Workflow

PyPi: Vyper

CVE-2024-24564

Safety vulnerability ID: 71710

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 26, 2024 Updated at Oct 15, 2024
Scan your Python projects for vulnerabilities →

Advisory

In affected versions of Vyper, when using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`.

Affected package

vyper

Latest version: 0.4.0

Vyper: the Pythonic Programming Language for the EVM

Affected versions

Fixed versions

Vulnerability changelog

v0.4.0 represents a major overhaul to the Vyper language. Notably, it overhauls the import system and adds support for code reuse. It also adds a new, experimental backend to Vyper which lays the foundation for improved analysis, optimization and integration with third party tools.

Breaking Changes

- feat[tool]!: make cancun the default evm version ([4029](https://github.com/vyperlang/vyper/pull/4029))
- feat[lang]: remove named reentrancy locks ([3769](https://github.com/vyperlang/vyper/pull/3769))
- feat[lang]!: change the signature of `block.prevrandao` ([3879](https://github.com/vyperlang/vyper/pull/3879))
- feat[lang]!: change ABI type of `decimal` to `int168` ([3696](https://github.com/vyperlang/vyper/pull/3696))
- feat[lang]: rename `_abi_encode` and `_abi_decode` ([4097](https://github.com/vyperlang/vyper/pull/4097))
- feat[lang]!: add feature flag for decimals ([3930](https://github.com/vyperlang/vyper/pull/3930))
- feat[lang]!: make internal decorator optional ([4040](https://github.com/vyperlang/vyper/pull/4040))
- feat[lang]: protect external calls with keyword ([2938](https://github.com/vyperlang/vyper/pull/2938))
- introduce floordiv, ban regular div for integers ([2937](https://github.com/vyperlang/vyper/pull/2937))
- feat[lang]: use keyword arguments for struct instantiation ([3777](https://github.com/vyperlang/vyper/pull/3777))
- feat: require type annotations for loop variables ([3596](https://github.com/vyperlang/vyper/pull/3596))
- feat: replace `enum` with `flag` keyword ([3697](https://github.com/vyperlang/vyper/pull/3697))
- feat: remove builtin constants ([3350](https://github.com/vyperlang/vyper/pull/3350))
- feat: drop istanbul and berlin support ([3843](https://github.com/vyperlang/vyper/pull/3843))
- feat: allow range with two arguments and bound ([3679](https://github.com/vyperlang/vyper/pull/3679))
- fix[codegen]: range bound check for signed integers ([3814](https://github.com/vyperlang/vyper/pull/3814))
- feat: default code offset = 3 ([3454](https://github.com/vyperlang/vyper/pull/3454))
- feat: rename `vyper.interfaces` to `ethereum.ercs` ([3741](https://github.com/vyperlang/vyper/pull/3741))
- chore: add prefix to ERC interfaces ([3804](https://github.com/vyperlang/vyper/pull/3804))
- chore[ux]: compute natspec as part of standard pipeline ([3946](https://github.com/vyperlang/vyper/pull/3946))
- feat: deprecate `vyper-serve` ([3666](https://github.com/vyperlang/vyper/pull/3666))

Module system

- refactor: internal handling of imports ([3655](https://github.com/vyperlang/vyper/pull/3655))
- feat: implement "stateless" modules ([3663](https://github.com/vyperlang/vyper/pull/3663))
- feat[lang]: export interfaces ([3919](https://github.com/vyperlang/vyper/pull/3919))
- feat[lang]: singleton modules with ownership hierarchy ([3729](https://github.com/vyperlang/vyper/pull/3729))
- feat[lang]: implement function exports ([3786](https://github.com/vyperlang/vyper/pull/3786))
- feat[lang]: auto-export events in ABI ([3808](https://github.com/vyperlang/vyper/pull/3808))
- fix: allow using interface defs from imported modules ([3725](https://github.com/vyperlang/vyper/pull/3725))
- feat: add support for constants in imported modules ([3726](https://github.com/vyperlang/vyper/pull/3726))
- fix[lang]: prevent modules as storage variables ([4088](https://github.com/vyperlang/vyper/pull/4088))
- fix[ux]: improve initializer hint for unimported modules ([4145](https://github.com/vyperlang/vyper/pull/4145))
- feat: add python `sys.path` to vyper path ([3763](https://github.com/vyperlang/vyper/pull/3763))
- feat[ux]: improve error message for importing ERC20 ([3816](https://github.com/vyperlang/vyper/pull/3816))
- fix[lang]: fix importing of flag types ([3871](https://github.com/vyperlang/vyper/pull/3871))
- feat: search path resolution for cli ([3694](https://github.com/vyperlang/vyper/pull/3694))
- fix[lang]: transitive exports ([3888](https://github.com/vyperlang/vyper/pull/3888))
- fix[ux]: error messages relating to initializer issues ([3831](https://github.com/vyperlang/vyper/pull/3831))
- fix[lang]: recursion in `uses` analysis for nonreentrant functions ([3971](https://github.com/vyperlang/vyper/pull/3971))
- fix[ux]: fix `uses` error message ([3926](https://github.com/vyperlang/vyper/pull/3926))
- fix[lang]: fix `uses` analysis for nonreentrant functions ([3927](https://github.com/vyperlang/vyper/pull/3927))
- fix[lang]: fix a hint in global initializer check ([4089](https://github.com/vyperlang/vyper/pull/4089))
- fix[lang]: builtin type comparisons ([3956](https://github.com/vyperlang/vyper/pull/3956))
- fix[tool]: fix `combined_json` output for CLI ([3901](https://github.com/vyperlang/vyper/pull/3901))
- fix[tool]: compile multiple files ([4053](https://github.com/vyperlang/vyper/pull/4053))
- refactor: reimplement AST folding ([3669](https://github.com/vyperlang/vyper/pull/3669))
- refactor: constant folding ([3719](https://github.com/vyperlang/vyper/pull/3719))
- fix[lang]: typecheck hashmap indexes with folding ([4007](https://github.com/vyperlang/vyper/pull/4007))
- fix[lang]: fix array index checks when the subscript is folded ([3924](https://github.com/vyperlang/vyper/pull/3924))
- fix[lang]: pure access analysis ([3895](https://github.com/vyperlang/vyper/pull/3895))

Venom

- feat: implement new IR for vyper (venom IR) ([3659](https://github.com/vyperlang/vyper/pull/3659))
- feat[ir]: add `make_ssa` pass to venom pipeline ([3825](https://github.com/vyperlang/vyper/pull/3825))
- feat[venom]: implement `mem2var` and `sccp` passes ([3941](https://github.com/vyperlang/vyper/pull/3941))
- feat[venom]: add store elimination pass ([4021](https://github.com/vyperlang/vyper/pull/4021))
- feat[venom]: add `extract_literals` pass ([4067](https://github.com/vyperlang/vyper/pull/4067))
- feat[venom]: optimize branching ([4049](https://github.com/vyperlang/vyper/pull/4049))
- feat[venom]: avoid last `swap` for commutative ops ([4048](https://github.com/vyperlang/vyper/pull/4048))
- feat[venom]: "pickaxe" stack scheduler optimization ([3951](https://github.com/vyperlang/vyper/pull/3951))
- feat[venom]: add algebraic optimization pass ([4054](https://github.com/vyperlang/vyper/pull/4054))
- feat: Implement target constrained venom jump instruction ([3687](https://github.com/vyperlang/vyper/pull/3687))
- feat: remove `deploy` instruction from venom ([3703](https://github.com/vyperlang/vyper/pull/3703))
- fix[venom]: liveness analysis in some loops ([3732](https://github.com/vyperlang/vyper/pull/3732))
- feat: add more venom instructions ([3733](https://github.com/vyperlang/vyper/pull/3733))
- refactor[venom]: use venom pass instances ([3908](https://github.com/vyperlang/vyper/pull/3908))
- refactor[venom]: refactor venom operand classes ([3915](https://github.com/vyperlang/vyper/pull/3915))
- refactor[venom]: introduce `IRContext` and `IRAnalysisCache` ([3983](https://github.com/vyperlang/vyper/pull/3983))
- feat: add utility functions to `OrderedSet` ([3833](https://github.com/vyperlang/vyper/pull/3833))
- feat[venom]: optimize `get_basic_block()` ([4002](https://github.com/vyperlang/vyper/pull/4002))
- fix[venom]: fix branch eliminator cases in sccp ([4003](https://github.com/vyperlang/vyper/pull/4003))
- fix[codegen]: same symbol jumpdest merge ([3982](https://github.com/vyperlang/vyper/pull/3982))
- fix[venom]: fix eval of `exp` in sccp ([4009](https://github.com/vyperlang/vyper/pull/4009))
- refactor[venom]: remove unused method in `make_ssa.py` ([4012](https://github.com/vyperlang/vyper/pull/4012))
- fix[venom]: fix return opcode handling in mem2var ([4011](https://github.com/vyperlang/vyper/pull/4011))
- fix[venom]: fix `cfg` output format ([4010](https://github.com/vyperlang/vyper/pull/4010))
- chore[venom]: fix output formatting of data segment in `IRContext` ([4016](https://github.com/vyperlang/vyper/pull/4016))
- feat[venom]: optimize mem2var and store/variable elimination pass sequences ([4032](https://github.com/vyperlang/vyper/pull/4032))
- fix[venom]: fix some sccp evaluations ([4028](https://github.com/vyperlang/vyper/pull/4028))
- fix[venom]: add `unique_symbols` check to venom pipeline ([4149](https://github.com/vyperlang/vyper/pull/4149))
- feat[venom]: remove redundant store elimination pass ([4036](https://github.com/vyperlang/vyper/pull/4036))
- fix[venom]: remove some dead code in `venom_to_assembly` ([4042](https://github.com/vyperlang/vyper/pull/4042))
- feat[venom]: improve unused variable removal pass ([4055](https://github.com/vyperlang/vyper/pull/4055))
- fix[venom]: remove liveness requests ([4058](https://github.com/vyperlang/vyper/pull/4058))
- fix[venom]: fix list of volatile instructions ([4065](https://github.com/vyperlang/vyper/pull/4065))
- fix[venom]: remove dominator tree invalidation for store elimination pass ([4069](https://github.com/vyperlang/vyper/pull/4069))
- fix[venom]: move loop invariant assertion to entry block ([4098](https://github.com/vyperlang/vyper/pull/4098))
- fix[venom]: clear `out_vars` during calculation ([4129](https://github.com/vyperlang/vyper/pull/4129))
- fix[venom]: alloca for default arguments ([4155](https://github.com/vyperlang/vyper/pull/4155))
- Refactor `ctx.add_instruction()` and friends ([3685](https://github.com/vyperlang/vyper/pull/3685))
- fix: type annotation of helper function ([3702](https://github.com/vyperlang/vyper/pull/3702))
- feat[ir]: emit `djump` in dense selector table ([3849](https://github.com/vyperlang/vyper/pull/3849))
- chore: move venom tests to `tests/unit/compiler` ([3684](https://github.com/vyperlang/vyper/pull/3684))

Other new features

- feat[lang]: add `blobhash()` builtin ([3962](https://github.com/vyperlang/vyper/pull/3962))
- feat[lang]: support `block.blobbasefee` ([3945](https://github.com/vyperlang/vyper/pull/3945))
- feat[lang]: add `revert_on_failure` kwarg for create builtins ([3844](https://github.com/vyperlang/vyper/pull/3844))
- feat[lang]: allow downcasting of bytestrings ([3832](https://github.com/vyperlang/vyper/pull/3832))

Docs

- chore[docs]: add docs for v0.4.0 features ([3947](https://github.com/vyperlang/vyper/pull/3947))
- chore[docs]: `implements` does not check event declarations ([4052](https://github.com/vyperlang/vyper/pull/4052))
- docs: adopt a new theme: `shibuya` ([3754](https://github.com/vyperlang/vyper/pull/3754))
- chore[docs]: add evaluation order warning for builtins ([4158](https://github.com/vyperlang/vyper/pull/4158))
- Update `FUNDING.yml` ([3636](https://github.com/vyperlang/vyper/pull/3636))
- docs: fix nit in v0.3.10 release notes ([3638](https://github.com/vyperlang/vyper/pull/3638))
- docs: add note on `pragma` parsing ([3640](https://github.com/vyperlang/vyper/pull/3640))
- docs: retire <securityvyperlang.org> ([3660](https://github.com/vyperlang/vyper/pull/3660))
- feat[docs]: add more detail to modules docs ([4087](https://github.com/vyperlang/vyper/pull/4087))
- docs: update resources section ([3656](https://github.com/vyperlang/vyper/pull/3656))
- docs: add script to help working on the compiler ([3674](https://github.com/vyperlang/vyper/pull/3674))
- docs: add warnings at the top of all example token contracts ([3676](https://github.com/vyperlang/vyper/pull/3676))
- docs: typo in `on_chain_market_maker.vy` ([3677](https://github.com/vyperlang/vyper/pull/3677))
- docs: clarify `address.codehash` for empty account ([3711](https://github.com/vyperlang/vyper/pull/3711))
- docs: indexed arguments for events are limited ([3715](https://github.com/vyperlang/vyper/pull/3715))
- docs: Fix typos ([3747](https://github.com/vyperlang/vyper/pull/3747))
- docs: Upgrade dependencies and fixes ([3745](https://github.com/vyperlang/vyper/pull/3745))
- docs: add missing cli flags ([3736](https://github.com/vyperlang/vyper/pull/3736))
- chore: fix formatting and docs for new struct instantiation syntax ([3792](https://github.com/vyperlang/vyper/pull/3792))
- docs: floordiv ([3797](https://github.com/vyperlang/vyper/pull/3797))
- docs: add missing `annotated_ast` flag ([3813](https://github.com/vyperlang/vyper/pull/3813))
- docs: update logo in readme, remove competition reference ([3837](https://github.com/vyperlang/vyper/pull/3837))
- docs: add rationale for floordiv rounding behavior ([3845](https://github.com/vyperlang/vyper/pull/3845))
- chore[docs]: amend `revert_on_failure` kwarg docs for create builtins ([3921](https://github.com/vyperlang/vyper/pull/3921))
- fix[docs]: fix clipped `endAuction` method in example section ([3969](https://github.com/vyperlang/vyper/pull/3969))
- refactor[docs]: refactor security policy ([3981](https://github.com/vyperlang/vyper/pull/3981))
- fix: edit link to style guide ([3658](https://github.com/vyperlang/vyper/pull/3658))
- Add Vyper online compiler tooling ([3680](https://github.com/vyperlang/vyper/pull/3680))
- chore: fix typos ([3749](https://github.com/vyperlang/vyper/pull/3749))

Bugfixes

- fix[codegen]: fix `raw_log()` when topics are non-literals ([3977](https://github.com/vyperlang/vyper/pull/3977))
- fix[codegen]: fix transient codegen for `slice` and `extract32` ([3874](https://github.com/vyperlang/vyper/pull/3874))
- fix[codegen]: bounds check for signed index accesses ([3817](https://github.com/vyperlang/vyper/pull/3817))
- fix: disallow `value=` passing for delegate and static `raw_call`s ([3755](https://github.com/vyperlang/vyper/pull/3755))
- fix[codegen]: fix double evals in sqrt, slice, blueprint ([3976](https://github.com/vyperlang/vyper/pull/3976))
- fix[codegen]: fix double eval in dynarray append/pop ([4030](https://github.com/vyperlang/vyper/pull/4030))
- fix[codegen]: fix double eval of start in range expr ([4033](https://github.com/vyperlang/vyper/pull/4033))
- fix[codegen]: overflow check in `slice()` ([3818](https://github.com/vyperlang/vyper/pull/3818))
- fix: concat buffer bug ([3738](https://github.com/vyperlang/vyper/pull/3738))
- fix[codegen]: fix `make_setter` overlap with internal calls ([4037](https://github.com/vyperlang/vyper/pull/4037))
- fix[codegen]: fix `make_setter` overlap in `dynarray_append` ([4059](https://github.com/vyperlang/vyper/pull/4059))
- fix[codegen]: `make_setter` overlap in the presence of `staticcall` ([4128](https://github.com/vyperlang/vyper/pull/4128))
- fix[codegen]: fix `_abi_decode` buffer overflow ([3925](https://github.com/vyperlang/vyper/pull/3925))
- fix[codegen]: zero-length dynarray `abi_decode` validation ([4060](https://github.com/vyperlang/vyper/pull/4060))
- fix[codegen]: recursive dynarray oob check ([4091](https://github.com/vyperlang/vyper/pull/4091))
- fix[codegen]: add back in `returndatasize` check ([4144](https://github.com/vyperlang/vyper/pull/4144))
- fix: block memory allocation overflow ([3639](https://github.com/vyperlang/vyper/pull/3639))
- fix[codegen]: panic on potential eval order issue for some builtins ([4157](https://github.com/vyperlang/vyper/pull/4157))
- fix[codegen]: panic on potential subscript eval order issue ([4159](https://github.com/vyperlang/vyper/pull/4159))
- add comptime check for uint2str input ([3671](https://github.com/vyperlang/vyper/pull/3671))
- fix: dead code analysis inside for loops ([3731](https://github.com/vyperlang/vyper/pull/3731))
- fix[ir]: fix a latent bug in `sha3_64` codegen ([4063](https://github.com/vyperlang/vyper/pull/4063))
- fix: `opcodes` and `opcodes_runtime` outputs ([3735](https://github.com/vyperlang/vyper/pull/3735))
- fix: bad assertion in expr.py ([3758](https://github.com/vyperlang/vyper/pull/3758))
- fix: iterator modification analysis ([3764](https://github.com/vyperlang/vyper/pull/3764))
- feat: allow constant interfaces ([3718](https://github.com/vyperlang/vyper/pull/3718))
- fix: assembly dead code eliminator ([3791](https://github.com/vyperlang/vyper/pull/3791))
- fix: prevent range over decimal ([3798](https://github.com/vyperlang/vyper/pull/3798))
- fix: mutability check for interface implements ([3805](https://github.com/vyperlang/vyper/pull/3805))
- fix[codegen]: fix non-memory reason strings ([3877](https://github.com/vyperlang/vyper/pull/3877))
- fix[ux]: fix compiler hang for large exponentiations ([3893](https://github.com/vyperlang/vyper/pull/3893))
- fix[lang]: allow type expressions inside pure functions ([3906](https://github.com/vyperlang/vyper/pull/3906))
- fix[ux]: raise `VersionException` with source info ([3920](https://github.com/vyperlang/vyper/pull/3920))
- fix[lang]: fix `pow` folding when args are not literals ([3949](https://github.com/vyperlang/vyper/pull/3949))
- fix[codegen]: fix some hardcoded references to `STORAGE` location ([4015](https://github.com/vyperlang/vyper/pull/4015))

Patched security advisories (GHSAs)

- Bounds check on built-in `slice()` function can be overflowed ([GHSA-9x7f-gwxq-6f2c](https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c))
- `concat` built-in can corrupt memory ([GHSA-2q8v-3gqq-4f8p](https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p))
- `raw_call` `value=` kwargs not disabled for static and delegate calls ([GHSA-x2c2-q32w-4w6m](https://github.com/vyperlang/vyper/security/advisories/GHSA-x2c2-q32w-4w6m))
- negative array index bounds checks ([GHSA-52xq-j7v9-v4v2](https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2))
- `range(start, start + N)` reverts for negative numbers ([GHSA-ppx5-q359-pvwj](https://github.com/vyperlang/vyper/security/advisories/GHSA-ppx5-q359-pvwj))
- incorrect topic logging in `raw_log` ([GHSA-xchq-w5r3-4wg3](https://github.com/vyperlang/vyper/security/advisories/GHSA-xchq-w5r3-4wg3))
- double eval of the `slice` start/length args in certain cases ([GHSA-r56x-j438-vw5m](https://github.com/vyperlang/vyper/security/advisories/GHSA-r56x-j438-vw5m))
- multiple eval of `sqrt()` built in argument ([GHSA-5jrj-52x8-m64h](https://github.com/vyperlang/vyper/security/advisories/GHSA-5jrj-52x8-m64h))
- double eval of `raw_args` in `create_from_blueprint` ([GHSA-3whq-64q2-qfj6](https://github.com/vyperlang/vyper/security/advisories/GHSA-3whq-64q2-qfj6))
- `sha3` codegen bug ([GHSA-6845-xw22-ffxv](https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv))
- `extract32` can read dirty memory ([GHSA-4hwq-4cpm-8vmx](https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx))
- `_abi_decode` Memory Overflow ([GHSA-9p8r-4xp4-gw5w](https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w))
- External calls can overflow return data to return input buffer ([GHSA-gp3w-2v2m-p686](https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686))

Tooling

- feat[tool]: archive format ([3891](https://github.com/vyperlang/vyper/pull/3891))
- feat[tool]: add source map for constructors ([4008](https://github.com/vyperlang/vyper/pull/4008))
- feat: add short options `-v` and `-O` to the CLI ([3695](https://github.com/vyperlang/vyper/pull/3695))
- feat: Add `bb` and `bb_runtime` output options ([3700](https://github.com/vyperlang/vyper/pull/3700))
- fix: remove hex-ir from format cli options list ([3657](https://github.com/vyperlang/vyper/pull/3657))
- fix: pickleability of `CompilerData` ([3803](https://github.com/vyperlang/vyper/pull/3803))
- feat[tool]: validate AST nodes early in the pipeline ([3809](https://github.com/vyperlang/vyper/pull/3809))
- feat[tool]: delay global constraint check ([3810](https://github.com/vyperlang/vyper/pull/3810))
- feat[tool]: export variable read/write access ([3790](https://github.com/vyperlang/vyper/pull/3790))
- feat[tool]: improvements to AST annotation ([3829](https://github.com/vyperlang/vyper/pull/3829))
- feat[tool]: add `node_id` map to source map ([3811](https://github.com/vyperlang/vyper/pull/3811))
- chore[tool]: add help text for `hex-ir` CLI flag ([3942](https://github.com/vyperlang/vyper/pull/3942))
- refactor[tool]: refactor storage layout export ([3789](https://github.com/vyperlang/vyper/pull/3789))
- fix[tool]: fix cross-compilation issues, add windows CI ([4014](https://github.com/vyperlang/vyper/pull/4014))
- fix[tool]: star option in `outputSelection` ([4094](https://github.com/vyperlang/vyper/pull/4094))

Performance

- perf: lazy eval of f-strings in IRnode ctor ([3602](https://github.com/vyperlang/vyper/pull/3602))
- perf: levenshtein optimization ([3780](https://github.com/vyperlang/vyper/pull/3780))
- feat: frontend optimizations ([3781](https://github.com/vyperlang/vyper/pull/3781))
- feat: optimize `VyperNode.deepcopy` ([3784](https://github.com/vyperlang/vyper/pull/3784))
- feat: more frontend optimizations ([3785](https://github.com/vyperlang/vyper/pull/3785))
- perf: reimplement `IRnode.__deepcopy__` ([3761](https://github.com/vyperlang/vyper/pull/3761))

Testing suite improvements

- refactor[test]: bypass `eth-tester` and interface with evm backend directly ([3846](https://github.com/vyperlang/vyper/pull/3846))
- feat: Refactor `assert_tx_failed` into a context ([3706](https://github.com/vyperlang/vyper/pull/3706))
- feat[test]: implement `abi_decode` spec test ([4095](https://github.com/vyperlang/vyper/pull/4095))
- feat[test]: add more coverage to `abi_decode` fuzzer tests ([4153](https://github.com/vyperlang/vyper/pull/4153))
- feat[ci]: enable cancun testing ([3861](https://github.com/vyperlang/vyper/pull/3861))
- fix: add missing test for memory allocation overflow ([3650](https://github.com/vyperlang/vyper/pull/3650))
- chore: fix test for `slice` ([3633](https://github.com/vyperlang/vyper/pull/3633))
- add `abi_types` unit tests ([3662](https://github.com/vyperlang/vyper/pull/3662))
- refactor: test directory structure ([3664](https://github.com/vyperlang/vyper/pull/3664))
- chore: test all output formats ([3683](https://github.com/vyperlang/vyper/pull/3683))
- chore: deduplicate test files ([3773](https://github.com/vyperlang/vyper/pull/3773))
- feat[test]: add more transient storage tests ([3883](https://github.com/vyperlang/vyper/pull/3883))
- chore[ci]: fix apt-get failure in era pipeline ([3821](https://github.com/vyperlang/vyper/pull/3821))
- chore[ci]: enable python3.12 tests ([3860](https://github.com/vyperlang/vyper/pull/3860))
- chore[ci]: refactor jobs to use gh actions ([3863](https://github.com/vyperlang/vyper/pull/3863))
- chore[ci]: use `--dist worksteal` from latest `xdist` ([3869](https://github.com/vyperlang/vyper/pull/3869))
- chore: run mypy as part of lint rule in Makefile ([3771](https://github.com/vyperlang/vyper/pull/3771))
- chore[test]: always specify the evm backend ([4006](https://github.com/vyperlang/vyper/pull/4006))
- chore: update lint dependencies ([3704](https://github.com/vyperlang/vyper/pull/3704))
- chore: add color to mypy output ([3793](https://github.com/vyperlang/vyper/pull/3793))
- chore: remove tox rules for lint commands ([3826](https://github.com/vyperlang/vyper/pull/3826))
- chore[ci]: roll back GH actions/artifacts version ([3838](https://github.com/vyperlang/vyper/pull/3838))
- chore: Upgrade GitHub action dependencies ([3807](https://github.com/vyperlang/vyper/pull/3807))
- chore[ci]: pin eth-abi for decode regression ([3834](https://github.com/vyperlang/vyper/pull/3834))
- fix[ci]: release artifacts ([3839](https://github.com/vyperlang/vyper/pull/3839))
- chore[ci]: merge mypy job into lint ([3840](https://github.com/vyperlang/vyper/pull/3840))
- test: parametrize CI over EVM versions ([3842](https://github.com/vyperlang/vyper/pull/3842))
- feat[ci]: add PR title validation ([3887](https://github.com/vyperlang/vyper/pull/3887))
- fix[test]: fix failure in grammar fuzzing ([3892](https://github.com/vyperlang/vyper/pull/3892))
- feat[test]: add `xfail_strict`, clean up `setup.cfg` ([3889](https://github.com/vyperlang/vyper/pull/3889))
- fix[ci]: pin hexbytes to pre-1.0.0 ([3903](https://github.com/vyperlang/vyper/pull/3903))
- chore[test]: update hexbytes version and tests ([3904](https://github.com/vyperlang/vyper/pull/3904))
- fix[test]: fix a bad bound in decimal fuzzing ([3909](https://github.com/vyperlang/vyper/pull/3909))
- fix[test]: fix a boundary case in decimal fuzzing ([3918](https://github.com/vyperlang/vyper/pull/3918))
- feat[ci]: update pypi release pipeline to use OIDC ([3912](https://github.com/vyperlang/vyper/pull/3912))
- chore[ci]: reconfigure single commit validation ([3937](https://github.com/vyperlang/vyper/pull/3937))
- chore[ci]: downgrade codecov action to v3 ([3940](https://github.com/vyperlang/vyper/pull/3940))
- feat[ci]: add codecov configuration ([4057](https://github.com/vyperlang/vyper/pull/4057))
- feat[test]: remove memory mocker ([4005](https://github.com/vyperlang/vyper/pull/4005))
- refactor[test]: change fixture scope in examples ([3995](https://github.com/vyperlang/vyper/pull/3995))
- fix[test]: fix call graph stability fuzzer ([4064](https://github.com/vyperlang/vyper/pull/4064))
- chore[test]: add macos to test matrix ([4025](https://github.com/vyperlang/vyper/pull/4025))
- refactor[test]: change default expected exception type ([4004](https://github.com/vyperlang/vyper/pull/4004))

Misc / refactor

- feat[ir]: add `eval_once` sanity fences to more builtins ([3835](https://github.com/vyperlang/vyper/pull/3835))
- fix: reorder compilation of branches in stmt.py ([3603](https://github.com/vyperlang/vyper/pull/3603))
- refactor[codegen]: make settings into a global object ([3929](https://github.com/vyperlang/vyper/pull/3929))
- chore: improve exception handling in IR generation ([3705](https://github.com/vyperlang/vyper/pull/3705))
- refactor: merge `annotation.py` and `local.py` ([3456](https://github.com/vyperlang/vyper/pull/3456))
- chore[ux]: remove deprecated python AST classes ([3998](https://github.com/vyperlang/vyper/pull/3998))
- refactor[ux]: remove deprecated `VyperNode` properties ([3999](https://github.com/vyperlang/vyper/pull/3999))
- feat: remove Index AST node ([3757](https://github.com/vyperlang/vyper/pull/3757))
- refactor: for loop target parsing ([3724](https://github.com/vyperlang/vyper/pull/3724))
- chore: improve diagnostics for invalid for loop annotation ([3721](https://github.com/vyperlang/vyper/pull/3721))
- refactor: builtin functions inherit from `VyperType` ([3559](https://github.com/vyperlang/vyper/pull/3559))
- fix: remove .keyword from Call AST node ([3689](https://github.com/vyperlang/vyper/pull/3689))
- improvement: assert descriptions in Crowdfund finalize() and participate() ([3064](https://github.com/vyperlang/vyper/pull/3064))
- feat: improve panics in IR generation ([3708](https://github.com/vyperlang/vyper/pull/3708))
- feat: improve warnings, refactor `vyper_warn()` ([3800](https://github.com/vyperlang/vyper/pull/3800))
- fix[ir]: unique symbol name ([3848](https://github.com/vyperlang/vyper/pull/3848))
- refactor: remove duplicate terminus checking code ([3541](https://github.com/vyperlang/vyper/pull/3541))
- refactor: `ExprVisitor` type validation ([3739](https://github.com/vyperlang/vyper/pull/3739))
- chore: improve exception for type validation ([3759](https://github.com/vyperlang/vyper/pull/3759))
- fix: fuzz test not updated to use TypeMismatch ([3768](https://github.com/vyperlang/vyper/pull/3768))
- chore: fix `StringEnum._generate_next_value]()` signature ([3770](https://github.com/vyperlang/vyper/pull/3770))
- chore: improve some error messages ([3775](https://github.com/vyperlang/vyper/pull/3775))
- refactor: `get_search_paths()` for vyper cli ([3778](https://github.com/vyperlang/vyper/pull/3778))
- chore: replace occurrences of 'enum' by 'flag' ([3794](https://github.com/vyperlang/vyper/pull/3794))
- chore: add another borrowship test ([3802](https://github.com/vyperlang/vyper/pull/3802))
- chore[ux]: improve an exports error message ([3822](https://github.com/vyperlang/vyper/pull/3822))
- chore: improve codegen test coverage report ([3824](https://github.com/vyperlang/vyper/pull/3824))
- chore: improve syntax error messages ([3885](https://github.com/vyperlang/vyper/pull/3885))
- chore[tool]: remove `vyper-serve` from `setup.py` ([3936](https://github.com/vyperlang/vyper/pull/3936))
- fix[ux]: replace standard strings with f-strings ([3953](https://github.com/vyperlang/vyper/pull/3953))
- chore[ir]: sanity check types in for range codegen ([3968](https://github.com/vyperlang/vyper/pull/3968))

New Contributors
* engn33r made their first contribution in https://github.com/vyperlang/vyper/pull/3658
* iFrostizz made their first contribution in https://github.com/vyperlang/vyper/pull/3662
* harkal made their first contribution in https://github.com/vyperlang/vyper/pull/3659
* DanielSchiavini made their first contribution in https://github.com/vyperlang/vyper/pull/3704
* AlbertoCentonze made their first contribution in https://github.com/vyperlang/vyper/pull/3697
* f3rmion made their first contribution in https://github.com/vyperlang/vyper/pull/3715
* 0x0077 made their first contribution in https://github.com/vyperlang/vyper/pull/3680
* Thabokani made their first contribution in https://github.com/vyperlang/vyper/pull/3749
* BoboTiG made their first contribution in https://github.com/vyperlang/vyper/pull/3747
* cyberthirst made their first contribution in https://github.com/vyperlang/vyper/pull/3871
* MoigeMatino made their first contribution in https://github.com/vyperlang/vyper/pull/3936
* wellweek made their first contribution in https://github.com/vyperlang/vyper/pull/3855
* electriclilies made their first contribution in https://github.com/vyperlang/vyper/pull/3969

**Full Changelog**: https://github.com/vyperlang/vyper/compare/v0.3.10...v0.4.0

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application