Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-07-22 06:19:20 -04:00
Code Issues Projects Releases Packages Wiki Activity

💾

Browse source
This commit is contained in:
osiris account 2023-03-15 11:08:04 -07:00
parent 8bb7099e1d
commit 54be66521a
7 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

88
advanced_expert/vulnerabilities/reentrancy_attacks/README.md Normal file
View file

@ -0,0 +1,88 @@
## reentrancy attacks
### tl; dr
* when a contract calls an external function, that external function may itself call the calling function.
* a reentrancy attack may occur when a function makes an external call to another untrusted contract. Then, the unstrusted contract makes a recursive callback to the vulnerable contract function to steal funds.
* to prevent this attack, a contract can implement a lock in storage that prevents re-entrant calls.
<br>
---
### example
<br>
for example, suppose this method:
```
function withdrawBalance() public {
uint amountToWithdraw = userBalances[msg.sender];
(bool success, ) = msg.sender.call.value(amountToWithdraw)("");
requires(success);
userBalances[msg.sender] = 0;
}
```
and this exploit:
```
function() public payable {
if(msg.sender == address(vulnContract)) {
vulnContract.withdrawBalance();
}
}
```
How to fix?
#### Option 1: Adding a mutex locking:
```
modifier noReentrant() {
require(!locked, "nooooope");
locked = true;
_;
locked = false;
}
```
so
```
function withdrawBalance() public noReentrant {
...
}
```
<br>
#### Option 2: CEI (checks effects interaction) pattern
```
function withdrawBalance() public {
uint amountToWithdraw = userBalances[msg.sender];
userBalances[msg.sender] = 0; // update state first
(bool success, ) = msg.sender.call.value(amountToWithdraw)("");
requires(success);
}
```
<br>
----
### resources
* [reentrancy on solidity docs](https://docs.soliditylang.org/en/latest/security-considerations.html#re-entrancy)
* [reentrancy on DASP](https://www.dasp.co/#item-1)
* [reentrancy on SWC](https://swcregistry.io/docs/SWC-107)
* [reentrancy patterns](https://github.com/uni-due-syssec/eth-reentrancy-attack-patterns)
* [list of reentrancy attacks by pcaversaccio](https://github.com/pcaversaccio/reentrancy-attacks)
* [reentrancy on not so smart contract](https://github.com/crytic/not-so-smart-contracts/tree/master/reentrancy)