Unrated severityNVD Advisory· Published Apr 4, 2022· Updated Apr 23, 2025
Incorrect Comparison in Vyper
CVE-2022-24787
Description
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with "\x00" because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508mitrex_refsource_MISC
- github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwmmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.