Trending News: Ten Thousand Word Research Report: MemeCoins Past and Present LifeWho is Quintenz, the candidate for CFTC chairman?Which companies are they related to?Bitcoin Outlook and New Opportunities for Stablecoin Investment in New Macro ChangesVitalik Buterin: The potential of Ethereum as digital cashWorldcoin appeared on the cover of Time magazine: Are you a human?Ethereum Lianchuang entered the market, 400 million in one night changed to 2.5 billion: ETH version of micro strategy appears?Express delivery of exciting content on the first day of Bitcoin 2025Viewpoint: Ethereum is not a company but a new speciesThe underlying architecture is solid. PeerDAS is ready to go. Where will the developers goThe Economist cover article: When cryptocurrency meets the Washington swampDeFi active loans hit record $23.7 billion, TVL 6.4% lower than before tariffs48 richest working emperors in the United StatesSui Verifiers freeze hackers $160 million. L1 decentralization is subverted?A list of 11 senators who have invested in cryptocurrenciesThe Trump familys money-making machine is in stockAesthetics is the top competitiveness of the futureFollow meme as the point of viewing the futureThe mountains of Capitol are everywhereWhat are the indicators to determine whether BTC is close to the top of the cycle?Ethereum returns to L1 narrative Solana consensus accelerationHong Kong Compliant Stable Coin is Coming to Come, Quickly View Its History and Main ContentGlassnode: What does BTC price mean by one step from its all-time high?China is the worlds largest power generation. Why cant it be used to mine Bitcoin?The last time the indicator turned bullish, Ethereum price rose 90%US Congressional Research Institute: Quick View of the GENIUS ActFrom Uniswap to pump.fun, all DeFi innovations are pool changesBankless: In what areas does Sui make new progress?My opinion on the Ethereum market in the second half of the yearVitalik: An optimization solution for expansion roadmap focusing on local nodesVitalik Buterin: Ethereums silent revolutionaryHayes: BTC target price of $250,000 this year, when will the copycat season startCoinbase: What boosted crypto investment sentiment over the past week?Cryptocurrencies are rewriting rules: From IPO to stablecoinsCan Ethereum return to $3,000 in May?Key milestones in Vitalik RoadmapGalaxy: The current status of Ethereum Blob and the Blob market in the post-Pectra eraEthereum sounds the horn of counterattack?How to ignite the market by 40%Internet Capital Market: Understanding Believe and its Ecological ProjectsWhy is spot demand in the crypto market strong and derivatives lagging behind?What impact will the 10-year U.S. Treasury yield have on cryptocurrency yields?From Meme Coin to CSGO Skin: Speculation never sleepsThis time Ethereum retail investors defeated institutionsBankless: Rebuilding Ethereums product and currency circulation mechanism9 important investment experiences of BuffettWall Street Journal: Why did Buffett retire?Who is the next successor?Fartcoins farts resounded through Wall StreetEight narrative directions and related projects worth paying attention toBitcoin and cryptocurrencies are occupying Wall StreetWhat is the real driving force behind Ethereums rise in this round?The inevitability of MEV: On-chain game you cant seeShould SOL be trading at 68% lower than ETH?Web3 lawyer decryption: What kind of RWA do you understand?Xiao Fengs graduation speech to entrepreneurs: Crossing the gap and returning to the originNew and old memes are rising together. Is it necessary for the bull market to start or will the dealer save himself?Stablecoins are subversive. Who will become a disruptor?US SEC Chairman: Rules for issuance, custody and transaction of crypto assetsWhat is RISC-V Why does Vitalik want to use it for smart contracts?Bitcoin in the countyEthereum Pectra upgradeA 40% surge in 3 days. Will Ethereum take off?DeFi on Bitcoin: Is it finally interesting?Tether USDT expands its stablecoin empire starting from USDT0a16z: Fintech companies embrace stablecoins in fullCoinbase: What is the main driving force for the crypto market this week?What changes will happen to Ethereum after Pectra is upgraded and launched?Is Ethereum complacent on fees?Is rollup based a long-term solution?Wall Street Journal reveals Musk scandal and wins Pulitzer PrizeCold thinking under the current market RWA crazeWhat are the positive factors that will make BTC break the $100,000 mark? How much will it rise this timeThe truth about encryption in 2025: HODL is dead, DAO becomes a joke, DeFi exitsGolden Encyclopedia | What is a Bitcoin memory pool?How does it work?Account abstraction 10 years of evolution finale View the past and future through EIP-7702Ethereum Foundation responds to the coin selling incident and explains the three core strategies in detailWill Bitcoin benefit from weakening the US dollar index?Ethereum Pectra upgrades to add new features. Will the price of ETH rise?A pre-provocative death: The money and human nature behind Jeffys fake deathWall Street Legend Strict Warning: US Stocks Will Crash Low, AI May Extinction 50% of HumanityGalaxy: A complete analysis of the content and significance of the GENIUS Act in the United StatesBankless: What is Vitaliks expectations for the Ethereum basic layerHouse of Representatives Draft Crypto: Digital Assets Definition Clearly, Regulatory Blanks To Be FilledGolden Encyclopedia | Can general artificial intelligence really think like humans?Bitwise: Watch Washington The rising crypto risks from CongressFranklin Templeton supports Bitcoin DeFi: Expanding Activity for Investors8% of Bitcoins are purchased by institutions Who are holding huge amounts of BitcoinsWhite House personnel turmoil, Musk bid farewell with two hatsA quick look at the current development status of DefiAave and Lido become the highest protocol for TVL Solana is ranked second largest public chainWhen Dubais beach meets the most real Web3 resonanceReality slaps Web3 in the face How far is we from the real decentralization?Binance removed from the shelves but soared. Alpaca dealers extreme tradingCapitalists and madmen who rushed to memeWeb3 Paradox: How Transparency Builds Trust and How to Disintegrate TrustGrayscale: How Ethereum maintains pricing power by executing scaling strategiesGrayscale: Understand pledge rewards How to earn income from crypto assetsThe Ethereum Foundations new era: dual leadership and strategic transformationSanshang Yuya issued coins: a crypto-demonic wind with top trafficThe Pectra mainnet is confirmed to be activated on May 7. What updates are there?The Ethereum Foundation sets off again: new management, vision and focus for the next yearCapitalism kills the soul of Web3 every dayCoingecko: How much Bitcoin will governments hold in 2025?Golden Encyclopedia | Why is sUSD decoupled?How to avoid decoupling?
Thu. May 29th, 2025 11:31:27 PM
Trending News: Ten Thousand Word Research Report: MemeCoins Past and Present LifeWho is Quintenz, the candidate for CFTC chairman?Which companies are they related to?Bitcoin Outlook and New Opportunities for Stablecoin Investment in New Macro ChangesVitalik Buterin: The potential of Ethereum as digital cashWorldcoin appeared on the cover of Time magazine: Are you a human?Ethereum Lianchuang entered the market, 400 million in one night changed to 2.5 billion: ETH version of micro strategy appears?Express delivery of exciting content on the first day of Bitcoin 2025Viewpoint: Ethereum is not a company but a new speciesThe underlying architecture is solid. PeerDAS is ready to go. Where will the developers goThe Economist cover article: When cryptocurrency meets the Washington swampDeFi active loans hit record $23.7 billion, TVL 6.4% lower than before tariffs48 richest working emperors in the United StatesSui Verifiers freeze hackers $160 million. L1 decentralization is subverted?A list of 11 senators who have invested in cryptocurrenciesThe Trump familys money-making machine is in stockAesthetics is the top competitiveness of the futureFollow meme as the point of viewing the futureThe mountains of Capitol are everywhereWhat are the indicators to determine whether BTC is close to the top of the cycle?Ethereum returns to L1 narrative Solana consensus accelerationHong Kong Compliant Stable Coin is Coming to Come, Quickly View Its History and Main ContentGlassnode: What does BTC price mean by one step from its all-time high?China is the worlds largest power generation. Why cant it be used to mine Bitcoin?The last time the indicator turned bullish, Ethereum price rose 90%US Congressional Research Institute: Quick View of the GENIUS ActFrom Uniswap to pump.fun, all DeFi innovations are pool changesBankless: In what areas does Sui make new progress?My opinion on the Ethereum market in the second half of the yearVitalik: An optimization solution for expansion roadmap focusing on local nodesVitalik Buterin: Ethereums silent revolutionaryHayes: BTC target price of $250,000 this year, when will the copycat season startCoinbase: What boosted crypto investment sentiment over the past week?Cryptocurrencies are rewriting rules: From IPO to stablecoinsCan Ethereum return to $3,000 in May?Key milestones in Vitalik RoadmapGalaxy: The current status of Ethereum Blob and the Blob market in the post-Pectra eraEthereum sounds the horn of counterattack?How to ignite the market by 40%Internet Capital Market: Understanding Believe and its Ecological ProjectsWhy is spot demand in the crypto market strong and derivatives lagging behind?What impact will the 10-year U.S. Treasury yield have on cryptocurrency yields?From Meme Coin to CSGO Skin: Speculation never sleepsThis time Ethereum retail investors defeated institutionsBankless: Rebuilding Ethereums product and currency circulation mechanism9 important investment experiences of BuffettWall Street Journal: Why did Buffett retire?Who is the next successor?Fartcoins farts resounded through Wall StreetEight narrative directions and related projects worth paying attention toBitcoin and cryptocurrencies are occupying Wall StreetWhat is the real driving force behind Ethereums rise in this round?The inevitability of MEV: On-chain game you cant seeShould SOL be trading at 68% lower than ETH?Web3 lawyer decryption: What kind of RWA do you understand?Xiao Fengs graduation speech to entrepreneurs: Crossing the gap and returning to the originNew and old memes are rising together. Is it necessary for the bull market to start or will the dealer save himself?Stablecoins are subversive. Who will become a disruptor?US SEC Chairman: Rules for issuance, custody and transaction of crypto assetsWhat is RISC-V Why does Vitalik want to use it for smart contracts?Bitcoin in the countyEthereum Pectra upgradeA 40% surge in 3 days. Will Ethereum take off?DeFi on Bitcoin: Is it finally interesting?Tether USDT expands its stablecoin empire starting from USDT0a16z: Fintech companies embrace stablecoins in fullCoinbase: What is the main driving force for the crypto market this week?What changes will happen to Ethereum after Pectra is upgraded and launched?Is Ethereum complacent on fees?Is rollup based a long-term solution?Wall Street Journal reveals Musk scandal and wins Pulitzer PrizeCold thinking under the current market RWA crazeWhat are the positive factors that will make BTC break the $100,000 mark? How much will it rise this timeThe truth about encryption in 2025: HODL is dead, DAO becomes a joke, DeFi exitsGolden Encyclopedia | What is a Bitcoin memory pool?How does it work?Account abstraction 10 years of evolution finale View the past and future through EIP-7702Ethereum Foundation responds to the coin selling incident and explains the three core strategies in detailWill Bitcoin benefit from weakening the US dollar index?Ethereum Pectra upgrades to add new features. Will the price of ETH rise?A pre-provocative death: The money and human nature behind Jeffys fake deathWall Street Legend Strict Warning: US Stocks Will Crash Low, AI May Extinction 50% of HumanityGalaxy: A complete analysis of the content and significance of the GENIUS Act in the United StatesBankless: What is Vitaliks expectations for the Ethereum basic layerHouse of Representatives Draft Crypto: Digital Assets Definition Clearly, Regulatory Blanks To Be FilledGolden Encyclopedia | Can general artificial intelligence really think like humans?Bitwise: Watch Washington The rising crypto risks from CongressFranklin Templeton supports Bitcoin DeFi: Expanding Activity for Investors8% of Bitcoins are purchased by institutions Who are holding huge amounts of BitcoinsWhite House personnel turmoil, Musk bid farewell with two hatsA quick look at the current development status of DefiAave and Lido become the highest protocol for TVL Solana is ranked second largest public chainWhen Dubais beach meets the most real Web3 resonanceReality slaps Web3 in the face How far is we from the real decentralization?Binance removed from the shelves but soared. Alpaca dealers extreme tradingCapitalists and madmen who rushed to memeWeb3 Paradox: How Transparency Builds Trust and How to Disintegrate TrustGrayscale: How Ethereum maintains pricing power by executing scaling strategiesGrayscale: Understand pledge rewards How to earn income from crypto assetsThe Ethereum Foundations new era: dual leadership and strategic transformationSanshang Yuya issued coins: a crypto-demonic wind with top trafficThe Pectra mainnet is confirmed to be activated on May 7. What updates are there?The Ethereum Foundation sets off again: new management, vision and focus for the next yearCapitalism kills the soul of Web3 every dayCoingecko: How much Bitcoin will governments hold in 2025?Golden Encyclopedia | Why is sUSD decoupled?How to avoid decoupling?
Thu. May 29th, 2025 11:31:27 PM

Golden Encyclopedia | What is a reentry attack in smart contracts?

Author: Jagjit Singh, CoinTelegraph; Compiled by: Wuzhu, Bitchain Vision

1. Potential vulnerabilities in smart contracts

Although smart contracts are groundbreaking, they are not immune to flaws that malicious parties may exploit.

Inadequate input verification is a common weakness, allowing an attacker to influence the execution of a contract by providing unexpected input.In addition, improper application of business logic can create unexpected behavior or logical gaps in the contract, resulting in vulnerabilities.Additionally, unsafe external calls (such as calls involving interfaces with external data sources or other contracts) can create vulnerabilities if handled improperly.

A reentry attack is a weakness that occurs when a contract calls another contract from outside before completing its own state change.This allows the called contract to re-enter the call contract and may perform some of its operations again.This can lead to unexpected behavior and allow an attacker to change the status of the contract, which can drain funds or have other negative effects.

Given the possibility of such attacks, developers should also exercise caution when using external contracts or data sources to ensure that external calls are properly processed to avoid unexpected behavior and vulnerabilities.They can help protect smart contracts from ever-changing threats by keeping a close eye on security programs such as smart contract testing.

2. What is a reentry attack in a smart contract?

In a smart contract, a reentry attack occurs when a contract calls another contract or function from outside before completing its own state change.

This allows the called contract to re-enter the calling contract and may perform part of its operations again, which may lead to unforeseen and frequent malicious behavior.For example, Contract A calls Contract B to send funds and then modify its own status.

The code of contract B may contain a callback function that allows it to re-enter Contract A and may re-execute the transfer function before contract A completes its state change.This will enable the attacker to obtain funds from the contract multiple times before completing the initial transaction.

The 2016 Decentralized Autonomous Organization (DAO) hacking on the Ethereum blockchain is another well-known example.The attacker took advantage of the reentry flaw in the smart contract code to recursively remove funds from the DAO, which eventually led to the stolen millions of dollars in Ethereum (ETH).

In addition, multiple decentralized finance (DeFi) protocols including Uniswap, Lendf.Me, BurgerSwap, SURGEBNB, Cream Finance and Siren Protocol suffered significant financial losses due to reentrability vulnerabilities.These violations caused losses of $3.5 million to $25 million, highlighting the ongoing threat posed by reentrant vulnerabilities in the DeFi sector.

3. How to reentry attacks work

Reentry attacks utilize sequential execution of smart contract functions and external calls to form a loop where an attacker can execute specific functions multiple times before completion, which can lead to malicious behavior and unauthorized withdrawal of funds.

The attacker’s contract effectively “scammers” the victim’s contract callback to the attacker’s contract before the victim completes the status modification.This action may lead to repeated withdrawals or other negligence.

The image above demonstrates a reentry attack on smart contracts.The attacker’s contract calls the victim’s “withdraw()” function, which sends Ethereum before updating the balance.The attacker’s fallback function is then fired, and again recursively calls withdraw() to exhaust funds from the victim contract.This attack exploits the situation where the victim failed to update the balance before sending the funds.

Let’s use a simplified example to break down how reentry attacks work:

Smart contract with “withdrawal” function

Suppose there is a digital wallet smart contract that allows users to withdraw funds.In addition to tracking user balances, the contract also has a withdrawal function to facilitate withdrawal of funds.The withdrawal feature usually allows users to withdraw their tokens or Ethereum from smart contracts to their personal wallet.

User interaction and function execution

The user requests withdrawal from the wallet on his own.They use the withdrawal function to enter the required withdrawal amount.

The withdrawal function will verify when called whether the user has enough funds to withdraw.If the requirements are met, it transfers the required funds to the address selected by the user.

External call

This is where weaknesses appear.The contract makes an external call to another contract or account before the withdrawal is reflected in the user’s balance.

Recursive call

If the code of the external contract contains a function that can call the original contract again (such as another withdrawal function), a recursive loop is created.This allows the withdraw method to be called again before it is finished.

Re-entry and utilization

The attacker then uses a malicious contract to exploit this loop.The attacker contract quickly calls the wallet’s withdrawal function again before the balance is updated during the wallet contract calls the external contract.

Fallback function

In some cases, the fallback feature of a smart contract (a unique feature that is initiated when a contract receives a call without any data or Ethereum) may be used by the attacker.Reentry attacks can be performed by repeatedly calling the fallback function while the funds are still being processed.

Manipulation and recurring withdrawals

The attacker’s contract can reuse the withdrawal feature in the same transaction, because the wallet contract delays the update of the balance until an external call is received.This therefore makes it easier for funds to be withdrawn without authorization, allowing attackers to steal funds beyond their legal rights.It then caused huge economic losses to the users of the wallet contract.

4. The consequences of reentering attacks

Reentry attacks can have a serious impact on smart contract users because they have the potential to cause significant financial losses.

One of the most direct consequences of a reentry attack is the unauthorized withdrawal or manipulation of cash saved in a susceptible smart contract.The attacker exploited the vulnerability to repeatedly withdraw funds from the contract, exhausting the contract balance and potentially causing significant financial losses to users who invest or store assets in the affected contract.

In addition, reentry attacks may weaken users’ confidence in the security and integrity of smart contracts and blockchain technologies.Reentry vulnerabilities can have catastrophic effects, as evidenced by high-profile events such as the DAO hacking incident on the Ethereum blockchain in 2016, which caused huge economic losses and damaged the reputation of the community.

In addition to short-term financial consequences, reentry attacks can have long-term effects such as regulatory and legal concerns, declining investor trust and damage to the reputation of blockchain platforms and projects.The perception of vulnerability may lead users to be cautious when interacting with smart contracts or investing in decentralized applications (DApps), thus hindering the adoption and expansion of blockchain technology.

5. How to mitigate reentry attacks

Implementing best practices in smart contract creation and auditing is necessary to mitigate the threat of reentry.

This includes using a well-known code base with a secure record, which is one way to achieve this.These libraries have been extensively tested and peer-reviewed, which reduces the chances of introducing vulnerabilities.

Developers should also use security checks such as “check-effect-interaction” designs to minimize the chance of reentry attacks by ensuring state modifications occur atomically.If available, you can use a reentrant and secure smart contract development framework to add additional defense against such vulnerabilities.

It is unlikely for developers to add security protection manually, as these frameworks often include built-in methods and protections specifically designed to avoid reentry attacks.However, as blockchain security is still evolving, developers must continue to look for new threats and weaknesses.

    • jakiro

    Related Posts

    What impact will the 10-year U.S. Treasury yield have on cryptocurrency yields?
    What impact will the 10-year U.S. Treasury yield have on cryptocurrency yields?

    Author: Onkar Singh, CoinTelegraph; Compilation: Baishui, Bitchain Vision 1. Understanding the 10-year Treasury yield: Definition and importance The 10-year Treasury yield is the interest rate that the U.S. government needs…

    Continue reading
    What is RISC-V Why does Vitalik want to use it for smart contracts?
    What is RISC-V Why does Vitalik want to use it for smart contracts?

    Author: Marcel Deer, CoinTelegraph; Compilation: Baishui, Bitchain Vision 1. What is RISC-V? RISC-V, pronounced as “risk five”, is a modern open source instruction set architecture (ISA) based on the principle…

    Continue reading

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Meme

    Ten Thousand Word Research Report: MemeCoin’s Past and Present Life

    • By jakiro
    • May 28, 2025
    • 5 views
    Ten Thousand Word Research Report: MemeCoin’s Past and Present Life
    People

    Who is Quintenz, the candidate for CFTC chairman?Which companies are they related to?

    • By jakiro
    • May 28, 2025
    • 6 views
    Who is Quintenz, the candidate for CFTC chairman?Which companies are they related to?
    Policy

    Bitcoin Outlook and New Opportunities for Stablecoin Investment in New Macro Changes

    • By jakiro
    • May 28, 2025
    • 6 views
    Bitcoin Outlook and New Opportunities for Stablecoin Investment in New Macro Changes
    Ethereum

    Vitalik Buterin: The potential of Ethereum as “digital cash”

    • By jakiro
    • May 28, 2025
    • 7 views
    Vitalik Buterin: The potential of Ethereum as “digital cash”
    Home
    News
    School
    Search