CVE-2023-30837

Name of the Vulnerable Software and Affected Versions Vyper versions prior to 0.3.8

Description The storage allocator in Vyper does not guard against allocation overflows, allowing an attacker to overwrite the owner variable. This issue can be exploited by calling a contract with specific calldata, enabling the attacker to modify the owner variable. The issue was fixed in version 0.3.8.

Recommendations For versions prior to 0.3.8, update to version 0.3.8 to resolve the issue. As a temporary workaround, consider restricting access to the foo function until the update is applied. Avoid using the buffer variable in the affected contract until the issue is resolved.