CVE-2021-41122 MEDIUM

CVE-2021-41122: Bounds check missing for decimal args in Vyper

Vendor Vyperlang
Product vyper
Weakness CWE-682
Published October 5, 2021
Last update August 4, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.

Key dates

02Disclosure timeline

October 5, 2021 CVE published
August 4, 2024 Record updated