Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-01-30T20:17:53.955Z
Updated: 2024-08-01T23:19:52.828Z
Reserved: 2024-01-25T15:09:40.210Z
Link: CVE-2024-24567
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-30T21:15:08.607
Modified: 2024-11-21T08:59:26.220
Link: CVE-2024-24567
Redhat
No data.