_abi_decode input not validated in complex expressions in Vyper
Description
Vyper is a Pythonic Smart Contract Language for the EVM. The _abi_decode() function does not validate input when it is nested in an expression. Uses of _abi_decode() can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release 0.3.10. Users are advised to reference pull request #3626.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Vyper's _abi_decode() function fails to validate input when nested in expressions, allowing bounds checking bypass and incorrect results.
Vulnerability
Overview
The _abi_decode() function in Vyper, a Pythonic smart contract language for the EVM, fails to validate input when it is nested within an expression [1]. The root cause is that _abi_decode() tags its output with encoding=Encoding.ABI, but validation (bounds checking) only occurs when that output is passed to make_setter (e.g., during assignment or return). When _abi_decode() is used inside another expression, such as convert(), the validation is bypassed [4].
Exploitation
An attacker can exploit this by crafting input that exceeds the expected type bounds. For example, a contract that decodes a uint256 as a uint8 using _abi_decode() inside a convert() call will not trigger bounds checking, allowing the attacker to supply a value like 256 and have it returned as 256 instead of being truncated or rejected [4]. No special privileges are required; the attacker only needs to call the affected function with maliciously crafted calldata.
Impact
Successful exploitation leads to incorrect decoding results, which can corrupt contract state or logic. This could enable attacks such as integer overflows, unauthorized access, or financial loss, depending on how the decoded value is used.
Mitigation
As of the publication date, no fix has been released. The Vyper team expects a fix in version 0.3.10 and has provided a pull request (#3626) that addresses the issue by calling make_setter within _abi_decode() to enforce validation [4]. Users are advised to review the PR and consider avoiding nested _abi_decode() usage until the patch is available.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vyperPyPI | >= 0.3.4, < 0.3.10 | 0.3.10 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-cx2q-hfxr-rj97ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-42460ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2023-191.yamlghsaWEB
- github.com/vyperlang/vyper/pull/3626ghsax_refsource_MISCWEB
- github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.