The foundations of the Ethereum blockchain spelled new reforms in the blockchain ecosystem. Compared to the traditional assumptions about blockchain being useful for smart contracts only, Ethereum introduced smart contract programmability. Smart contracts help in creating different types of dApps on Ethereum and Ethereum Virtual Machine compatible blockchain networks. However, smart contract security issues such as reentrancy attacks have been the prominent causes of concern for the blockchain community.
Some would argue that reentrancy attacks are a thing of the past, and they are not a critical concern now. On the other hand, reentrancy attacks have been responsible for four incidents out of the 24 major attacks in the first half of 2023. The following post helps you reflect on the reasons to learn about reentrancy attacks and how they work.
Curious to understand the complete smart contract development lifecycle? Enroll Now in Smart Contracts Development Course!
Why Should You Worry About Reentrancy Attacks?
Reentrancy attacks are one of the prominent variants of hacking attacks on smart contracts in Solidity as well as other programming languages. Before you find the answers to ‘What is reentrancy in smart contracts?’ you should reflect on the reasons to learn about reentrancy attacks. You must have heard about major attacks in the blockchain ecosystem with different types of impact. For example, some projects could lose millions, while promising projects could fade away into oblivion.
Security issues are one of the foremost drawbacks for users interested in pursuing investments within the blockchain landscape. As a matter of fact, security vulnerabilities and major hacking incidents have propelled the ‘Wild West’ narrative about crypto and blockchain solutions.
Would users trust blockchain solutions with smart contracts which cannot protect their assets or information? The reentrancy attack smart contract vulnerability gained formidable notoriety after the attack on the DAO in 2016. The attack resulted in a loss of $60 million for the first-ever decentralized autonomous organization. Considering the role of DAOs in helping people embrace blockchain technology with easier accessibility, an attack on the first DAO definitely shatters the foundations of trust in such blockchain solutions.
Excited to develop a fluent knowledge of the DAO ecosystem? Enroll Now in DAO Fundamentals Course!
Are Reentrancy Attacks a Problem for Blockchain Security in 2023?
The developments in the blockchain and crypto landscape have transformed conventional assumptions about security. Similarly, developments in blockchain security have also generated new opportunities for improving the security of blockchain-based solutions. However, the reentrancy attack example list has remained active, with new additions every year. Here are some of the most prominent examples along with details of their impact.
- Uniswap and Lendf.Me lost $25 million each to reentrancy attacks in 2020.
- On the other hand, the reentrancy smart contract attack on Cream Finance protocol in September 2021 resulted in a loss of $18.8 million.
- Another notable example of a reentrancy attack is the BurgerSwap protocol hack in May 2021, which also used a fake token contract. The hack resulted in a loss of $7.2 million.
- It is also important to note the Siren protocol hack in September 2021, which led to loss of $3.5 million. The primary culprit behind the Siren protocol hack was reentrancy attack, which led to exploitation of the AMM pools.
- You should also see another notable example of a reentrancy attack in the SURGEBNB attack. Interestingly, the reentrancy attack in SURGEBNB used price manipulation for a loss of $4 million.
What is a Reentrancy Attack?
The amount of losses to reentrancy attacks in recent times has led to increased curiosity about their impact. Beginners are likely to think of questions like “What is reentrancy in smart contracts?” for learning about reentrancy attacks. Reentrancy is a vulnerability of smart contracts which allows hackers to use loopholes in victim contracts to enable continuous withdrawals until draining the victim contract.
One of the primary reasons for terming the vulnerability as reentrancy is the ability of hackers to ‘reenter’ the victim contract. How does the hacker gain unwanted access to the victim contract? The answer points to the inability of the victim contract to ascertain the new balance of the exploiter contract.
The reentrancy attack smart contract vulnerability is evident in situations where the smart contract function could temporarily give up the control flow of transactions. How? The smart contract function would make an external call to contract, which features malicious code created by hackers or unknown agents. The malicious function enables the exploiter to make recursive calls to the victim contract to drain their funds.
You should note that the execution cycle for smart contracts involves checking the balance, sending the funds, and updating the balance. However, malicious agents could make another call to withdraw funds when the smart contract is processing the withdrawal request.
Start learning Smart Contracts and its development tools with World’s first Smart Contracts Skill Path with quality resources tailored by industry experts Now!
Working of Reentrancy Attack
The best way to understand reentrancy attacks would focus on their working. It is one of the prominent smart contract security issues which have disrupted blockchain adoption. First of all, it is important to understand how smart contracts interact with each other by calling. For example, smart contract A could call smart contract B for depositing some cryptocurrency or tokens. In most cases, contract A would check whether contract B has the required amount of tokens. Let us expand further on the example of contract A and contract B to understand how reentrancy works.
Let us assume that contract A is the attacker and starts the process by depositing some tokens in the victim contract, i.e., contract B. Now, the reentrancy attack example would involve the attacker contract seeking withdrawal from the victim contract. However, there is a unique twist to the course of events in the process. The exploiter contract, i.e., contract A, does not accept the funds sent by victim contract.
What happens when contract A does not receive the funds from contract B? The next step involves the triggering of the fallback function, which guarantees receipt of Ether upon encountering such anomalies. However, contract A would have more Ether than the default fallback function due to the additional manipulative code.
The manipulative code calls the contract B for sending Ether continuously. The reentrancy smart contract challenge also reflects on the fact that a portion of the victim contract would expect a withdrawal function in the calling contract. On the contrary, the exploiter contract tricks another area of the victim contract into sending Ether or other tokens.
Build your identity as a certified Web3 & Blockchain expert with 101 Blockchains’ Web3 & Blockchain Certifications designed to provide enhanced career prospects.
Simple Example for Understanding Reentrancy Attacks
The smart contract explanation for reentrancy attacks is one of the credible instruments for understanding reentrancy in smart contracts. On the other hand, you can also use simple explanations to understand the threats associated with smart contracts. Let us assume that a small city has a bank known as the People’s Bank. All the people in the city deposit their daily savings in the bank, and the financial institution has around $100,000 in liquidity.
How could you find an explanation for reentrancy attack smart contract vulnerabilities in the example of People’s Bank? Imagine that the bank features a flaw in its accounting process. The staff members of the bank do not update the account records immediately and wait until the end of the day. Interestingly, the bank staff never found any issues with such flaws, as no customer has ever attempted to withdraw more money than they have in their account.
Now, assume that an individual, Abraham, who is not a bank customer, knows about the accounting flaw. Abraham notices that his friend, who is a customer of the People’s Bank, receives alerts for withdrawals of the day and their updated balance at around 7 pm in the evening every day. How would Abraham compromise the security of the People’s Bank with a reentrancy attack? Abraham would open an account in the People’s Bank with a deposit of $5000, and the bank is happy to welcome such customers.
However, Abraham starts his malicious plan of draining the People’s Bank treasury a week after opening his account. Abraham accesses the bank’s application on his smartphone and initiates a withdrawal of $5000 into another bank account. However, the People’s Bank does not update the balance of Abraham immediately, and his balance would be $5000 according to the bank’s records. Abraham would make another withdrawal request for $5000 five minutes later, and the same process would repeat itself. The continuous withdrawals could empty the bank’s treasury, and the staff would realize the fact only at the end of the day.
Learn the fundamentals, working, core principles and use cases of Solidity & Smart Contracts from the E-book: SOLIDITY & SMART CONTRACTS: A COMPREHENSIVE GUIDE
Types of Reentrancy Attacks
One of the most important requirements to fight against reentrancy attacks is the awareness of their variants. The simple explanation for smart contract security issues like the reentrancy attack on the People’s Bank showcases only one aspect of the threats due to reentrancy. However, you should also know about the other variants of reentrancy attacks to determine their complexity and possible prevention measures. Interestingly, you could not come across a particular monolithic pattern for reentering a contract. The variations in methods for reentrancy attacks on a contract would depend on the specific traits of every contract. Here are some of the common forms of reentrancy attacks.
-
Single-function Reentrancy
The Single-function reentrancy or mono-function reentrancy attacks are evident in situations where the vulnerable function is similar to the function which the attacker wants to call recursively. You can find that a single-function reentrancy smart contract attack is comparatively easier and simpler to deal with.
-
Cross-Function Attacks
The cross-function reentrancy attacks are visible in situations where a vulnerable function has to share a state with another function. You should notice that the basic design of such contracts leads to a desirable opportunity for hackers. On top of it, cross-function attacks are difficult to detect and present major complexities for prevention.
-
Cross-Contract Reentrancy
Cross-contract reentrancy is another notable reentrancy attack example which happens when a state from one contract is called upon in another smart contract before full updates. The primary condition for cross-contract reentrancy attacks revolves around multiple contracts sharing the same variable manually. At the same time, some of the smart contracts also implement insecure updates of the shared variable.
Want to know the real-world examples of smart contracts and understand how you can use it for your business? Check the presentation Now on Examples Of Smart Contracts
Examples of Reentrancy Attacks
The introduction to reentrancy attacks is incomplete without referring to the popular examples of such attacks. Reentrancy is one of the oldest and most general variants of attacks on Ethereum smart contracts. As a matter of fact, the answers to “What is reentrancy in smart contracts?” would revolve around the impact of reentrancy attacks.
Interestingly, smart contracts have been responsible for ending the line for the majority of DeFi projects. You must have noticed the top examples of reentrancy attacks on smart contracts in the reasons to learn about reentrancy. Here are some of the other notable examples.
-
WETH
The WETH attack was probably the first reentrancy attack on smart contracts before the DAO hack. However, the attack served as an intentional hack to safeguard the project against potential manipulation by hackers.
-
Fei Protocol
You can find the next example of a reentrancy attack smart contract challenge in Fei protocol. The interesting thing about the reentrancy attack on Fei protocol is the similarity with the attack on Cream Finance contract. The attacker used flash loans on the protocol and bypassed payment to receive back their loan.
-
Revest Finance Protocol
The Revest Finance protocol showed an example of how cross-function reentrancy attacks can wreak havoc on smart contract security. Hackers identified the vulnerability and compromised assets worth $2 million.
Excited to learn the basic and advanced concepts of ethereum technology? Enroll Now in The Complete Ethereum Technology Course
Conclusion
The outline of security vulnerabilities due to reentrancy attack showcase that technology would always present some limitations. However, technological advancements such as DeFi protocols create the necessity of safeguarding protocols against smart contract security issues like reentrancy. It is important to understand that emerging applications of smart contracts would involve operations worth millions of dollars.
You could notice how reentrancy attacks have evolved over the course of time with multiple variants. The examples of reentrancy attacks and their impact also showcase how they are a crucial point of concern for smart contract developers. Learn more about the technicalities of reentrancy attacks and how to resolve them to foster trust in blockchain applications.
*Disclaimer: The article should not be taken as, and is not intended to provide any investment advice. Claims made in this article do not constitute investment advice and should not be taken as such. 101 Blockchains shall not be responsible for any loss sustained by any person who relies on this article. Do your own research!