Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vyper incorrectly allocated named re-entrancy locks
Vulnerability Description
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Vyper 安全漏洞
Vulnerability Description
Vyper是EVM 的 Pythonic 智能合约语言。 Vyper 存在安全漏洞,该漏洞源于存在命名重入锁分配不当问题。受影响的产品和版本:Vyper 0.2.15版本,0.2.16版本,0.3.0版本。
CVSS Information
N/A
Vulnerability Type
N/A