Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-30T20:17:53.955Z

Updated: 2024-08-01T23:19:52.828Z

Reserved: 2024-01-25T15:09:40.210Z

Link: CVE-2024-24567

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-30T21:15:08.607

Modified: 2024-11-21T08:59:26.220

Link: CVE-2024-24567

cve-icon Redhat

No data.