Ethereum’s only hard fork happened because of a reentrancy attack.
When the first DAO was launched in 2016, it held 14% of the entire Ethereum value.
Today, 4 out of 20+ hacks in 2023 have been reentrancy attacks.
What are they and how to prevent them? 👇
When the first DAO was launched in 2016, it held 14% of the entire Ethereum value.
Today, 4 out of 20+ hacks in 2023 have been reentrancy attacks.
What are they and how to prevent them? 👇
1/ What is a reentrancy attack?
When a hacker "reenters" a function to do something malicious.
A hacker typically exploits a callback function (like a “fallback” function or “onERC721Received’) to maliciously "reenter" the victim’s contract and execute a malicious transaction.
When a hacker "reenters" a function to do something malicious.
A hacker typically exploits a callback function (like a “fallback” function or “onERC721Received’) to maliciously "reenter" the victim’s contract and execute a malicious transaction.
2/ How do these work?
A user and a malicious contract both deposit funds into a contract.
The malicious contract calls on the victim’s withdraw function and triggers a fallback function.
This fallback function then allows the attacker to continuously drain the victim’s assets.
A user and a malicious contract both deposit funds into a contract.
The malicious contract calls on the victim’s withdraw function and triggers a fallback function.
This fallback function then allows the attacker to continuously drain the victim’s assets.
3/ An example:
1. "Bank" contract holds 10 ETH & updates state every 24h
2. Hacker opens an account, deposits 1 ETH
3. Hacker withdraws 1 ETH hourly
4. Because accounting is only updated after 24h, hacker is able to do this 24 times
5. Hacker drains bank treasury
1. "Bank" contract holds 10 ETH & updates state every 24h
2. Hacker opens an account, deposits 1 ETH
3. Hacker withdraws 1 ETH hourly
4. Because accounting is only updated after 24h, hacker is able to do this 24 times
5. Hacker drains bank treasury
4/ 3 ways to prevent them:
a) Reentrancy Guards
Using a reentrancy guard ensures the attacker can’t make more than one function run at a time.
OpenZeppelin’s ReentrancyGuard.sol has become an industry standard: github.com/OpenZeppelin/o…
a) Reentrancy Guards
Using a reentrancy guard ensures the attacker can’t make more than one function run at a time.
OpenZeppelin’s ReentrancyGuard.sol has become an industry standard: github.com/OpenZeppelin/o…
5/ b) Checks, Effects, Interaction Pattern (CEI)
The effects/changes in the state variables of the contract should be carried out before any interactions with another contract.
For ex, checking the balance of the customer before allowing a withdrawal.
The effects/changes in the state variables of the contract should be carried out before any interactions with another contract.
For ex, checking the balance of the customer before allowing a withdrawal.
6/ c) Security review
Although audits are not the cure to all exploits, getting one decreases exponentially the likelihood of an attack happening.
Consider reaching out to @CyfrinAudits for a competitive or private audit of your codebase to find vectors like this and others.
Although audits are not the cure to all exploits, getting one decreases exponentially the likelihood of an attack happening.
Consider reaching out to @CyfrinAudits for a competitive or private audit of your codebase to find vectors like this and others.
@CyfrinAudits If you enjoyed this thread:
1. Follow me @SoloditOfficial for more of these
2. RT the tweet below to share this thread with your audience
3. Subscribe to Cyfrin's security newsletter here: cyfrin.io/newsletter
1. Follow me @SoloditOfficial for more of these
2. RT the tweet below to share this thread with your audience
3. Subscribe to Cyfrin's security newsletter here: cyfrin.io/newsletter
https://twitter.com/1621926242734993408/status/1730124255734489409
• • •
Missing some Tweet in this thread? You can try to
force a refresh
