From 728a27677240fdd55a4144d04b31004f8330847c Mon Sep 17 00:00:00 2001
From: sudo rm -rf --no-preserve-root / <pcaversaccio@users.noreply.github.com>
Date: Mon, 7 Aug 2023 06:14:30 +0200
Subject: [PATCH] docs: add security advisory note for `ecrecover` (#3539)

Co-authored-by: Charles Cooper <cooper.charles.m@gmail.com>
---
 docs/built-in-functions.rst | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/built-in-functions.rst b/docs/built-in-functions.rst
index 84859d66c2..bfaa8fdd5e 100644
--- a/docs/built-in-functions.rst
+++ b/docs/built-in-functions.rst
@@ -379,7 +379,11 @@ Cryptography
     * ``s``: second 32 bytes of signature
     * ``v``: final 1 byte of signature
 
-    Returns the associated address, or ``0`` on error.
+    Returns the associated address, or ``empty(address)`` on error.
+
+    .. note::
+
+         Prior to Vyper ``0.3.10``, the ``ecrecover`` function could return an undefined (possibly nonzero) value for invalid inputs to ``ecrecover``. For more information, please see `GHSA-f5x6-7qgp-jhf3 <https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3>`_.
 
     .. code-block:: python