The issue arises from the comparison of bytestrings, which can yield incorrect results due to the presence of dirty bytes or the lack of length comparison. Specifically, two bytestrings can compare as equal even if one ends with a null byte (x00) because the comparison does not account for the length of the bytestrings. This can lead to incorrect evaluations, such as b1 == b2 returning True when b1 and b2 are not identical.

Recommendations For Vyper versions 0.3.1 and prior, update to version 0.3.2 or later, which is expected to include the patch for this issue. At the moment, there is no information about other workarounds for this vulnerability.