-
Total Prize Pool: $150,000(+) USDC
- HM: 95%
- L: 5%
-
Starts: September 14, 2023
-
Ends: November 4th, 2023
-
nSLOC: ~14,644
The donation address for prizes is:
eth:0x18996AdDe10E9AC12e47e5D6a0F486793fad2c15(vyper-contest.eth)- Any EVM Chain:
0xf71d2231bc1309db6419F82afD8157ea858ADd8C
- The codegen and optimizer sections are critical because it creates/modifies the output EVM code, so if you're looking for Highs, that's likely where you'll find them.
- Access control - handing the user unintended powers - is a focus of potential attack
- It's likely that if the compiler produces EVM opcodes/bytecode that is not correct, it could be considered a H/M even if it's not apparent. So please submit your lows.
We will be working closely with the Vyper Security Alliance on submissions.
Due to the sensitivity of the contest, judging for this contest will be private, and conducted by the Cyfrin team, VSA (Vyper Security Alliance), and the contest will likely involve additional external participants.
This is our first contest that will include a paid "Invited Hawk". We are excited to welcome obront.eth to this contest! He will be paid an additional flat fee from outside the prize pool.
- Everything in ./vyper (~15,000 nSLOC)
- Vyper Commit Hash:
3b310d5- Aka the 0.3.10rc3
- All the code for this commit is also located in this repo
- Anything outside
./vyperfolder - Any issue in the repo labeled "bug" is a known bug, and any issue merged or closed from past versions of vyper is a known bug, and does not qualify.
- EVM version related bugs. For example, the following finding would not qualify:
Vyper 0.3.9 defaults to shanghai which adds the PUSH0 opcode and which is not yet supported on many chains like Optimism. This can lead to dangerous creation and runtime failures.
You can see the list of known issues here.
| Lido | Yearn | Curve |
|---|---|---|
|
|
|
| Cyfrin | UnoRe | |
|
|
Vyper compiler security audit competition starts 14th September with $150k worth of bounties. See the competition on CodeHawks and find more details in this blog post.
See Installing Vyper to install vyper. See Tools and Resources for an additional list of framework and tools with vyper support. See Documentation for the documentation and overall design goals of the Vyper language.
See Learn.Vyperlang.org for learning Vyper by building a Pokémon game. See try.vyperlang.org to use Vyper in a hosted jupyter environment!
Note: Vyper is beta software, use with care
See the Vyper documentation for build instructions.
To compile a contract, use:
vyper your_file_name.vygenerate bytecode
vyper -f bytecode file-name.vy > file-name.bin
generate abi
vyper -f abi file-name.vy > file-name.abi
There is also an online compiler available you can use to experiment with
the language and compile to bytecode and/or IR.
Note: While the vyper version of the online compiler is updated on a regular basis it might be a bit behind the latest version found in the master branch of this repository.
(Complete installation steps first.)
make dev-init
python setup.py test- See Issues tab, and feel free to submit your own issues
- Add PRs if you discover a solution to an existing issue
- For further discussions and questions, post in Discussions or talk to us on Discord
- For more information, see Contributing