| |
Vulnerability CVE-2024-24564
Published: 2024-02-26
| Description: |
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions. |
References: |
https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
