raw_call `value=` kwargs not disabled for static and delegate calls

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

对因果或异常条件的不恰当检查

Vyper 代码问题漏洞

Vyper是EVM 的 Pythonic 智能合约语言。 Vyper 0.3.10版本及之前版本存在代码问题漏洞，该漏洞源于未禁用静态和委托调用。

N/A

N/A