Vyper For Loop Iterator Side Effect Vulnerability

A vulnerability exists in Vyper versions through 0.4.0, allowing multiple evaluations of a single expression in the iterator target of for loops. This issue can lead to unexpected program behavior by interleaving reads and writes. Specifically, iterators containing conditional expressions can consume side effects from the loop body, such as reading a storage variable that was updated during the loop. The vulnerability arises because, while the iterator expression itself cannot generate multiple writes, it can read and process side effects in a way that disrupts the intended flow of the program.

Impact

Exploitation of this vulnerability can cause unintended program behavior by disrupting the normal execution flow of loops, particularly when iterators consume side effects from the loop body. This can lead to incorrect data being processed or stored.

Reproduction

The vulnerability can be reproduced by creating a for loop that uses an iterator expression containing a conditional (if) expression. The iterator can read a storage variable that is updated within the loop body, causing the loop to interleave reads and writes in a problematic way. This can be demonstrated with a dynamic array or a static array, where the iterator evaluation is controlled to consume side effects from the loop body.

Remediation

Users are advised to upgrade to Vyper version 0.4.1, where this vulnerability has been fixed.