cve/2024/CVE-2024-24564.md

CVE-2024-24564

Description

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32(b, start), if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This vulnerability affects 0.3.10 and earlier versions.

POC

Reference

• https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx

Github

No PoCs found on GitHub currently.