SYM_SOL_0002 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Enforcement of Behavioral Workflow
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-841: Improper Enforcement of Behavioral Workflow |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Medium |
Description
The function calls $VAULT.getPoolTokens() on a Balancer pool without protection against read-only reentrancy attacks. This means an attacker could exploit the call sequence to manipulate contract state or logic during the call.
Impact
If exploited, an attacker may execute malicious reentrant calls, potentially leading to unauthorized withdrawals, manipulation of balances, or other critical actions. This could result in significant financial loss or disruption of pool operations.