logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-32059

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-32059

Description:
Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.
Last updated date:
08/02/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
05/23/2023
Reference url to background

https://github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39g

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy