Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2023-42441

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant("") or @nonreentrant('') do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.

Published: Sep 18, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-42441
GHSA: GHSA-3hg2-r75x-g69m
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-667
CWE-833

Affected Software
References

Software	From	Fixed in
vyper	0.2.9	0.3.10
vyperlang / vyper	0.2.9	0.3.10

https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83
https://github.com/vyperlang/vyper/pull/3605
https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo