CVE-2024-32645 – vyper

Package

Manager: pip
Name: vyper
Vulnerable Version: >=0 <0.4.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00769 pctl0.72603

Details

vyper performs incorrect topic logging in raw_log ### Summary Incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. In particular, no uses of `raw_log()` were found at all in production; it is apparently not a well-known function. ### Details The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. ### PoC ```vyper x: bytes32 @external def f(): self.x = 0x1234567890123456789012345678901234567890123456789012345678901234 raw_log([self.x], b"") # LOG1(offset:0x60, size:0x00, topic1:0x00) y: bytes32 = 0x1234567890123456789012345678901234567890123456789012345678901234 raw_log([y], b"") # LOG1(offset:0x80, size:0x00, topic1:0x40) ``` ### Patches Fixed in https://github.com/vyperlang/vyper/pull/3977. ### Impact Incorrect values can be logged which may result in unexpected behavior in client-side applications relying on these logs.

Metadata

Created: 2024-04-25T19:53:10Z
Modified: 2025-01-21T17:54:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-xchq-w5r3-4wg3/GHSA-xchq-w5r3-4wg3.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-xchq-w5r3-4wg3
Finding: F184
Auto approve: 1