Vyper EcRecover and Identity Precompile Success Flag Bypass Vulnerability

A vulnerability exists in the Vyper compiler versions through 0.4.0, where calls to the Ethereum precompiles EcRecover (0x1) and Identity (0x4) do not properly check for successful execution. This oversight allows an attacker to manipulate the gas provided to these calls, potentially causing incorrect execution results while exploiting the EVM's gas handling rules. After a failed precompile call, only a fraction of the original gas remains, limiting the complexity of subsequent operations. Although this issue has been addressed in Vyper version 0.4.1, it could lead to unintended consequences in smart contracts that rely on the affected precompiles.

Impact

Exploitation of this vulnerability can result in incorrect execution outcomes, particularly in contracts that use the EcRecover or Identity precompiles without proper success checks.

Reproduction

The vulnerability can be reproduced by compiling a Vyper contract that uses the 'ecrecover' or 'identity' precompiles, and then deploying and interacting with the contract in a way that triggers the vulnerability. This can be done by sending a transaction that includes a specific gas amount designed to cause the precompile call to fail, while leaving enough gas for the transaction to complete. After the precompile call fails, the contract can be observed to return an incorrect result, demonstrating the vulnerability.

Remediation

Users can upgrade to Vyper version 0.4.1 or later, where this vulnerability has been fixed.