GHSA-3hg2-r75x-g69m

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-3hg2-r75x-g69m/GHSA-3hg2-r75x-g69m.json
Aliases
  • CVE-2023-42441
Published
2023-09-18T19:20:55Z
Modified
2023-09-22T19:01:04.478380Z
Details

Impact

Locks of the type @nonreentrant("") or @nonreentrant('') do not produce reentrancy checks at runtime.

@nonreentrant("") # unprotected
@external
def bar():
    pass

@nonreentrant("lock") # protected
@external
def foo():
    pass

Patches

Patched in #3605

Workarounds

The lock name should be a non-empty string.

References

Are there any links users can visit to find out more?

References

Affected packages

PyPI / vyper

Source Details

Package Name
vyper

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.2.9
Fixed
0.3.10

Affected versions

0.*

0.2.9
0.2.10
0.2.11
0.2.12
0.2.13
0.2.14
0.2.15
0.2.16
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.3.10rc1
0.3.10rc2
0.3.10rc3

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}