CVE-2023-37902

Name of the Vulnerable Software and Affected Versions Vyper versions prior to 0.3.10

Description The ecrecover precompile in Vyper does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that if the compiler has been convinced to write to the 0 memory location with specially crafted data just before the ecrecover, a signature check might pass on an invalid signature.

Recommendations For versions prior to 0.3.10, update to version 0.3.10 to resolve the issue. As a temporary workaround, consider restricting the use of the ecrecover builtin until a patch is applied. Avoid using the ecrecover operation with immutable reads or hashmap accesses that could write to the 0 memory location.