CVE-2022-24845: Integer Overflow or Wraparound
(updated )
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of <iface>.returns_int128()
is not validated to fall within the bounds of int128
. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, <iface>.returns_int128()
is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.
References
Detect and mitigate CVE-2022-24845 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →