Launch Week Day 1: Announcing Security Design Review
Start for Free
HIGH 7.5 PyPI

Incorrect Comparison in Vyper

GHSA-7vrm-3jc8-5wwm · CVE-2022-24787 · PYSEC-2022-196

Published · Modified

Description

Impact

bytestrings can have dirty bytes in them, resulting in the word-for-word comparison to give incorrect results, e.g.

b1: Bytes[32] = b"abcdef"
b1 = slice(b1, 0, 1)
b2: Bytes[32] = b"abcdef"
t: bool = b1 == b2  # incorrectly evaluates to True

even without dirty nonzero bytes, because there is no comparison of the length, two bytestrings can compare to equal if one ends with "\x00".

b1: Bytes[32] = b"abc\0"
b2: Bytes[32] = b"abc"
t: bool = b1 == b2  # incorrectly evaluates to True

Patches

fixed in https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes