CVE-2024-32648 Information

Description

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Prior to version 0.3.0 default functions don’t respect nonreentrancy keys and the lock isn’t emitted. No vulnerable production contracts were found. Additionally using a lock on a default function is a very sparsely used pattern. As such the impact is low. Version 0.3.0 contains a patch for the issue.

Reference

https://github.com/vyperlang/vyper/security/advisories/GHSA-m2v9-w374-5hj9 https://github.com/vyperlang/vyper/issues/2455 https://github.com/vyperlang/vyper/commit/93287e5ac184b53b395c907d40701f721daf8177