SYM_SOL_0014 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Enforcement of Behavioral Workflow
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-841: Improper Enforcement of Behavioral Workflow |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Low |
Description
Calling external contracts or untrusted code from within the ERC777 tokensReceived() function can introduce a reentrancy risk. This allows attackers to re-enter contract functions before previous operations are completed, potentially bypassing intended logic or protections.
Impact
If exploited, an attacker could repeatedly trigger sensitive operations (like withdrawals or state changes) before balances or permissions are updated, leading to unauthorized token transfers, theft of funds, or corruption of contract state. This can result in significant financial losses or contract compromise.