CVE-2025-27104
HIGHDescription
vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a storage variable updated in the loop body) and thus lead to unexpected program behavior. Specifically, reads in iterators which contain an ifexp (e.g. `for s: uint256 in ([read(), read()] if True else [])`) may interleave reads with writes in the loop body. Vyper for loops allow two kinds of iterator targets, namely the `range()` builtin and an iterable type, like SArray and DArray. During codegen, iterable lists are required to not produce any side-effects (in the following code, `range_scope` forces `iter_list` to be parsed in a constant context, which is checked against `is_constant`). However, this does not prevent the iterator from consuming side effects provided by the body of the loop. For SArrays on the other hand, `iter_list` is instantiated in the body of a `repeat` ir, so it can be evaluated several times. This issue is being addressed and is expected to be available in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| vyperlang | vyper |
References
Frequently Asked Questions
What is CVE-2025-27104? +
How severe is CVE-2025-27104? +
What products are affected by CVE-2025-27104? +
How do I check if I'm vulnerable to CVE-2025-27104? +
Related Vulnerabilities
Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there …
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper …
A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows …
In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was reported that …
FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a …
A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of …