SYM_SOL_0013 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Enforcement of Behavioral Workflow
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-841: Improper Enforcement of Behavioral Workflow |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Medium |
Description
The transfer function calls callAfterTransfer before updating balances or completing state changes, which allows external contracts to re-enter the transfer process. This exposes the contract to reentrancy attacks, where a malicious contract could repeatedly trigger transfers in an unsafe state.
Impact
If exploited, an attacker could drain funds or manipulate token balances by recursively calling transfer, potentially leading to loss of assets or disruption of contract logic. This can result in serious financial damage and undermine trust in the smart contract.