PT-2022-16919 · Vyper · Vyper
Highcharles-Cooper
·
Published
2022-04-13
·
Updated
2023-08-02
·
CVE-2022-24845
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Vyper versions prior to 0.3.2
Description
The return of
<iface>.returns int128() is not validated to fall within the bounds of int128, which can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, <iface>.returns int128() is validated in simple expressions, but not complex expressions.Recommendations
For versions prior to 0.3.2, upgrade to version 0.3.2 or later to resolve the issue.
As a temporary workaround, break up operations involving external calls into multiple statements, such as assigning the result of
<iface>.returns int128() to a variable before further processing.Exploit
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vyper