CVE-2024-24567

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 30, 2024

Updated: Feb 6, 2024

CWE ID 754

Summary

CVE-2024-24567 is a vulnerability affecting Vyper, a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In versions 0.3.10 and earlier, the Vyper compiler allows developers to pass a value in the built-in raw_call even for delegatecall and staticcall. However, the handling of values is not supported for these opcodes, and Vyper will silently ignore the value argument. Uninformed developers might mistakenly believe that the specified value will be sent to the target contract, leading to potential security risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Vyperlang Vyper

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uR6yvr
https://www.cve.org/CVERecord?id=CVE-2024-24567
https://nvd.nist.gov/vuln/detail/CVE-2024-24567

Back to Vulnerability Database

CVE-2024-24567

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations