Improper Enforcement of Behavioral Workflow
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-841: Improper Enforcement of Behavioral Workflow |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Low |
Description#
Calling external contracts or untrusted code from within the ERC777 tokensReceived() function can introduce a reentrancy risk. This allows attackers to re-enter contract functions before previous operations are completed, potentially bypassing intended logic or protections.
Impact#
If exploited, an attacker could repeatedly trigger sensitive operations (like withdrawals or state changes) before balances or permissions are updated, leading to unauthorized token transfers, theft of funds, or corruption of contract state. This can result in significant financial losses or contract compromise.