Vulnerabilities > CVE-2024-24567 - Improper Check for Unusual or Exceptional Conditions vulnerability in Vyperlang Vyper 0.1.0

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

vyperlang

CWE-754

NVD

Published: 2024-01-30

Updated: 2024-02-06

Summary

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions.

Vulnerable Configurations

Part	Description	Count
Application	Vyperlang Vyperlang Vyper 0.1.0	1

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References