Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.


A state variable is changed after a contract uses call.value. The attacker uses a fallback function—which is automatically executed after Ether is transferred from the targeted contract—to execute the vulnerable function again, before the state variable is changed.

Attack Scenarios

  • A contract that holds a map of account balances allows users to call a withdraw function. However, withdraw calls send which transfers control to the calling contract, but doesn't decrease their balance until after send has finished executing. The attacker can then repeatedly withdraw money that they do not have.


  • Avoid use of call.value
  • Update all bookkeeping state variables before transferring execution to an external contract.