Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
DAO_source_code Add new examples: Aug 29, 2017
SpankChain_source_code
README.md updated not-so-smart-contracts to add SpankChain Oct 9, 2018
Reentrancy.sol Improve reentrancy example Sep 7, 2017
ReentrancyExploit.sol Clean reentrancy exploit Nov 2, 2017

README.md

Re-entrancy

A state variable is changed after a contract uses call.value. The attacker uses a fallback function—which is automatically executed after Ether is transferred from the targeted contract—to execute the vulnerable function again, before the state variable is changed.

Attack Scenarios

  • A contract that holds a map of account balances allows users to call a withdraw function. However, withdraw calls send which transfers control to the calling contract, but doesn't decrease their balance until after send has finished executing. The attacker can then repeatedly withdraw money that they do not have.

Mitigations

  • Avoid use of call.value
  • Update all bookkeeping state variables before transferring execution to an external contract.

Examples

You can’t perform that action at this time.