Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect Comparison in Vyper
Vulnerability Description
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
不充分的比较
Vulnerability Title
Vyper 安全漏洞
Vulnerability Description
Vyper是EVM 的 Pythonic 智能合约语言。 Vyper存在安全漏洞,该漏洞源于在版本0.3.1和之前的版本中,字节测试环中可能有脏字节,导致逐字比较给出错误的结果。即使没有脏的非零字节,如果一个字节以“x00”结尾,两个字节测试环也可以比较为相等,因为没有长度的比较。有一个补丁可用,预计将成为0.3.2版本的一部分。目前还没有已知的解决办法。
CVSS Information
N/A
Vulnerability Type
N/A