GHSA-xchq-w5r3-4wg3

Suggest an improvement
Source
https://github.com/advisories/GHSA-xchq-w5r3-4wg3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-xchq-w5r3-4wg3/GHSA-xchq-w5r3-4wg3.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-xchq-w5r3-4wg3
Aliases
  • CVE-2024-32645
Published
2024-04-25T19:53:10Z
Modified
2024-06-26T05:28:04.497987Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
vyper performs incorrect topic logging in raw_log
Details

Summary

Incorrect values can be logged when raw_log builtin is called with memory or storage arguments to be used as topics.

A contract search was performed and no vulnerable contracts were found in production. In particular, no uses of raw_log() were found at all in production; it is apparently not a well-known function.

Details

The build_IR function of the RawLog class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics.

PoC

x: bytes32

@external
def f():
    self.x = 0x1234567890123456789012345678901234567890123456789012345678901234
    raw_log([self.x], b"") # LOG1(offset:0x60, size:0x00, topic1:0x00)

    y: bytes32 = 0x1234567890123456789012345678901234567890123456789012345678901234
    raw_log([y], b"") # LOG1(offset:0x80, size:0x00, topic1:0x40)

Patches

Fixed in https://github.com/vyperlang/vyper/pull/3977.

Impact

Incorrect values can be logged which may result in unexpected behavior in client-side applications relying on these logs.

Database specific
{
    "nvd_published_at": "2024-04-25T18:15:08Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T19:53:10Z"
}
References

Affected packages

PyPI / vyper

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.0

Affected versions

0.*

0.1.0b1
0.1.0b2
0.1.0b3
0.1.0b4
0.1.0b5
0.1.0b6
0.1.0b7
0.1.0b8
0.1.0b9
0.1.0b10
0.1.0b11
0.1.0b12
0.1.0b13
0.1.0b14
0.1.0b15
0.1.0b16
0.1.0b17
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.2.10
0.2.11
0.2.12
0.2.13
0.2.14
0.2.15
0.2.16
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.3.10rc1
0.3.10rc2
0.3.10rc3
0.3.10rc4
0.3.10rc5
0.3.10
0.4.0b1
0.4.0b2
0.4.0b3
0.4.0b4
0.4.0b5
0.4.0b6
0.4.0rc1
0.4.0rc2
0.4.0rc3
0.4.0rc4
0.4.0rc5
0.4.0rc6