PT-2022-19430 · Vyper · Vyper
Published
2022-05-06
·
Updated
2022-05-16
·
CVE-2022-29175
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Vyper versions 0.3.2 through 0.3.3
Description
Vyper is a pythonic smart contract language for the Ethereum virtual machine. Since version 0.3.2, decimals use the full range of the underlying int168 type. Multiplication of 168-bit integers can wrap in 256-bit arithmetic, but the
safemul function does not check for that.Recommendations
For versions 0.3.2 and 0.3.3, update to version 0.3.4 to resolve the issue.
As a temporary workaround, consider disabling the
safemul function until a patch is available. Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vyper