Skip to content

/ not-so-smart-contracts

master
not-so-smart-contracts/reentrancy/
Go to file
not-so-smart-contracts/reentrancy/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
. .
DAO_source_code
 
 
SpankChain_source_code
 
 
README.md
 
 
Reentrancy.sol
 
 
ReentrancyExploit.sol
 
 

README.md

Re-entrancy

A state variable is changed after a contract uses call.value. The attacker uses a fallback function—which is automatically executed after Ether is transferred from the targeted contract—to execute the vulnerable function again, before the state variable is changed.

Attack Scenarios

  • A contract that holds a map of account balances allows users to call a withdraw function. However, withdraw calls send which transfers control to the calling contract, but doesn't decrease their balance until after send has finished executing. The attacker can then repeatedly withdraw money that they do not have.

Mitigations

  • Avoid use of call.value
  • Update all bookkeeping state variables before transferring execution to an external contract.

Examples

You can’t perform that action at this time.