Trending News: What changes will happen to Ethereum after Pectra is upgraded and launched?Is Ethereum complacent on fees?Is rollup based a long-term solution?Wall Street Journal reveals Musk scandal and wins Pulitzer PrizeCold thinking under the current market RWA crazeWhat are the positive factors that will make BTC break the $100,000 mark? How much will it rise this timeThe truth about encryption in 2025: HODL is dead, DAO becomes a joke, DeFi exitsGolden Encyclopedia | What is a Bitcoin memory pool?How does it work?Account abstraction 10 years of evolution finale View the past and future through EIP-7702Ethereum Foundation responds to the coin selling incident and explains the three core strategies in detailWill Bitcoin benefit from weakening the US dollar index?Ethereum Pectra upgrades to add new features. Will the price of ETH rise?A pre-provocative death: The money and human nature behind Jeffys fake deathWall Street Legend Strict Warning: US Stocks Will Crash Low, AI May Extinction 50% of HumanityGalaxy: A complete analysis of the content and significance of the GENIUS Act in the United StatesBankless: What is Vitaliks expectations for the Ethereum basic layerHouse of Representatives Draft Crypto: Digital Assets Definition Clearly, Regulatory Blanks To Be FilledGolden Encyclopedia | Can general artificial intelligence really think like humans?Bitwise: Watch Washington The rising crypto risks from CongressFranklin Templeton supports Bitcoin DeFi: Expanding Activity for Investors8% of Bitcoins are purchased by institutions Who are holding huge amounts of BitcoinsWhite House personnel turmoil, Musk bid farewell with two hatsA quick look at the current development status of DefiAave and Lido become the highest protocol for TVL Solana is ranked second largest public chainWhen Dubais beach meets the most real Web3 resonanceReality slaps Web3 in the face How far is we from the real decentralization?Binance removed from the shelves but soared. Alpaca dealers extreme tradingCapitalists and madmen who rushed to memeWeb3 Paradox: How Transparency Builds Trust and How to Disintegrate TrustGrayscale: How Ethereum maintains pricing power by executing scaling strategiesGrayscale: Understand pledge rewards How to earn income from crypto assetsThe Ethereum Foundations new era: dual leadership and strategic transformationSanshang Yuya issued coins: a crypto-demonic wind with top trafficThe Pectra mainnet is confirmed to be activated on May 7. What updates are there?The Ethereum Foundation sets off again: new management, vision and focus for the next yearCapitalism kills the soul of Web3 every dayCoingecko: How much Bitcoin will governments hold in 2025?Golden Encyclopedia | Why is sUSD decoupled?How to avoid decoupling?Conversation Vitalik Buterin: Fusaka upgrade is planned in the second half of the yearThree reasons why Ethereum is in troubleCan altcoin ETFs avoid the fate of Ethereum ETFs?a16z: Stablecoin GuideWhat is a reciprocal tariff?How does it affect the crypto industry?Web3 Entertainment New Era: How Short Shows Unlock Personal Influence Growth PasswordWho is continuing to buy BTC crazy?Institutions break up with Ethereum but still cant let go ETHBeyond motivation: How to build a lasting DeFi ecosystemBinance launches Alpha points, understand all the rulesAvail Lianchuang: Ethereum may bring high throughput chain through the expansion of multiple L2sParadigm Huang Gongyu: Details of early investment in Zhang Yiming, encryption technology trendsGlassnode: Has the sentiment in the crypto market completely changed?What is the bottom of Ethereum?Is the ETH bull market coming soon?Golden Encyclopedia | What is quantitative easing?How does it work?Web3 Entrepreneurship New Logic under the New Global Trade OrderRussias Ministry of Finance and Central Bank intends to launch national cryptocurrency exchangesEthereum Pectra Upgrade GuideTrump: My $300 million TRUMP has just been unlocked. Dont run and come and play the rankingsRethinking Bitcoins Lightning Network Design through Thunderbolts PerspectiveCrypto market may usher in a trend reversal to capture investment opportunities from short-term capital10K Quarterly Report: How to Find Definition in the Uncertainty Crypto IndustryLeaping Ethereum AsylumHow is the outdated superstar protocol of Web3 now?Coingecko: Can artificial intelligence agents invest better?Hayes: In-depth analysis of tariff wars and treasury bonds and why BTC will break new highsMeme Coin did not destroy this cycle, but accelerated the maturity of the industryBankless: Vitaliks virtual machine proposalBankless: What are the decentralized content creation platforms worth paying attention to?Can Ethereum regain its strength?Three key problemsTrump tariffs: a unilateral blackmailWikiLeaks, Google and Bitcoin: What challenges does BTC face in 2011?The dollar credit was cut in the middle, and gold soaredChuan Diudu Can you fire Boss Bao?VIRTUALs investment valueOn the Pattern of Digital City-StateAfter the tariff war: How global capital rebalancing will affect BitcoinEthereums crossroads: a strategic breakthrough in reconstructing the L2 ecosystemEthereum is brewing a deep technological change led by ZK technologyBTC 2025 Q3 Outlook: When will the crypto market top again?Is Base stealing Ethereums GDP?Vitaliks new proposal: RISC-V as the virtual machine language for EVM smart contractsCoinbase: What events are affecting the current crypto market?Historic Trend: Bitcoin is Being a Safe-Habiting AssetWhat makes cryptocurrency rug pull events happen frequently?Wintermute Ventures: Why do we invest in Euler?Can Trump fire Powell?What economic risks will it bring?Glassnode: Are we experiencing a bull-bear transition?The Post Web Accelerators first batch of 8 selected projectsWhich one is more just between Nubit, Babylon and Bitlayer?Golden Encyclopedia | How did the trade war affect stocks and crypto markets?Golden Encyclopedia | Is BTC a safe haven during the trade war?Why Americans Want to Leave the United States: Economic, Political and Global ChangesData: BTC mining is highly centralized, and six major mining pools mine more than 95% of the blocksWhat is the core of the game between China and the United States caused by Trumps tariff war?How to go to the marketWhy does blockchain die?What challenges does blockchain adoption face?Report: DeFi lending has increased by 959% since 2022 to $19.1 billionBitwise: Bitcoins extraordinary resilienceBankless: Can Bitcoin flourish on the chain?Coingecko: How wide is the adoption of encryption AI in 2025?Coingecko: How trust is people in AI agent KOLsHow much impact does Trumps overturning IRS rules have on the crypto field?What is a bear market attack?How whales use them to make money in crypto trading
Sat. May 10th, 2025 5:24:23 AM
Trending News: What changes will happen to Ethereum after Pectra is upgraded and launched?Is Ethereum complacent on fees?Is rollup based a long-term solution?Wall Street Journal reveals Musk scandal and wins Pulitzer PrizeCold thinking under the current market RWA crazeWhat are the positive factors that will make BTC break the $100,000 mark? How much will it rise this timeThe truth about encryption in 2025: HODL is dead, DAO becomes a joke, DeFi exitsGolden Encyclopedia | What is a Bitcoin memory pool?How does it work?Account abstraction 10 years of evolution finale View the past and future through EIP-7702Ethereum Foundation responds to the coin selling incident and explains the three core strategies in detailWill Bitcoin benefit from weakening the US dollar index?Ethereum Pectra upgrades to add new features. Will the price of ETH rise?A pre-provocative death: The money and human nature behind Jeffys fake deathWall Street Legend Strict Warning: US Stocks Will Crash Low, AI May Extinction 50% of HumanityGalaxy: A complete analysis of the content and significance of the GENIUS Act in the United StatesBankless: What is Vitaliks expectations for the Ethereum basic layerHouse of Representatives Draft Crypto: Digital Assets Definition Clearly, Regulatory Blanks To Be FilledGolden Encyclopedia | Can general artificial intelligence really think like humans?Bitwise: Watch Washington The rising crypto risks from CongressFranklin Templeton supports Bitcoin DeFi: Expanding Activity for Investors8% of Bitcoins are purchased by institutions Who are holding huge amounts of BitcoinsWhite House personnel turmoil, Musk bid farewell with two hatsA quick look at the current development status of DefiAave and Lido become the highest protocol for TVL Solana is ranked second largest public chainWhen Dubais beach meets the most real Web3 resonanceReality slaps Web3 in the face How far is we from the real decentralization?Binance removed from the shelves but soared. Alpaca dealers extreme tradingCapitalists and madmen who rushed to memeWeb3 Paradox: How Transparency Builds Trust and How to Disintegrate TrustGrayscale: How Ethereum maintains pricing power by executing scaling strategiesGrayscale: Understand pledge rewards How to earn income from crypto assetsThe Ethereum Foundations new era: dual leadership and strategic transformationSanshang Yuya issued coins: a crypto-demonic wind with top trafficThe Pectra mainnet is confirmed to be activated on May 7. What updates are there?The Ethereum Foundation sets off again: new management, vision and focus for the next yearCapitalism kills the soul of Web3 every dayCoingecko: How much Bitcoin will governments hold in 2025?Golden Encyclopedia | Why is sUSD decoupled?How to avoid decoupling?Conversation Vitalik Buterin: Fusaka upgrade is planned in the second half of the yearThree reasons why Ethereum is in troubleCan altcoin ETFs avoid the fate of Ethereum ETFs?a16z: Stablecoin GuideWhat is a reciprocal tariff?How does it affect the crypto industry?Web3 Entertainment New Era: How Short Shows Unlock Personal Influence Growth PasswordWho is continuing to buy BTC crazy?Institutions break up with Ethereum but still cant let go ETHBeyond motivation: How to build a lasting DeFi ecosystemBinance launches Alpha points, understand all the rulesAvail Lianchuang: Ethereum may bring high throughput chain through the expansion of multiple L2sParadigm Huang Gongyu: Details of early investment in Zhang Yiming, encryption technology trendsGlassnode: Has the sentiment in the crypto market completely changed?What is the bottom of Ethereum?Is the ETH bull market coming soon?Golden Encyclopedia | What is quantitative easing?How does it work?Web3 Entrepreneurship New Logic under the New Global Trade OrderRussias Ministry of Finance and Central Bank intends to launch national cryptocurrency exchangesEthereum Pectra Upgrade GuideTrump: My $300 million TRUMP has just been unlocked. Dont run and come and play the rankingsRethinking Bitcoins Lightning Network Design through Thunderbolts PerspectiveCrypto market may usher in a trend reversal to capture investment opportunities from short-term capital10K Quarterly Report: How to Find Definition in the Uncertainty Crypto IndustryLeaping Ethereum AsylumHow is the outdated superstar protocol of Web3 now?Coingecko: Can artificial intelligence agents invest better?Hayes: In-depth analysis of tariff wars and treasury bonds and why BTC will break new highsMeme Coin did not destroy this cycle, but accelerated the maturity of the industryBankless: Vitaliks virtual machine proposalBankless: What are the decentralized content creation platforms worth paying attention to?Can Ethereum regain its strength?Three key problemsTrump tariffs: a unilateral blackmailWikiLeaks, Google and Bitcoin: What challenges does BTC face in 2011?The dollar credit was cut in the middle, and gold soaredChuan Diudu Can you fire Boss Bao?VIRTUALs investment valueOn the Pattern of Digital City-StateAfter the tariff war: How global capital rebalancing will affect BitcoinEthereums crossroads: a strategic breakthrough in reconstructing the L2 ecosystemEthereum is brewing a deep technological change led by ZK technologyBTC 2025 Q3 Outlook: When will the crypto market top again?Is Base stealing Ethereums GDP?Vitaliks new proposal: RISC-V as the virtual machine language for EVM smart contractsCoinbase: What events are affecting the current crypto market?Historic Trend: Bitcoin is Being a Safe-Habiting AssetWhat makes cryptocurrency rug pull events happen frequently?Wintermute Ventures: Why do we invest in Euler?Can Trump fire Powell?What economic risks will it bring?Glassnode: Are we experiencing a bull-bear transition?The Post Web Accelerators first batch of 8 selected projectsWhich one is more just between Nubit, Babylon and Bitlayer?Golden Encyclopedia | How did the trade war affect stocks and crypto markets?Golden Encyclopedia | Is BTC a safe haven during the trade war?Why Americans Want to Leave the United States: Economic, Political and Global ChangesData: BTC mining is highly centralized, and six major mining pools mine more than 95% of the blocksWhat is the core of the game between China and the United States caused by Trumps tariff war?How to go to the marketWhy does blockchain die?What challenges does blockchain adoption face?Report: DeFi lending has increased by 959% since 2022 to $19.1 billionBitwise: Bitcoins extraordinary resilienceBankless: Can Bitcoin flourish on the chain?Coingecko: How wide is the adoption of encryption AI in 2025?Coingecko: How trust is people in AI agent KOLsHow much impact does Trumps overturning IRS rules have on the crypto field?What is a bear market attack?How whales use them to make money in crypto trading
Sat. May 10th, 2025 5:24:23 AM

Golden Encyclopedia | What is a reentry attack in smart contracts?

Author: Jagjit Singh, CoinTelegraph; Compiled by: Wuzhu, Bitchain Vision

1. Potential vulnerabilities in smart contracts

Although smart contracts are groundbreaking, they are not immune to flaws that malicious parties may exploit.

Inadequate input verification is a common weakness, allowing an attacker to influence the execution of a contract by providing unexpected input.In addition, improper application of business logic can create unexpected behavior or logical gaps in the contract, resulting in vulnerabilities.Additionally, unsafe external calls (such as calls involving interfaces with external data sources or other contracts) can create vulnerabilities if handled improperly.

A reentry attack is a weakness that occurs when a contract calls another contract from outside before completing its own state change.This allows the called contract to re-enter the call contract and may perform some of its operations again.This can lead to unexpected behavior and allow an attacker to change the status of the contract, which can drain funds or have other negative effects.

Given the possibility of such attacks, developers should also exercise caution when using external contracts or data sources to ensure that external calls are properly processed to avoid unexpected behavior and vulnerabilities.They can help protect smart contracts from ever-changing threats by keeping a close eye on security programs such as smart contract testing.

2. What is a reentry attack in a smart contract?

In a smart contract, a reentry attack occurs when a contract calls another contract or function from outside before completing its own state change.

This allows the called contract to re-enter the calling contract and may perform part of its operations again, which may lead to unforeseen and frequent malicious behavior.For example, Contract A calls Contract B to send funds and then modify its own status.

The code of contract B may contain a callback function that allows it to re-enter Contract A and may re-execute the transfer function before contract A completes its state change.This will enable the attacker to obtain funds from the contract multiple times before completing the initial transaction.

The 2016 Decentralized Autonomous Organization (DAO) hacking on the Ethereum blockchain is another well-known example.The attacker took advantage of the reentry flaw in the smart contract code to recursively remove funds from the DAO, which eventually led to the stolen millions of dollars in Ethereum (ETH).

In addition, multiple decentralized finance (DeFi) protocols including Uniswap, Lendf.Me, BurgerSwap, SURGEBNB, Cream Finance and Siren Protocol suffered significant financial losses due to reentrability vulnerabilities.These violations caused losses of $3.5 million to $25 million, highlighting the ongoing threat posed by reentrant vulnerabilities in the DeFi sector.

3. How to reentry attacks work

Reentry attacks utilize sequential execution of smart contract functions and external calls to form a loop where an attacker can execute specific functions multiple times before completion, which can lead to malicious behavior and unauthorized withdrawal of funds.

The attacker’s contract effectively “scammers” the victim’s contract callback to the attacker’s contract before the victim completes the status modification.This action may lead to repeated withdrawals or other negligence.

The image above demonstrates a reentry attack on smart contracts.The attacker’s contract calls the victim’s “withdraw()” function, which sends Ethereum before updating the balance.The attacker’s fallback function is then fired, and again recursively calls withdraw() to exhaust funds from the victim contract.This attack exploits the situation where the victim failed to update the balance before sending the funds.

Let’s use a simplified example to break down how reentry attacks work:

Smart contract with “withdrawal” function

Suppose there is a digital wallet smart contract that allows users to withdraw funds.In addition to tracking user balances, the contract also has a withdrawal function to facilitate withdrawal of funds.The withdrawal feature usually allows users to withdraw their tokens or Ethereum from smart contracts to their personal wallet.

User interaction and function execution

The user requests withdrawal from the wallet on his own.They use the withdrawal function to enter the required withdrawal amount.

The withdrawal function will verify when called whether the user has enough funds to withdraw.If the requirements are met, it transfers the required funds to the address selected by the user.

External call

This is where weaknesses appear.The contract makes an external call to another contract or account before the withdrawal is reflected in the user’s balance.

Recursive call

If the code of the external contract contains a function that can call the original contract again (such as another withdrawal function), a recursive loop is created.This allows the withdraw method to be called again before it is finished.

Re-entry and utilization

The attacker then uses a malicious contract to exploit this loop.The attacker contract quickly calls the wallet’s withdrawal function again before the balance is updated during the wallet contract calls the external contract.

Fallback function

In some cases, the fallback feature of a smart contract (a unique feature that is initiated when a contract receives a call without any data or Ethereum) may be used by the attacker.Reentry attacks can be performed by repeatedly calling the fallback function while the funds are still being processed.

Manipulation and recurring withdrawals

The attacker’s contract can reuse the withdrawal feature in the same transaction, because the wallet contract delays the update of the balance until an external call is received.This therefore makes it easier for funds to be withdrawn without authorization, allowing attackers to steal funds beyond their legal rights.It then caused huge economic losses to the users of the wallet contract.

4. The consequences of reentering attacks

Reentry attacks can have a serious impact on smart contract users because they have the potential to cause significant financial losses.

One of the most direct consequences of a reentry attack is the unauthorized withdrawal or manipulation of cash saved in a susceptible smart contract.The attacker exploited the vulnerability to repeatedly withdraw funds from the contract, exhausting the contract balance and potentially causing significant financial losses to users who invest or store assets in the affected contract.

In addition, reentry attacks may weaken users’ confidence in the security and integrity of smart contracts and blockchain technologies.Reentry vulnerabilities can have catastrophic effects, as evidenced by high-profile events such as the DAO hacking incident on the Ethereum blockchain in 2016, which caused huge economic losses and damaged the reputation of the community.

In addition to short-term financial consequences, reentry attacks can have long-term effects such as regulatory and legal concerns, declining investor trust and damage to the reputation of blockchain platforms and projects.The perception of vulnerability may lead users to be cautious when interacting with smart contracts or investing in decentralized applications (DApps), thus hindering the adoption and expansion of blockchain technology.

5. How to mitigate reentry attacks

Implementing best practices in smart contract creation and auditing is necessary to mitigate the threat of reentry.

This includes using a well-known code base with a secure record, which is one way to achieve this.These libraries have been extensively tested and peer-reviewed, which reduces the chances of introducing vulnerabilities.

Developers should also use security checks such as “check-effect-interaction” designs to minimize the chance of reentry attacks by ensuring state modifications occur atomically.If available, you can use a reentrant and secure smart contract development framework to add additional defense against such vulnerabilities.

It is unlikely for developers to add security protection manually, as these frameworks often include built-in methods and protections specifically designed to avoid reentry attacks.However, as blockchain security is still evolving, developers must continue to look for new threats and weaknesses.

    • jakiro

    Related Posts

    Golden Encyclopedia | What is a Bitcoin memory pool?How does it work?
    Golden Encyclopedia | What is a Bitcoin memory pool?How does it work?

    Source: Bitcoin Magazine; Compilation: Wuzhu, Bitcoin Chain Vision Everyone who has used Bitcoin has used a mempool.So, what is a memory pool? From a technical point of view, there is…

    Continue reading
    Golden Encyclopedia | Can general artificial intelligence really think like humans?
    Golden Encyclopedia | Can general artificial intelligence really think like humans?

    Author: Jules Winnfield, CoinTelegraph; Compilation: Wuzhu, Bitchain Vision 1. What is AGI? When the boundaries between humans and machines become blurred, we see universal artificial intelligence (AGI).Unlike narrow-minded artificial intelligence…

    Continue reading

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Ethereum

    What changes will happen to Ethereum after Pectra is upgraded and launched?

    • By jakiro
    • May 9, 2025
    • 8 views
    What changes will happen to Ethereum after Pectra is upgraded and launched?
    Ethereum

    Is Ethereum complacent on fees?Is rollup based a long-term solution?

    • By jakiro
    • May 9, 2025
    • 12 views
    Is Ethereum complacent on fees?Is rollup based a long-term solution?
    People

    Wall Street Journal reveals Musk scandal and wins Pulitzer Prize

    • By jakiro
    • May 9, 2025
    • 13 views
    Wall Street Journal reveals Musk scandal and wins Pulitzer Prize
    Industry

    Cold thinking under the current market RWA craze

    • By jakiro
    • May 9, 2025
    • 10 views
    Cold thinking under the current market RWA craze
    Home
    News
    School
    Search