Home > Vulnerability Database > CVE-2023-30629

Mend.io Vulnerability Database

CVE-2023-30629

Good to know:

Date: April 24, 2023

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.

Language: Python

Severity Score

7.5

Related Resources (7)

Url: https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call

Url: https://github.com/lidofinance/gate-seals/pull/5/files

Url: https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae

Url: https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-30629

Url: https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9

Url: https://www.mend.io/vulnerability-database/CVE-2023-30629

Severity Score

7.5

Weakness Type (CWE)

Always-Incorrect Control Flow Implementation

CWE-670

Top Fix

Upgrade Version

Upgrade to version vyper - 0.3.8

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-30629

Good to know:

Date: April 24, 2023

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?