Unprotected getRate() call on Balancer pool

Description

The $VAR.getRate() call on a Balancer pool is not protected from the read-only reentrancy, which can lead to unintended behavior and potential security vulnerabilities.

Examples

Insecure Code

solidity

function example() {
  pool.getRate();
}

Secure Code

solidity

function example() {
  VaultReentrancyLib.ensureNotInVaultContext();
  pool.getRate();
}

Remediation

Add a reentrancy protection mechanism, such as VaultReentrancyLib.ensureNotInVaultContext(), before calling $VAR.getRate().

Rule Details

Field	Value
ID	CODE-0105
Category	Injection
Severity	HIGH
CWE	CWE-841
Confidence	HIGH
Impact	HIGH
Likelihood	MEDIUM
Exploitability	MODERATE
Tags	reentrancy, Balancer pool
OWASP	N/A

References

https://forum.balancer.fi/t/reentrancy-vulnerability-scope-expanded/4345

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Unprotected getRate() call on Balancer pool

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Unprotected getRate() call on Balancer pool ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

Unprotected getRate() call on Balancer pool

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References