Improper Enforcement of Behavioral Workflow
| Property | |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-841: Improper Enforcement of Behavioral Workflow |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
Calling get_virtual_price() on a Curve pool without proper reentrancy protection exposes the function to read-only reentrancy attacks. This means external contracts could manipulate state between calls and get inaccurate or manipulated pricing data.
Impact#
If exploited, attackers could manipulate oracles or pricing mechanisms that rely on get_virtual_price(), potentially enabling profit from arbitrage, market manipulation, or incorrect payouts. This can undermine trust, affect protocol stability, and lead to significant financial losses.