CVE-2023-32058

Name of the Vulnerable Software and Affected Versions Vyper versions prior to 0.3.8

Description The issue is due to a missing overflow check for loop variables in Vyper, a Pythonic smart contract language for the Ethereum virtual machine. By assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. This issue seems to happen only in loops of type for i in range(a, a + N), as the compiler can raise a TypeMismatch when trying to overflow the variable in loops of type for i in range(start, stop) and for i in range(stop).

Recommendations For versions prior to 0.3.8, update to version 0.3.8 to resolve the issue. As a temporary workaround, consider avoiding the use of loops of type for i in range(a, a + N) where the iterator is assigned to a variable, to minimize the risk of exploitation. Restrict access to vulnerable smart contracts to prevent potential overflows until the issue is resolved.