https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42460
Source: CVEAnnouncements
Source Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42460
Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42460 Source: CVEAnnouncements Source Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42460
|
|
© Copyright 2012 through 2024 - National Cyber War Foundation - All rights reserved worldwide.