{"id":"PYSEC-2024-147","details":"Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.","aliases":["CVE-2024-24559","GHSA-6845-xw22-ffxv"],"modified":"2024-11-21T14:59:40.535766Z","published":"2024-02-05T21:15:00Z","references":[{"type":"ADVISORY","url":"https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv"},{"type":"WEB","url":"https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586"}],"affected":[{"package":{"name":"vyper","ecosystem":"PyPI","purl":"pkg:pypi/vyper"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.0b1"}]}],"versions":["0.1.0b1","0.1.0b10","0.1.0b11","0.1.0b12","0.1.0b13","0.1.0b14","0.1.0b15","0.1.0b16","0.1.0b17","0.1.0b2","0.1.0b3","0.1.0b4","0.1.0b5","0.1.0b6","0.1.0b7","0.1.0b8","0.1.0b9","0.2.1","0.2.10","0.2.11","0.2.12","0.2.13","0.2.14","0.2.15","0.2.16","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.2.9","0.3.0","0.3.1","0.3.10","0.3.10rc1","0.3.10rc2","0.3.10rc3","0.3.10rc4","0.3.10rc5","0.3.2","0.3.3","0.3.4","0.3.5","0.3.6","0.3.7","0.3.8","0.3.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/vyper/PYSEC-2024-147.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}