CVE-2024-32648

Name of the Vulnerable Software and Affected Versions Vyper versions prior to 0.3.0

Description The issue concerns the default () function not respecting the @nonreentrancy decorator, and the lock not being emitted. This is a known bug with low impact, as using a lock on a default function is a sparsely used pattern. No vulnerable production contracts were found.

Recommendations For versions prior to 0.3.0, update to version 0.3.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the @nonreentrancy decorator on default () functions until a patch is applied.