Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-09-23 06:04:49 -04:00
Code Issues Projects Releases Packages Wiki Activity

add list of reentrancy attacks by pcaversaccio

Browse source
This commit is contained in:
mia von steinkirch, phd 2022-12-23 17:47:10 -08:00 committed by GitHub
parent 5750277ab2
commit 63c454a248
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

30
vulnerabilities/reentrancy-notes.md → vulnerabilities/reentrancy_attacks/README.md
View file

@ -1,24 +1,22 @@
## 🥛 reeentrancy
## reentrancy attacks
<br>
### tl; dr
### TL; DR
* When a contract calls an external function, that external function may itself call the calling function.
* A reentrancy attack may occur when a function makes an external call to another untrusted contract. Then, the unstrusted contract makes a recursive callback to the vulnerable contract function to steal funds.
* To prevent this attack, a contract can implement a lock in storage that prevents re-entrant calls.
* when a contract calls an external function, that external function may itself call the calling function.
* a reentrancy attack may occur when a function makes an external call to another untrusted contract. Then, the unstrusted contract makes a recursive callback to the vulnerable contract function to steal funds.
* to prevent this attack, a contract can implement a lock in storage that prevents re-entrant calls.
<br>
---
### Example of re-entrancy attack
### example
<br>
For example, suppose this method:
for example, suppose this method:
```
function withdrawBalance() public {
@ -79,12 +77,12 @@ function withdrawBalance() public {
----
### Resources
### resources
<br>
* [Solidity docs](https://docs.soliditylang.org/en/latest/security-considerations.html#re-entrancy)
* [DASP](https://www.dasp.co/#item-1)
* [SWC](https://swcregistry.io/docs/SWC-107)
* [Not so smart contract](https://github.com/crytic/not-so-smart-contracts/tree/master/reentrancy)
* [reentrancy on solidity docs](https://docs.soliditylang.org/en/latest/security-considerations.html#re-entrancy)
* [reentrancy on DASP](https://www.dasp.co/#item-1)
* [reentrancy on SWC](https://swcregistry.io/docs/SWC-107)
* [reentrancy patterns](https://github.com/uni-due-syssec/eth-reentrancy-attack-patterns)
* [list of reentrancy attacks by pcaversaccio](https://github.com/pcaversaccio/reentrancy-attacks)
* [reentrancy on not so smart contract](https://github.com/crytic/not-so-smart-contracts/tree/master/reentrancy)