CVE-2023-41052

Name of the Vulnerable Software and Affected Versions Vyper (affected versions not specified)

Description The order of evaluation of the arguments of the builtin functions uint256 addmod, uint256 mulmod, ecadd, and ecmul does not follow source order. This behavior is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. For uint256 addmod(a,b,c) and uint256 mulmod(a,b,c), the order is c,a,b. For ecadd(a,b) and ecmul(a,b), the order is b,a.

Recommendations As a temporary workaround, consider ensuring that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects when using builtins from the list above. At the moment, there is no information about a newer version that contains a fix for this vulnerability.