Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Reentrancy Attack

1 min read
Pronunciation
[ree-en-tran-see uh-tak]
Analogy
A reentrancy attack is like repeatedly withdrawing cash from an ATM before the machine updates your balance.
Definition
A vulnerability where a contract makes an external call to another contract which then calls back into the calling contract before state updates are complete, enabling repeated withdrawals.
Key Points Intro
Reentrancy attacks exploit call order via:
Key Points

External call before state update: Vulnerable pattern.

Recursive invocation: Attacker contract reenters fallback.

Drain funds: Loop withdraw logic multiple times.

Mitigation: Use checks-effects-interactions pattern.

Example
The DAO hack exploited reentrancy by calling `withdraw()` recursively before reducing the user’s balance.
Technical Deep Dive
A vulnerable function: ``` function withdraw(uint amt) public { payable(msg.sender).call{value:amt}(); balances[msg.sender] -= amt; } ``` Attacker’s fallback reenters `withdraw` before `balances` is decremented. Fix by updating balance before call or using mutex.
Security Warning
Always apply checks-effects-interactions and consider using `ReentrancyGuard`.
Caveat
Even non-payable functions can be reentered via `delegatecall`—audit all external calls.
Related Terms
Fallback Function

Reentrancy Attack - Related Articles

No related articles for this term.