CVE-2024-24561

Name of the Vulnerable Software and Affected Versions Vyper versions 0.3.10 and earlier

Description The bounds check for slices in Vyper does not account for the ability for start + length to overflow when the values aren't literals. This issue can be used to do out-of-bounds (OOB) access to storage, memory, or calldata addresses. It can also be used to corrupt the length slot of the respective array. A contract search was performed, and no vulnerable contracts were found in production.

Recommendations For versions 0.3.10 and earlier, update to a version that includes the fix for this issue, as patched in https://github.com/vyperlang/vyper/pull/3818. As a temporary workaround, consider restricting the use of the slice() function with non-literal arguments for the start or length variable until a patch is available. Avoid using the slice() function with user-inputted values for start or length to minimize the risk of exploitation.