漏洞标题
Vyper:某些操作中副作用的顺序反转
漏洞描述信息
Vyper:某些操作的副作用顺序反转
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
漏洞类别
跨界内存写
漏洞标题
Vyper: reversed order of side effects for some operations
漏洞描述信息
Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
漏洞类别
控制流实现总是不正确
漏洞标题
Vyper 安全漏洞
漏洞描述信息
Vyper是EVM 的 Pythonic 智能合约语言。 Vyper 0.3.9版本及之前版本存在安全漏洞,该漏洞源于编译器从右到左而不是从左到右计算参数。
CVSS信息
N/A
漏洞类别
其他