Wrong denominations included in reserved keywords

Severity

Low Risk

Relevant GitHub Links

https://github.com/vyperlang/vyper/blob/3b310d5292c4d1448e673d7b3adb223f9353260e/vyper/semantics/namespace.py#L207-L220

Summary

The list of denominations for units of ETH included in the reserved keywords list is different from the list of accepted denominations when converting between units. This leads to some reserved keywords that should not be, and some non-reserved keywords that should be.

Vulnerability Details

The list of reserved keywords for denominations is as follows:

    "ether",
    "wei",
    "finney",
    "szabo",
    "shannon",
    "lovelace",
    "ada",
    "babbage",
    "gwei",
    "kwei",
    "mwei",
    "twei",
    "pwei",

The list of denominations accepted when converting between values is:

wei_denoms = {
    ("wei",): 1,
    ("femtoether", "kwei", "babbage"): 10**3,
    ("picoether", "mwei", "lovelace"): 10**6,
    ("nanoether", "gwei", "shannon"): 10**9,
    ("microether", "szabo"): 10**12,
    ("milliether", "finney"): 10**15,
    ("ether",): 10**18,
    ("kether", "grand"): 10**21,
}

Comparing the two lists:

• The following are reserved but should not be: ada, twei, pwei
• The following are not reserved but should be: milliether, microether, nanoether, picoether, femtoether, grand, kether

Impact

Some denominations that should be reserved are not, while others that should not be reserved are.

Tools Used

Manual Review

Recommendations

Line up the two lists so that the reserved keywords reflects the denominations that are used for conversions.