CVE-2022-29255
Published: 09 June 2022
Summary
CVE-2022-29255 is a high-severity Always-Incorrect Control Flow Implementation (CWE-670) vulnerability in Vyperlang Vyper. Its CVSS base score is 8.2 (High).
Operationally, ranked in the top 46.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-0356
Vulnerability details
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result…
more
in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.