CVE-2024-43366

Name of the Vulnerable Software and Affected Versions zkvyper versions 1.3.12 through 1.5.3

Description The issue arises from the compilation of LLL IR to a loop with a late exit condition, potentially leading to a loss of funds or unwanted behavior if the loop body contains specific conditions. However, common use cases like iterating over an array are not affected. No contracts were reportedly affected by this issue.

Recommendations For versions 1.3.12 through 1.5.3, upgrade and redeploy affected contracts to avoid the issue. At the moment, there is no information about other versions that may require different actions.