-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
dcab0b8
commit 4eefa1a
Showing
1 changed file
with
35 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
--- | ||
title: Reentrancy Attacks Explained | ||
author: chatgpt | ||
--- | ||
A **reentrancy attack** is not food—it's a type of security vulnerability that can occur in computer programs, especially in **smart contracts** on blockchain platforms like Ethereum. | ||
|
||
### What is a Reentrancy Attack? | ||
|
||
A reentrancy attack exploits the way a smart contract handles external calls to other contracts. Here's how it typically works: | ||
|
||
1. **Smart Contract Makes an External Call**: A smart contract (let's call it **Contract A**) sends a message or calls a function on another contract (let's call it **Contract B**). During this call, **Contract A** is in a temporary, incomplete state. | ||
|
||
2. **Malicious Contract Exploits Reentrancy**: If **Contract B** is malicious or controlled by an attacker, it can use this opportunity to make a recursive call back to **Contract A** before the initial call is finished and before the state of **Contract A** is updated. | ||
|
||
3. **Reentrant Call Drains Funds or Manipulates State**: The recursive call allows the attacker to manipulate the state of **Contract A** in a way that benefits them. For example, if **Contract A** was handling money transfers, the attacker could repeatedly call back into **Contract A** and withdraw funds multiple times before **Contract A** updates its balance. | ||
|
||
### How Does This Relate to Smart Contracts? | ||
|
||
In smart contracts, reentrancy attacks can be particularly damaging because: | ||
|
||
- **Lack of State Update Before the Reentrant Call**: If the contract does not update its state (e.g., deducting the balance of a user after a withdrawal) before making an external call, an attacker can drain the contract's funds. | ||
- **Decentralization and Irreversibility**: Blockchain transactions are irreversible, making it very hard to recover funds once they have been stolen. | ||
|
||
### Example of a Reentrancy Attack | ||
|
||
A famous example of a reentrancy attack is the attack on **The DAO** in 2016, where an attacker exploited a reentrancy vulnerability to drain about **$60 million** worth of Ether from the DAO smart contract. | ||
|
||
### Preventing Reentrancy Attacks | ||
|
||
To prevent reentrancy attacks, developers can: | ||
|
||
- **Use the Checks-Effects-Interactions Pattern**: Update the contract's state variables before making any external calls. | ||
- **Implement Reentrancy Guards**: Use special coding patterns or libraries (like OpenZeppelin's `ReentrancyGuard` in Solidity) to prevent functions from being called recursively. | ||
|
||
In summary, a reentrancy attack is a cybersecurity exploit related to smart contracts and has nothing to do with food. It's a critical concept in the world of blockchain development and security. |