Vyper is currently in limited beta. This means that we only support the latest release and that you may encounter issues using it. It is un-audited software, use with caution.
If you have questions or concerns, please contact us on gitter:
Vyper has not been audited yet. When an audit is complete, we will list all previous reports here.
Please read prior audit reports for projects that use Vyper here:
| Project | Version | Report Link |
|---|---|---|
| Uniswap | 35038d2 | https://medium.com/consensys-diligence/uniswap-audit-b90335ac007 |
The following is a list of all publicly disclosed vulnerabilities and exposures. Best Practices dictate that when we are first made aware of a potential vulnerability, we take the precaution of assessing it's potential impact to deployed projects first. When we are confident that a disclosure will not impact known projects that use Vyper, we will add an entry to this table for posterity and reference by others.
| VVE | Description | Introduced | Fixed | Report Link |
|---|---|---|---|---|
| VVE-2019-0001 | Stack Exhaustion via Private Calls w/ Arrays | v0.1.0-beta.4 | v0.1.0-beta.10 | vyperlang#1418 (comment) |
If you think you have found a security vulnerability with a project that has used Vyper, please report the vulnerability to the relevant project's security disclosure program prior to reporting to us. If one is not available, please email your vulnerability to security@ethereum.org
Please Do Not Log An Issue mentioning the vulnerability.
If you have contacted the relevant project, or you have found something that you do not think affects a particular project, please also email your vulnerability to security@ethereum.org. One of the staff security professionals will get back to you as soon as possible letting you know what will happen next. You may even quality for the bounty program.