CVE-2025-27105

Name of the Vulnerable Software and Affected Versions Vyper versions prior to 0.4.1

Description The issue arises from how Vyper handles AugAssign statements, specifically when the target is an access to a DynArray and the right-hand side (rhs) modifies the array. In such cases, the cached target evaluates first, and the bounds check is not re-evaluated during the write portion of the statement. This can lead to out-of-bounds access. For example, the code a[1] += a.pop() is evaluated as if a[1] is accessed before a.pop() modifies the array, bypassing the bounds check that would occur if a[1] were accessed after a.pop().

Recommendations For versions prior to 0.4.1, upgrade to version 0.4.1 or later to address this issue. At the moment, there is no information about other workarounds for this vulnerability.