New to blockchain software development? Read my beginners guide here

What is a reentrancy attack, and how to prevent it

Created on August 2022 β€’ Tags: ethereumsolidityguides

A guide on Solidity reentrancy attacks

Table of Contents for What is a reentrancy attack, and how to prevent it

A reentrancy attack is a very important security issue when it comes to Solidity / EVM development.

You should not ever deploy smart contracts on mainnet without fully understanding the risks of this, as it is quite easy to introduce reentrancy exploits in your Solidity smart contracts.

The gist of it is where one smart contract calls another, but does not protect itself in case the other smart contract interacts with the original smart contract.

Simple example of a reentrancy attack

Here is an example, in pseudocode:

If your have a smart contract (the victim) like this:

function transferFunds(uint amount) {
require(balances[msg.sender] >= amount);

balances[msg.sender] -= amount;

It checks you have balance, then it transfers the eth, then at the end it reduces your balance.

But when it transfers the eth, if it transfers to another smart contract it could mean the fallback() function is run on the other contract (the attacker). This fallback function could then call transferFunds() again. The balances were not reduced yet, so it could keep requesting more eth until there was none left.

More coming soon.

This post is incomplete and a work-in-progress
I'll update it soon and flesh it out with more info!

Spotted a typo or have a suggestion to make this crypto dev article better? Please let me know!

See all posts (70+ more)

See all posts (70+ more)

Was this post helpful? πŸ“§

If you liked this content and want to receive emails about future posts like this, enter your email. I'll never spam you.

Or follow me on @CryptoGuide_Dev on twitter

By using this site, you agree that you have read and understand its Privacy Policy and Terms of Use.
Use any information on this site at your own risk, I take no responsibility for the accuracy of safety of the information on this site.