Out-of-bounds Write

Vyper is vulnerable to Out-of-bounds Write. The vulnerability is due to improper bounds validation due to the caching of the target location in an AugAssign statement, which prevents re-evaluating the bounds check when modifying a DynArray...

CVE-2025-27105

A flaw was found in Vyper, a Pythonic Smart Contract Language for the EVM. This vulnerability allows out-of-bounds writes via improper bounds checking when modifying a DynArray using an augmented assignment AugAssign. Mitigation Mitigation for this issue is either not available or the currently...

AugAssign evaluation order causing OOB write within the object in Vyper

Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write...

CVE-2025-27105

vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the...

GHSA-3P37-3636-Q8WV Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment

Impact during codegen, the length word of a dynarray is written before the data, which can result in OOB array access in the case where the dynarray is on both the lhs and rhs of an assignment. here is a minimal example producing the issue: vyper a:DynArrayuint256,3 @external def test -...

Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment

Impact during codegen, the length word of a dynarray is written before the data, which can result in OOB array access in the case where the dynarray is on both the lhs and rhs of an assignment. here is a minimal example producing the issue: vyper a:DynArrayuint256,3 @external def test -...

PYSEC-2023-77

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

PYSEC-2023-77

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

CVE-2023-31146 Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

CVE-2023-31146 Vyper vulnerable to OOB DynArray access when array is on both LHS and RHS of an assignment

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

PT-2023-23179 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.8 Description: The issue occurs during codegen when the length word of a dynarray is written before the data. This can result in out-of-bounds array access when the dynarray is on both the lhs and rhs of an...