Summary

A compiler issue has been identified when using the built-in len function to determine the length of a literal array.

Vulnerability Detail

When developers try to retrieve the length of a literal array using the built-in len function, the compiler doesn't handle this operation appropriately. As a result, instead of returning the length of the array, it raises an InvalidType exception.

This behavior contrasts with the typical handling of literal arrays, since the expectation would be for the compiler to easily determine the length of such literal arrays without any exception.

Impact

Imo the main impact of this issue is two-fold:

• Developers have to find workarounds to a relatively straightforward operation, which can reduce development speed.

• Developers might implement custom methods to determine the length or might use the length inappropriately, leading to potential bugs in the smart contract.

POC

The following snippet demonstrates the issue:

The intention above is to retrieve the length of the array. However, the compilation fails due to the InvalidType exception.

Tool used

Manual Review

Recommendation

Developers using Vyper should atleast be aware of this issue. Until a patch or an official fix is released, I assume allowing the use of a predefined constant or manually input the length if the literal array's length is known and doesn't change could help, otherwise recommendation is N/A.

Additionally, on the issue of InvalidType an open todo is here and should be sorted.