What is CVE-2023-30629?

CVE-2023-30629 is a high-severity vulnerability in Vyperlang Vyper, classified under Always-Incorrect Control Flow Implementation. CVSS score: 7.5/10. Published 2023-04-24.

How severe is CVE-2023-30629?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Vyperlang Vyper

CVE-2023-30629

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_o…

EPSS: 0.003 (56.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Vyperlang Vyper — versions >= 0.3.1, <= 0.3.7

Weakness classification (CWE)

CWE-670 — Always-Incorrect Control Flow Implementation

References

https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9 (x_refsource_CONFIRM)
https://github.com/lidofinance/gate-seals/pull/5/files (x_refsource_MISC)
https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae (x_refsource_MISC)
https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call (x_refsource_MISC)
https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-30629?: CVE-2023-30629 is a high-severity vulnerability in Vyperlang Vyper, classified under Always-Incorrect Control Flow Implementation. CVSS score: 7.5/10. Published 2023-04-24.
How severe is CVE-2023-30629?: High severity. CVSS v3 base score is 7.5 out of 10.