ChainCatcher message, the Ethereum programming language Vyper released a post-mortem analysis report regarding last week's vulnerability incident. The report indicated that on July 30, multiple Curve liquidity pools were exploited due to a potential vulnerability in the Vyper compiler, which was an improperly implemented reentrancy guard. The affected Vyper versions included v0.2.15, v0.2.16, and v0.3.0.Vyper stated that the vulnerability has been fixed and tested in version v0.3.1, and that v0.3.1 and later versions are safe. However, at the time, it was not realized that protocols using the vulnerable versions of the compiler would be affected, nor were downstream protocols notified in a timely manner.

ChainCatcher news, the Ethereum programming language Vyper tweeted that versions 0.2.15, 0.2.16, and 0.3.0 of Vyper are affected by a reentrancy lock failure, and the investigation is ongoing.

ChainCatcher message, Ethereum programming language Solidity releases Solidity compiler version 0.8.20. The latest version includes a series of improvements to the via-IR pipeline and enhances the list of events exposed in the contract ABI, supporting the Shanghai hard fork upgrade. This compiler switches the default target EVM version to the Shanghai version. (Source link)

ChainCatcher news, the Ethereum programming language Solidity has released the latest version of the Solidity compiler, Solidity 0.8.18. The new version features include: disabling CBOR metadata, supporting the Paris hard fork, deprecating selfdestruct, and generating EVM bytecode from Yul. The team recommends all Solidity developers upgrade to version 0.8.18 to take advantage of these improvements and optimizations. (source link)