Опубликовано: 06 окт. 2021
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 4.3
Описание
missing clamps for decimal args in external functions
Impact
The following code does not properly validate that its input is in bounds.
@external
def foo(x: decimal) -> decimal:
return x
Patches
0.3.0 / #2447
Workarounds
Don't use decimal args
Пакеты
Наименование
vyper
pip
Затронутые версииВерсия исправления
< 0.3.0
0.3.0
Связанные уязвимости
CVSS3: 4.3
nvd
больше 4 лет назад
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.