Improper Enforcement of Behavioral Workflow
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-841: Improper Enforcement of Behavioral Workflow |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
The function calls $VAULT.getPoolTokens() on a Balancer pool without protection against read-only reentrancy attacks. This means an attacker could exploit the call sequence to manipulate contract state or logic during the call.
Impact#
If exploited, an attacker may execute malicious reentrant calls, potentially leading to unauthorized withdrawals, manipulation of balances, or other critical actions. This could result in significant financial loss or disruption of pool operations.