Reentrancy attacks come from the abuse of the reentrant procedure, that is, by exploiting reentrancy and calling the external contract with an incorrect state of the victim’s contract, a smart contract will then be drained out by attackers as they will be able to transfer tokens that are already withdrawn. The reentrancy attack occurs where a contract fails to update its state, prior to sending funds, with the attacker making attempts to drain funds from the target contract.
How Does a Reentrancy Attack Work?
With blockchains that are decentralised and transparent in nature, an attacker addresses a smart contract with a reentrancy vulnerability – creates an untrusted contract, that is, external contracts which are potentially unsafe, and further initiates a transaction. By calling the withdrawal function on the vulnerable smart contract, the fallback function repeatedly calls back the withdrawal function where the state of vulnerable smart contract has yet been updated, the loop then eventually extracts and transfers everything to the attacker from the victim contract. A smart contract is vulnerable if an untrusted contract can re-enter the contract recursively, while reentrancy is essential for contracts to function normally, the reentrancy attack is dependant upon the variable state of smart contracts, as well as the fallback function. The fallback function can be executed when a contract receives Ether, in an attempt to receive Ether, the fallback function has to be marked as payable.
A reentrancy attack simply explained is an attack vector that aims to interrupt the contracts balance verification function while simultaneously asking it to transfer back the Ether previously sent there. In order to achieve that, the attacker creates a malicious contract, tricking the original one into sending additional funds to the attacker in a loop, as the line responsible for verifying the balance is executed after making the transfer, and the attacking contract interrupts the contract’s execution, allowing for additional withdrawals.
The DAO Reentrancy Attack of 2016
Reentrancy attacks have been a security vulnerability in crypto for a number of years.
One of the well-known smart contract reentrancy attack was that of The DAO attack of 2016, which helped lead to the split between Ethereum and Ethereum Classic.
In that attack, the attacker stole more than 3.6 million ETH against the distributed autonomous organisation. In that moment of crypto history, The DAO was heavily invested with it raising 12.7 million Ether – ~14% of all ETH in circulation at the time.
Reentrancy Attack Prevention
A possible approach by using the send and transfer function, could prevent repeated withdrawal calls and avoid being a victim in a reentrancy attack.
Blockchain smart contract audits should be regularly checked for the effects interactions with an external contract could also be performed to reduce the reentrancy risk of a contract being drained of funds.