OpenCVE

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vyperlang	Vyper

Configuration 1 [-]

cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call
https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164
https://github.com/lidofinance/gate-seals/pull/5/files
https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae
https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-04-24T21:58:00.227Z

Updated: 2024-08-02T14:28:52.121Z

Reserved: 2023-04-13T13:25:18.834Z

Link: CVE-2023-30629

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-04-24T22:15:10.030

Modified: 2023-08-02T16:22:18.663

Link: CVE-2023-30629

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-30629", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-04-13T13:25:18.834Z", "datePublished": "2023-04-24T21:58:00.227Z", "dateUpdated": "2024-08-02T14:28:52.121Z"}, "containers": {"cna": {"title": "Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value", "problemTypes": [{"descriptions": [{"cweId": "CWE-670", "lang": "en", "description": "CWE-670: Always-Incorrect Control Flow Implementation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9"}, {"name": "https://github.com/lidofinance/gate-seals/pull/5/files", "tags": ["x_refsource_MISC"], "url": "https://github.com/lidofinance/gate-seals/pull/5/files"}, {"name": "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae", "tags": ["x_refsource_MISC"], "url": "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae"}, {"name": "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call", "tags": ["x_refsource_MISC"], "url": "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call"}, {"name": "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164", "tags": ["x_refsource_MISC"], "url": "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164"}], "affected": [{"vendor": "vyperlang", "product": "vyper", "versions": [{"version": ">= 0.3.1, <= 0.3.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-24T21:58:00.227Z"}, "descriptions": [{"lang": "en", "value": "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`."}], "source": {"advisory": "GHSA-w9g2-3w7p-72g9", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:28:52.121Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9"}, {"name": "https://github.com/lidofinance/gate-seals/pull/5/files", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/lidofinance/gate-seals/pull/5/files"}, {"name": "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae"}, {"name": "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call"}, {"name": "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA2EC8D5-7723-4112-B674-AB70975FDEEA", "versionEndExcluding": "0.3.8", "versionStartIncluding": "0.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`."}], "id": "CVE-2023-30629", "lastModified": "2023-08-02T16:22:18.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-04-24T22:15:10.030", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/lidofinance/gate-seals/pull/5/files"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-670"}], "source": "security-advisories@github.com", "type": "Primary"}]}