Reentrancy Attack

What is Reentrancy Attack?

A reentrancy attack is one of the most infamous vulnerabilities in smart contract security. It occurs when a malicious contract exploits a vulnerable function by repeatedly calling back into it before the original execution completes its state updates. This allows the attacker to drain funds or manipulate state in unintended ways.

How it Works

The attack exploits the order of operations in vulnerable contracts. When a contract sends ETH or makes an external call before updating its internal state, the receiving contract can execute a fallback function that calls back into the original function. Since the state has not been updated, the vulnerable contract still believes the attacker has funds available.

The classic pattern follows this sequence:

1. Attacker deposits funds into the vulnerable contract
2. Attacker calls the withdraw function
3. Before the contract updates the attacker's balance, it sends ETH
4. Attacker's receive function calls withdraw again
5. The loop continues until funds are drained

Practical Example

The most devastating reentrancy attack was The DAO hack in 2016. An attacker exploited a recursive call vulnerability to drain approximately 3.6 million ETH, worth around $60 million at the time. This attack was so significant it led to the Ethereum hard fork that created Ethereum Classic. More recently, the Rari Capital Fuse pools lost $80 million to a reentrancy vulnerability in 2022.

Why it Matters

Reentrancy remains a critical concern despite being well-documented for years. Modern DeFi protocols handle billions in assets, making even small vulnerabilities catastrophic. Protection strategies include using the checks-effects-interactions pattern, implementing reentrancy guards, and conducting thorough audits. Understanding this attack vector is essential for anyone building or investing in DeFi protocols.