CVE-2025-26622

Low CVSS: 2.3

vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed and a fix is expected in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.

Vendor

Vyperlang

Product

Vyper

CWE

CWE-682

Yayın Tarihi

2025-02-21 22:15:13

Güncelleme

2025-03-28 20:06:00

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-682 Vyper LOW Vyperlang 2025

Referanslar

https://github.com/vyperlang/vyper/pull/4486 https://github.com/vyperlang/vyper/security/advisories/GHSA-2p94-8669-xg86

Benzer Kayıtlar

Low

CVE-2025-27104

vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the i…

Low

CVE-2025-27105

vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target…

Low

CVE-2025-21607

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) an…