References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Known Affected Software Configurations Switch to CPE 2.2

Change History

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

NIST CWE-835

OR
     *cpe:2.3:a:matter-labs:zkvyper:*:*:*:*:*:*:*:* versions from (including) 1.3.12 up to (excluding) 1.5.3

https://github.com/matter-labs/era-compiler-vyper/security/advisories/GHSA-8j77-7rrv-6pxx No Types Assigned

https://github.com/matter-labs/era-compiler-vyper/security/advisories/GHSA-8j77-7rrv-6pxx Exploit, Third Party Advisory

zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition. It leads to a loss of funds or other unwanted behavior if the loop body contains it. However, more real-life use cases like iterating over an array are not affected. No contracts were affected by this issue, which was fixed in version 1.5.3. Upgrading and redeploying affected contracts is the only

GitHub, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

GitHub, Inc. CWE-835

GitHub, Inc. https://github.com/matter-labs/era-compiler-vyper/security/advisories/GHSA-8j77-7rrv-6pxx [No types assigned]