PT-2023-23951 · Vyper · Vyper
Charles-Cooper
+1
·
Published
2023-05-19
·
Updated
2023-10-26
·
CVE-2023-32675
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Vyper versions prior to 0.3.8
Description
In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked
nonpayable. This issue was fixed by the removal of the global calldatasize check.Recommendations
For versions prior to 0.3.8, upgrade to version 0.3.8.
For users unable to upgrade, avoid use of nonpayable default functions.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vyper