Vyper - Compiler
Vyper
Updates
160,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Wrong denominations included in reserved keywords

obront

Summary

The list of denominations for units of ETH included in the reserved keywords list is different from the list of accepted denominations when converting between units. This leads to some reserved keywords that should not be, and some non-reserved keywords that should be.

Vulnerability Details

The list of reserved keywords for denominations is as follows:

"ether",
"wei",
"finney",
"szabo",
"shannon",
"lovelace",
"ada",
"babbage",
"gwei",
"kwei",
"mwei",
"twei",
"pwei",

The list of denominations accepted when converting between values is:

wei_denoms = {
("wei",): 1,
("femtoether", "kwei", "babbage"): 10**3,
("picoether", "mwei", "lovelace"): 10**6,
("nanoether", "gwei", "shannon"): 10**9,
("microether", "szabo"): 10**12,
("milliether", "finney"): 10**15,
("ether",): 10**18,
("kether", "grand"): 10**21,
}

Comparing the two lists:

  • The following are reserved but should not be: ada, twei, pwei

  • The following are not reserved but should be: milliether, microether, nanoether, picoether, femtoether, grand, kether

Impact

Some denominations that should be reserved are not, while others that should not be reserved are.

Tools Used

Manual Review

Recommendations

Line up the two lists so that the reserved keywords reflects the denominations that are used for conversions.

Updates

Lead Judging Commences

patrickalphac Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Wrong denominations included in reserved keywords

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.