The hack that made ETH go back in time
Heyo,
Jules here, from Cyfrin.
The first reentrancy attack in history caused so much loss that the entire Ethereum community decided to fork itself into a previous block in time.
Today, we’re diving deep into what are reentrancy attacks and how we can spot them.
🚪 Reentrancy Attacks
= Reentrancy attacks happen when a hacker "reenters" a function to do something malicious.
🤔 What are they?
Reentrancy attacks happen when a hacker typically exploits a callback function (like a “fallback” function or “onERC721Received’) to maliciously "reenter" the victim’s contract and execute a malicious transaction.
🤨 How do they work in practice?
A user and a malicious contract both deposit funds into a contract.
When malicious contract calls on the victim’s withdraw function, a fallback function is triggered.
This fallback function then allows the attacker to continuously drain the victim’s assets.
👩🏻💻 An example
A "Bank" contract holds 10 ETH & updates its state every 24 hours
A hacker then opens an account in that bank, depositing 1 ETH
The hacker starts withdrawing 1 ETH hourly
Because accounting is only updated after 24h, the hacker is able to do this 24 times
Hacker drains bank treasury in 10 hours without the Bank contract state realizing it
3 ways to prevent them from happening ⛔️
🛡️ Reentrancy Guards
Using a reentrancy guard ensures the attacker can’t make more than one function run at a time. For this, OpenZeppelin’s ReentrancyGuard.sol has become an industry standard.
✅ Checks, Effects, Interaction (CEI) Pattern
The effects or changes in the state variables of the contract should be carried out before any interactions with another contract.
For ex, doing interactions before allowing a withdrawal.
🕵🏻♀️ Get a security review
Although audits are not the cure to all exploits, getting one decreases exponentially the likelihood of an attack happening.
Consider reaching out to Cyfrin for a competitive or private audit of your codebase to find vectors like these and others.
Always feel free to reach out if there’s anything we can support or collaborate on.
Sending lots of cyber love,
Jules 🤸🏻
