Get Bitculator on Android
Marketcap:
$1,941,766,601,381
Volume 24h:
$203,671,741,866
Jun 06 Liquidations:
$0
24H Long/Short:
Coming soon
Reentrancy Attack
What does Reentrancy Attack mean in crypto terms?
A Reentrancy Attack is a security flaw in smart contracts where an attacker exploits the contract's vulnerability by repeatedly calling it before the initial execution completes.
What is Reentrancy Attack?
A Reentrancy Attack is when a contract sends control to another contract during a call and that external code jumps back into the first contract before it finishes updating its records. That timing trick lets the attacker repeat sensitive actions like withdrawals again and again. Picture asking for a refund, then slipping back to the counter before the cashier locks the till.
“Only old code can get hit by a Reentrancy Attack.” Not true. Any contract that makes an external call before locking in its own state can be vulnerable if the logic is sloppy.
How Reentrancy Attack works
Quick story. A typical smart contract has a withdraw function that sends funds to the caller. If it sends the funds first and clears the balance later, an attacker can sneak in a callback and ask for more before the balance is set to zero.
- Start: Attacker deposits some funds to look legit.
- Call: Attacker triggers withdraw on the target contract.
- Fallback: The target sends funds, which runs the attacker’s fallback function.
- Repeat: That fallback calls withdraw again before the balance is updated.
- Drain: Loop continues until the contract runs out of funds or gas. Yep, that is the trick.
One tiny ordering mistake, big problem.
Why Reentrancy Attack Matters
You care because timing bugs move real money, fast. Plus, this is one of those classic exploits every builder and curious user should recognize on sight.
- Benefit: Knowing the pattern helps you spot risky code and keep funds safe.
- Perspective: It thrives on public transparency since everything on a blockchain is visible and callable.
- Relevance: You will see it in DeFi, bridges, treasuries, even governance payouts for DAOs.
Follow checks then effects then interactions. Update balances first, then make external calls. Add a simple reentrancy guard for extra safety.
Key Characteristics of Reentrancy Attack
Here is what makes it tick:
- Recursion: External code calls back into the same contract before it finishes.
- Ordering: The bug appears when sending funds or calling out happens before state updates.
- Cross: It can bounce across multiple contracts, not just one function.
- Assets: Works with ETH, tokens, and even accounting credits if coded badly.
Variations
Different flavors, same headache for sloppy code:
- Single: Reentering the same function repeatedly.
- Cross: Reentering through a different function within the same contract.
- Multi: Reentering across two or more contracts in a loop.
- ReadOnly: Influencing views or price oracles to trick later writes.
Fixing a Reentrancy Attack is not just about one function. Review every external call, add tests for weird call chains, and schedule regular audits.
Example
The 2016 The DAO exploit used a reentrancy loop on withdraw before balances were cleared, draining a massive treasury in minutes.
Fun Fact
The community catchphrase checks then effects then interactions came from early security guides and stuck because it is short, memorable, and it works.
Wrap-Up
Short version you can keep in your pocket: if outside code can call you before you finish your own bookkeeping, assume it will and you might hand it free money. That is a Reentrancy Attack.
Explore Other Crypto Terms
Did you find this term clearly defined?
Did we forget anything?
Your input helps us keep things correct. Contact us if anything is incorrect or missing.
Contact