Unprotected $VAULT.getPoolTokens() call from read-only reentrancy

Description

The $VAULT.getPoolTokens() call on a Balancer pool is not protected from the read-only reentrancy, which can lead to potential security vulnerabilities.

Examples

Insecure Code

solidity

function getPoolTokens() public {
  uint256[] memory tokens = $VAULT.getPoolTokens();
  ... 
}

Secure Code

solidity

function getPoolTokens() public {
  VaultReentrancyLib.ensureNotInVaultContext();
  uint256[] memory tokens = $VAULT.getPoolTokens();
  ... 
}

Remediation

Add a reentrancy check using VaultReentrancyLib.ensureNotInVaultContext() before calling $VAULT.getPoolTokens()

Rule Details

Field	Value
ID	CODE-0466
Category	Injection
Severity	HIGH
CWE	CWE-841
Confidence	HIGH
Impact	HIGH
Likelihood	MEDIUM
Exploitability	MODERATE
Tags	reentrancy, Balancer pool
OWASP	N/A

References

https://quillaudits.medium.com/decoding-sentiment-protocols-1-million-exploit-quillaudits-f36bee77d376
https://hackmd.io/@sentimentxyz/SJCySo1z2

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Unprotected $VAULT.getPoolTokens() call from read-only reentrancy

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Unprotected $VAULT.getPoolTokens() call from read-only reentrancy ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

Unprotected $VAULT.getPoolTokens() call from read-only reentrancy

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References