Reentrancy attack in smart contracts
Reentrancy attack in smart contracts
Reentrancy attack in smart contract is known to be one of the most destructive attacks accounting all solidity smart contracts. These type of attacks occur when a smart contract makes an external call to another skeptical smart contract. Then that very doubtful smart contract makes a recursive call back to the original function in order to drain all the funds.
The smart contract is supposed to update its state before sending funds; if failed to do so .., it gives the attacker more power. The attacker can call the withdraw function to drain the contracts fund. One real-world reentrancy attack that got famous was the DAO attack which caused a loss of 60 million US dollar.
Reentrancy smart contract attacks
Reentrancy attack can simply be defined as an occurrence between two smart contract when the attacking smart contract exploits the code of the vulnerable smart contract to drain its fund. This situation only emerges because of the order in which smart contract is set up to handle transactions, the vulnerable contract is checked for the amount of balance it has, then sending the funds and then updating its balance. This time interval sending the funds and updating of the balance creates a window in which the attacking smart contract can make another call to withdraw its funds and thus the cycle continues until all the funds are drained.
There have been several reentrancy smart contract attacks in the last couple of years. So of the most well known reentrancy smart contracts hacks are:
· The DAO hack
· Cream Finance
· Uniswap/Lendf.Me
· BurgerSwap
· SurgeBNB
These were just of the most known smart contract reentrancy attacks. The attacks indicate that many teams do not dedicate enough time to the reentrancy topic. These examples stands as a real learning moment for blockchain security, reentrancy vulnerabilities should be considered a staple check in any professional smart contract audit.
EtherAuthority is one of the best smart contract audit company that gives enough emphasis and time to the reentrancy vulnerabilities. Our team of auditors works very quickly and gets the handle on the situation before it too late. Contact us for standard audit, security consultation and intensive audit at a competitive price range.
