Clear DefinitionsCross-Contract Reentrancy
1 min read
Pronunciation
[kraws-kon-traakt ree-en-tran-see]
Analogy
Like an office clerk handing a form to another department, which then sneaks back and changes the original form before the clerk finishes processing.
Definition
A vulnerability where a smart contract calls an external contract which then re‑enters the original contract before the first invocation completes, potentially manipulating state in unexpected ways.
Key Points Intro
Cross‑contract reentrancy exploits inconsistent state updates across contract calls.
Key Points
Reentrant call: External call invokes original function again.
State inconsistency: Original contract’s variables not yet updated.
Attack vector: Drain funds or corrupt data.
Mitigation: Use checks‑effects‑interactions pattern and reentrancy guards.
Example
A malicious ERC‑777 token contract reenters a vulnerable DeFi lending contract’s `withdraw()` before balance is decremented, allowing multiple withdrawals.
Technical Deep Dive
Vulnerability arises when `external.call()` is used before updating internal balances. Reentrancy guard (`mutex`) or `transfer()` (2300 gas stipend) can prevent nested calls. Static analysis tools detect `call` patterns lacking guards.
Security Warning
Unpatched reentrancy bugs have led to multi‑million dollar losses; always audit and include guard modifiers.
Cross-Contract Reentrancy - Related Articles
No related articles for this term.