CVE-2021-41122
MEDIUMvyperlang/vyper < 0.3.0 - Incorrect Calculation in External Function Decimal Argument Validation
Title source: llmDescription
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46
Third Party Advisory x_refsource_misc
https://github.com/vyperlang/vyper/pull/2447
Scores
CVSS v3
4.3
EPSS
0.0078
EPSS Percentile
50.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-682
Status
published
Products (2)
pypi/vyper
0 - 0.3.0PyPI
vyperlang/vyper
< 0.3.0
Published
Oct 05, 2021
Tracked Since
Feb 18, 2026