• Total Prize Pool: $150,000(+) USDC
  • HM: 95%
  • L: 5%
• Starts: September 14, 2023
• Ends: November 4th, 2023
• nSLOC: ~14,644

The donation address for prizes is:

• eth:0x18996AdDe10E9AC12e47e5D6a0F486793fad2c15 (vyper-contest.eth)
• Any EVM Chain: 0xf71d2231bc1309db6419F82afD8157ea858ADd8C

• READ HERE

• Everything in ./vyper (~15,000 nSLOC)
• Vyper Commit Hash:
  • 3b310d5
  • Aka the 0.3.10rc3
    • All the code for this commit is also located in this repo

• Anything outside ./vyper folder
• Any issue in the repo labeled "bug" is a known bug, and any issue merged or closed from past versions of vyper is a known bug, and does not qualify.
• EVM version related bugs. For example, the following finding would not qualify:

Vyper 0.3.9 defaults to shanghai which adds the PUSH0 opcode and which is not yet supported on many chains like Optimism. This can lead to dangerous creation and runtime failures.

You can see the list of known issues here.

Due to the sensitivity of the contest, judging for this contest will be private, and conducted by the Cyfrin team, VSA (Vyper Security Alliance), and the contest will likely involve additional external participants.

For this contest, we are looking exclusively for Highs & Mediums. There will be no Informational / QA prize pool.

• H/M - 95%
• L - 5%

You can check the total prize pool here: 0x18996AdDe10E9AC12e47e5D6a0F486793fad2c15

We will use the matrix in the CodeHawks documentation to decide severity, but here are some examples.

• High Impact: Reentrancy locks are in the wrong storage slot
• High Likelihood: Always

• High Impact: Compiler puts reentrancy lock at the wrong spot
• Low Likelihood: Only when the contract address starts with 0x0000, your codebase is exactly 4,567 lines long, and has a very specific function name.

• Low Impact: An extra INVALID Opcode is added at the end of metadata
• Low Likelihood: If the first text in the codebase is "snek snek snek snek is king"

This is our first contest that will include a paid "Invited Hawk". We are excited to welcome obront.eth to this contest! He will be paid an additional flat fee from outside the prize pool.

• The codegen and optimizer sections are critical because it creates/modifies the output EVM code, so if you're looking for Highs, that's likely where you'll find them.
• Access control - handing the user unintended powers - is a focus of potential attack
• It's likely that if the compiler produces EVM opcodes/bytecode that is not correct, it could be considered a H/M even if it's not apparent. So please submit your lows.

We will be working closely with the Vyper Security Alliance on submissions.

Lido	Yearn	Curve
Cyfrin	UnoRe

Vyper compiler security audit competition starts 14th September with $150k worth of bounties. See the competition on CodeHawks and find more details in this blog post.

See Installing Vyper to install vyper. See Tools and Resources for an additional list of framework and tools with vyper support. See Documentation for the documentation and overall design goals of the Vyper language.

See Learn.Vyperlang.org for learning Vyper by building a Pokémon game. See try.vyperlang.org to use Vyper in a hosted jupyter environment!

Note: Vyper is beta software, use with care

See the Vyper documentation for build instructions.

To compile a contract, use:

vyper your_file_name.vy

generate bytecode

vyper -f bytecode file-name.vy > file-name.bin

generate abi

vyper -f abi file-name.vy > file-name.abi

There is also an online compiler available you can use to experiment with the language and compile to bytecode and/or IR.

Note: While the vyper version of the online compiler is updated on a regular basis it might be a bit behind the latest version found in the master branch of this repository.

(Complete installation steps first.)

make dev-init
python setup.py test

• See Issues tab, and feel free to submit your own issues
• Add PRs if you discover a solution to an existing issue
• For further discussions and questions, post in Discussions or talk to us on Discord
• For more information, see Contributing