Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vyper SHA3 code generation bug
Vulnerability Description
Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Vulnerability Title
Vyper 加密问题漏洞
Vulnerability Description
Vyper是EVM 的 Pythonic 智能合约语言。 Vyper 0.3.10版本及之前版本存在加密问题漏洞,该漏洞源于“height”变量计算错误。
CVSS Information
N/A
Vulnerability Type
N/A