Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vyper bounds check on built-in `slice()` function can be overflowed
Vulnerability Description
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Vulnerability Title
Vyper 缓冲区错误漏洞
Vulnerability Description
Vyper是EVM 的 Pythonic 智能合约语言。 Vyper 0.3.10及之前版本存在缓冲区错误漏洞,该漏洞源于slice() 函数的边界检查可能会溢出,攻击者利用该漏洞可以对存储、内存或调用数据地址进行 OOB 访问,还可破坏相应数组的长度槽。
CVSS Information
N/A
Vulnerability Type
N/A