Improper Enforcement of Behavioral Workflow
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-841: Improper Enforcement of Behavioral Workflow |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
Calling getRate() on a Balancer pool without proper protection leaves the function vulnerable to read-only reentrancy attacks. This means an attacker could re-enter the contract during the call and potentially manipulate its behavior.
Impact#
If exploited, an attacker could disrupt expected contract logic, potentially leading to incorrect state changes, calculation errors, or unauthorized actions. This can result in financial loss, fund mismanagement, or system instability for users and the protocol.