SYM_SOL_0017 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Enforcement of Behavioral Workflow
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-841: Improper Enforcement of Behavioral Workflow |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Medium |
Description
Calling get_virtual_price() on a Curve pool without proper reentrancy protection exposes the function to read-only reentrancy attacks. This means external contracts could manipulate state between calls and get inaccurate or manipulated pricing data.
Impact
If exploited, attackers could manipulate oracles or pricing mechanisms that rely on get_virtual_price(), potentially enabling profit from arbitrage, market manipulation, or incorrect payouts. This can undermine trust, affect protocol stability, and lead to significant financial losses.