Intro to Smart Contract Security Audits | Reentrancy Attack

Let’s first define reentrancy vulnerability:

It can be considered that all external calls in the contract are insecure, and there may be reentrancy vulnerabilities. For example: if the target of an external call is a malicious contract the attacker controls, then when the attacked contract calls the malicious contract, the attacker can execute the malicious logic. Then it will re-enter the inside of the attacked contract to initiate an unexpected external call; it will affect the attack contract’s standard execution logic.

Example

Now that we have a general understanding of what reentrancy vulnerabilities are, let’s see what a typical code with a reentrancy vulnerability looks like:

Protecting against Reentrancy

After studying the example above, we hope you can better understand reentry vulnerabilities. However, we should also know how to defend against these vulnerabilities. So how do you avoid writing vulnerable code as a developer and spot them as an auditor?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SlowMist

SlowMist

1.6K Followers

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.