Improper Enforcement of Behavioral Workflow
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-841: Improper Enforcement of Behavioral Workflow |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
The transfer function calls callAfterTransfer before updating balances or completing state changes, which allows external contracts to re-enter the transfer process. This exposes the contract to reentrancy attacks, where a malicious contract could repeatedly trigger transfers in an unsafe state.
Impact#
If exploited, an attacker could drain funds or manipulate token balances by recursively calling transfer, potentially leading to loss of assets or disruption of contract logic. This can result in serious financial damage and undermine trust in the smart contract.