What Is a Reentrancy Attack and How Does It Work? – MUO – MakeUseOf
Some of the biggest hacks in the blockchain industry, where millions of dollars worth of cryptocurrency tokens got stolen, resulted from reentrancy attacks. While these hacks have becomes less common in recent years, they still pose a significant threat to blockchain applications and users.
So what precisely are reentrancy attacks? How are they deployed? And are there any measures developers can take to prevent them from happening?
A reentrancy attack occurs when a vulnerable smart contract function makes an external call to a malicious contract, temporarily giving up control of the transaction flow. The malicious contract then repeatedly calls the original smart contract function before it finishes executing while draining its funds.
Essentially, a withdrawal transaction on the Ethereum blockchain follows a three-step cycle: balance confirmation, remittance, and balance update. If a cybercriminal can hijack the cycle before the balance update, they can repeatedly withdraw funds until a wallet is drained.
One of the most infamous blockchain hacks, the Ethereum DAO hack, as covered by Coindesk, was a reentrancy attack that led to a loss of over $60 million worth of eth and fundamentally changed the course of the second largest cryptocurrency.
Imagine a bank in your hometown where virtuous locals keep their money; its total liquidity is $1 million. However, the bank has a flawed accounting systemstaffers wait until the evening to update bank balances.
Your investor friend visits the town and discovers the accounting flaw. He creates an account and deposits $100,000. A day later, he withdraws $100,000. After one hour, he makes another attempt of withdrawing $100,000. Since the bank has not updated his balance, it still reads $100,000. So he gets the money. He does this repeatedly until there's no money left. Staffers only realize there's no money when they balance the books in the evening.
In the context of a smart contract, the process goes as follows:
Generally, the attacker successfully exploits the reentrancy vulnerability to their advantage, stealing funds from the contract.
So how exactly might a reentrancy attack technically occur when deployed? Here's a hypothetical smart contract with a reentrancy gateway. We'll use axiomatic naming to make it easier to follow along.
The VulnerableContract lets users deposit eth into the contract using the deposit function. Users can then withdraw their deposited eth using the withdraw function. However, there's a reentrancy vulnerability in the withdraw function. When a user withdraws, the contract transfers the requested amount to the user's address before updating the balance, creating an opportunity for an attacker to exploit.
Now, here's what an attacker's smart contract would look like.
When the attack is launched:
The attack can happen very fast, depending on the network's performance. When involving complex smart contracts such as the DAO Hack, which led to the hard fork of Ethereum into Ethereum and Ethereum Classic, the attack happens over several hours.
To prevent a reentrancy attack, we need to modify the vulnerable smart contract to follow the best practices for secure smart contract development. In this case, we should implement the "checks-effects-interactions" pattern as in the code below.
In this fixed version, we've introduced an isLocked mapping to track whether a particular account is in the process of a withdrawal. When a user initiates a withdrawal, the contract checks if their account is locked (!isLocked[msg.sender]), indicating that no other withdrawal from the same account is currently in progress.
If the account isn't locked, the contract continues with the state change and external interaction. After the state change and external interaction, the account is unlocked again, allowing future withdrawals.
Generally, there are three main types of reentrancy attacks based on their nature of exploitation.
Reentrancy attacks can manifest in different forms and so require specific measures to prevent each.
Reentrancy attacks have caused substantial financial losses and undermined trust in blockchain applications. To protect contracts, developers must adopt best practices diligently to avoid reentrancy vulnerabilities.
They should also implement secure withdrawal patterns, use trusted libraries, and conduct thorough audits to fortify the smart contract's defense further. Of course, staying informed about emerging threats and being proactive with security efforts can ensure they uphold blockchain ecosystems' integrity too.
Visit link:
What Is a Reentrancy Attack and How Does It Work? - MUO - MakeUseOf
- What is a Blockchain Oracle? | Connecting Smart Contracts to the Real World | Get Started with Bitcoin.com - Bitcoin.com - March 5th, 2025 [March 5th, 2025]
- The Impact Of AI Generated Smart Contracts On Automation And Security - Outlook India - March 5th, 2025 [March 5th, 2025]
- Russian Central Bank Governor Says Interest in Smart Contracts Rising, Hints at Rollout of New Digital Ruble - The Daily Hodl - March 3rd, 2025 [March 3rd, 2025]
- Top Cryptos to Buy and Hold for Short Term: Qubetics QubeQode IDE, Ethereums Smart Contracts, and Bitcoins Scarcity - NewsWatch - March 3rd, 2025 [March 3rd, 2025]
- Transitioning from Sharded Blockchain to Sharded Smart Contracts - Tekedia - March 3rd, 2025 [March 3rd, 2025]
- Jamie Dimon's Longstanding Belief In Smart Contracts Revealed Ahead Of JPMorgan's Ethereum ETF Deal - MSN - March 1st, 2025 [March 1st, 2025]
- AGII Revolutionizes Smart Contracts and Automation with Adaptive AI Technology - EIN News - March 1st, 2025 [March 1st, 2025]
- Crypto's New Frontier: AI-Smart Contracts Are Here! - Be3 - March 1st, 2025 [March 1st, 2025]
- How Smart Contracts Are Revolutionizing Business And Finance - Outlook India - March 1st, 2025 [March 1st, 2025]
- Decentralizing Finance: How Smart Contracts Are Reshaping The Financial Landscape - Outlook India - March 1st, 2025 [March 1st, 2025]
- What is possible on Cardano (ADA) without Smart Contracts? - The Currency Analytics - February 23rd, 2025 [February 23rd, 2025]
- Healthcare smart contracts to reach $10B by 2030 - CoinGeek - February 23rd, 2025 [February 23rd, 2025]
- Qubetics ($TICS), Tron (TRX), and Cronos (CRO): The Future of Blockchain Development, Scalable Smart Contracts, and Crypto Payments Best Coins to Buy... - February 23rd, 2025 [February 23rd, 2025]
- Cardano ADA Ready to Revolutionize Smart Contracts. Here's the Future of Decentralized Applications. - Be3 - February 14th, 2025 [February 14th, 2025]
- Cardanos Smart Contracts or Skyrens Airdrop Empire? The New Debate in Crypto Circles - Analytics Insight - February 11th, 2025 [February 11th, 2025]
- The Future of Smart Contracts: Beyond Ethereum - MSN - February 9th, 2025 [February 9th, 2025]
- Why Qubetics Emerges as the Highest ROI Crypto with 14888% ROI Alongside Ethereums Smart Contracts, and Solanas Speed - TCU - February 9th, 2025 [February 9th, 2025]
- Solana Smart Contracts To Massively Boost 1Fuel Launch As Investors Bet On 100X Gains In Opening Weeks - MSN - February 9th, 2025 [February 9th, 2025]
- Solana Smart Contracts To Massively Boost 1Fuel Launch As Investors Bet On 100X Gains In Opening Weeks - Punch Newspapers - February 9th, 2025 [February 9th, 2025]
- AGII Transforms Web3 Infrastructure with AI-Optimized Smart Contracts - Newsfile - February 5th, 2025 [February 5th, 2025]
- Taproot Wizards Raises $30M to Boost Smart Contracts on Bitcoin - Coinspeaker - February 5th, 2025 [February 5th, 2025]
- Smart Contracts Market Growth Driven by Blockchain Adoption Ethereum Dominance and Rising SME Adoption - EIN News - February 5th, 2025 [February 5th, 2025]
- Dogecoin's Future: Innovating Beyond the Meme into the Realm of Smart Contracts and Web3 - MotoPaddock - February 5th, 2025 [February 5th, 2025]
- XRP Surprising Evolution: From Cryptocurrency to IoT and Smart Contracts Market - HPBL - February 5th, 2025 [February 5th, 2025]
- Ethereum: The Foundation of Decentralized Applications and Smart Contracts Market - HPBL - February 5th, 2025 [February 5th, 2025]
- DeFi, smart contracts, and robot wallets will shape our world in 2025 | Opinion - crypto.news - January 30th, 2025 [January 30th, 2025]
- Gas and dApps: Connecting Smart Contracts for Efficient Blockchain Operations - Geek Vibes Nation - January 30th, 2025 [January 30th, 2025]
- If You Invested $1,000 In Ethereum When Jamie Dimon Said Cryptos With Smart Contracts Have Value, Here's How Much You'd Have Today - Grayscale Bitcoin... - January 26th, 2025 [January 26th, 2025]
- How Blockchain and Smart Contracts Are Transforming Online Gambling - SIDE-LINE MAGAZINE - January 26th, 2025 [January 26th, 2025]
- The Future of Ethereums Smart Contracts: Unlocking New Possibilities Market - HPBL - January 26th, 2025 [January 26th, 2025]
- AGII Redefines Smart Contracts with AI Integration in Web3 - CoinTrust - January 11th, 2025 [January 11th, 2025]
- The Future of Ethereum: Beyond Smart Contracts! - Bit Perfect Solutions - January 11th, 2025 [January 11th, 2025]
- ADAs Smart Contracts Revolutionized Crypto, but 1Fuel Takes It to the Next Level - CryptoDaily - January 6th, 2025 [January 6th, 2025]
- XRP Revolutionizing Smart Contracts! How Ripple is Shaping the Future of Digital Transactions - Bit Perfect Solutions - January 6th, 2025 [January 6th, 2025]
- Ethereum Smart Contracts Are Being Reimagined by Lightchain AI Ecosystem Press release Bitcoin News - Bitcoin.com News - December 22nd, 2024 [December 22nd, 2024]
- Why Qubetics Presale, Solanas Scalability, and Stacks Smart Contracts Rank Among the Best Cryptos with 1000X Potential - The Merkle News - December 22nd, 2024 [December 22nd, 2024]
- Chainlink Crypto Revolution! The Oracle Network Thats Redefining Smart Contracts - Bit Perfect Solutions - December 22nd, 2024 [December 22nd, 2024]
- Web3 and AI Platform AGII Redefines Smart Contracts with AI-Powered Efficiency and Adaptive Intelligence - Benzinga - December 22nd, 2024 [December 22nd, 2024]
- How AI and smart contracts will impact construction - Construction News - December 8th, 2024 [December 8th, 2024]
- XRP soars: Why has zero venture capital, no smart contracts, and low user numbers led to a market value of $180 billion? - ChainCatcher - December 8th, 2024 [December 8th, 2024]
- Court Rules OFAC Exceeded Authority in Sanctioning Tornado Cash Smart Contracts - Lawyer Monthly Magazine - November 28th, 2024 [November 28th, 2024]
- Fifth Circuit Rules OFAC Overstepped in Sanctioning Tornado Cash's Immutable Smart Contracts - Decrypt - November 26th, 2024 [November 26th, 2024]
- Ethereum Time Machine: A New Era for Smart Contracts and Future-Based Transactions - Crypto News Flash - November 16th, 2024 [November 16th, 2024]
- Ethereum researcher unveils time machine for even smarter, smart contracts - StartupNews.fyi - November 16th, 2024 [November 16th, 2024]
- FlexiNetAI Is Disrupting Blockchain Space With Innovative Smart Contracts - StreetInsider.com - November 2nd, 2024 [November 2nd, 2024]
- From Code to Intelligence: How Yeager.ai is Building Internet-Native Smart Contracts - hackernoon.com - November 2nd, 2024 [November 2nd, 2024]
- Smart Contracts Platforms Market Poised for Explosive Growth, Reaching $230.4 Billion by 2032 - openPR - October 23rd, 2024 [October 23rd, 2024]
- Healthcare Smart Contracts Market Business Insights, Key Trend Analysis - News in Assen - October 7th, 2024 [October 7th, 2024]
- From Court to Code: Smart Contracts and Arbitration - JD Supra - September 21st, 2024 [September 21st, 2024]
- VeChain CEO Says Incentivizing EV Drivers For Reducing C02 Emissions Is "Very Cheap" Because Of Smart contracts - 99Bitcoins - September 21st, 2024 [September 21st, 2024]
- How Smart Contracts are Reinventing the Gaming Experience - SMEStreet - September 21st, 2024 [September 21st, 2024]
- W3.io Launches Industry Alliance to Develop the First Orchestration Cloud for Smart Contracts - Decrypt - September 19th, 2024 [September 19th, 2024]
- Smart Contracts Market: Enabling Secure and Automated Transactions - openPR - September 19th, 2024 [September 19th, 2024]
- How Smart Contracts are Enhancing Trust in Crypto-Based Gambling Platforms - UseTheBitcoin - September 19th, 2024 [September 19th, 2024]
- Meticulous Research Projects the Smart Contracts Market to Reach $8.7 Billion by 2031 - openPR - September 19th, 2024 [September 19th, 2024]
- Smart Contracts: where are we now and does AI have a role to play? - Travers Smith - September 10th, 2024 [September 10th, 2024]
- Friend.tech's FRIEND token tanks to record low as team abandons control of smart contracts - Crypto Briefing - September 10th, 2024 [September 10th, 2024]
- Friend.Tech Faces Uncertain Future After Transferring Control of Smart Contracts - BSC News - September 10th, 2024 [September 10th, 2024]
- Ripples Vision: Native Smart Contracts on XRPL Mainnet and Launching the XRPL EVM Sidechain - CryptoGlobe - September 6th, 2024 [September 6th, 2024]
- Ripple Will Support Ethereum Compatible Smart Contracts Soon - Live Bitcoin News - September 6th, 2024 [September 6th, 2024]
- Smart Contracts On The XRP Ledger, Ripples Change Of Heart Worries Community | Bitcoinist.com - Bitcoinist - September 6th, 2024 [September 6th, 2024]
- Ripple to bring smart contracts on XRP Ledger - crypto.news - September 6th, 2024 [September 6th, 2024]
- Ripple to Add Ethereum-Compatible Smart Contracts to XRP Ledger - Cryptonews - September 6th, 2024 [September 6th, 2024]
- Ripple to Add Ethereum Smart Contracts to its XRP Ledger - Watcher Guru - September 6th, 2024 [September 6th, 2024]
- Flare Labs CEO Says Smart Contracts on XRP Ledger Will Make FXRP Even Better - The Crypto Basic - September 6th, 2024 [September 6th, 2024]
- Ripple Introduces Smart Contracts and Innovative NFT Features to the XRP Ledger - Crypto News Flash - September 6th, 2024 [September 6th, 2024]
- Tensions Rise in XRP Community as Ripple Reverses Stance on XRPL Smart Contracts - The Crypto Basic - September 6th, 2024 [September 6th, 2024]
- XRP Ledger set to gain smart contracts and EVM Sidechain - CryptoTvplus - September 6th, 2024 [September 6th, 2024]
- XRP to Moon: Ripple To Expand XRP Ledger with Ethereum-Compatible Smart Contracts - Coinpedia Fintech News - September 6th, 2024 [September 6th, 2024]
- Ripple Announces Smart Contracts for XRP Ledger, Expanding Features for NFTs, AMMs, and DEXs - BSC News - September 6th, 2024 [September 6th, 2024]
- Ripple To Add Ethereum Smart Contracts To XRP Ledger By yolowire.com - Investing.com Canada - September 6th, 2024 [September 6th, 2024]
- Ripple to Enhance XRP Ledger with Ethereum-Compatible Smart Contracts - Crypto News Australia - September 6th, 2024 [September 6th, 2024]
- Ripple to launch smart contracts on XRP Ledger (XRPL), boosting DeFi capabilities and DApps - Invezz - September 6th, 2024 [September 6th, 2024]
- Soroban: Unlocking DeFi Opportunities with Smart Contracts on Stellar - The Defiant - DeFi News - August 20th, 2024 [August 20th, 2024]
- How Are Smart Contracts Different From DApps: Top 5 Amazing Examples Of Each - Blockchain Magazine - August 20th, 2024 [August 20th, 2024]
- Bitcoin Sidechains: CertiK Shares Insights on Clarity Smart Contracts which Are Utilized By Stacks Chain - Crowdfund Insider - August 16th, 2024 [August 16th, 2024]
- Blockchain Currencys Role in the Evolution of Smart Contracts - NFL Draft Diamonds - August 16th, 2024 [August 16th, 2024]
- How to Bridge to Internet Computer? - Watcher Guru - July 15th, 2024 [July 15th, 2024]
- Why (Almost) Everyone in Ethereum Is So Excited About a Wallet-Related Proposal - Unchained - Unchained - April 13th, 2024 [April 13th, 2024]
- Ethereum's Pectra upgrade slated for Q4 2024, bringing smart contract features and improved UX for wallets - Crypto Briefing - April 13th, 2024 [April 13th, 2024]