Table of Contents for What is a reentrancy attack, and how to prevent it

A reentrancy attack is a very important security issue when it comes to Solidity / EVM development.

You should not ever deploy smart contracts on mainnet without fully understanding the risks of this, as it is quite easy to introduce reentrancy exploits in your Solidity smart contracts.

The gist of it is where one smart contract calls another, but does not protect itself in case the other smart contract interacts with the original smart contract.

Simple example of a reentrancy attack

Here is an example, in pseudocode:

If your have a smart contract (the victim) like this:

function transferFunds(uint amount) {
  require(balances[msg.sender] >= amount);
  sendFundsToAnotherAddress();
  
  balances[msg.sender] -= amount;
}

It checks you have balance, then it transfers the eth, then at the end it reduces your balance.

But when it transfers the eth, if it transfers to another smart contract it could mean the fallback() function is run on the other contract (the attacker). This fallback function could then call transferFunds() again. The balances were not reduced yet, so it could keep requesting more eth until there was none left.

More coming soon.

This post is incomplete and a work-in-progress
I'll update it soon and flesh it out with more info!

Spotted a typo or have a suggestion to make this crypto dev article better? Please let me know!