Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-05-15 05:02:22 -04:00
Code Issues Projects Releases Packages Wiki Activity
blockchains-security-toolkit/vulnerabilities/reentrancy-notes.md
bt3gl dd405c9d79
🫖 reentrancy patterns
2022-09-24 20:11:47 -07:00

1.8 KiB
Raw Blame History

🥛 reeentrancy


TL; DR

  • When a contract calls an external function, that external function may itself call the calling function.
  • A reentrancy attack may occur when a function makes an external call to another untrusted contract. Then, the unstrusted contract makes a recursive callback to the vulnerable contract function to steal funds.
  • To prevent this attack, a contract can implement a lock in storage that prevents re-entrant calls.

Example of re-entrancy attack


For example, suppose this method:

function withdrawBalance() public {
      uint amountToWithdraw = userBalances[msg.sender];
      (bool success, ) = msg.sender.call.value(amountToWithdraw)("");
      requires(success);
      userBalances[msg.sender] = 0;
}

and this exploit:

function() public payable {
      if(msg.sender == address(vulnContract)) {
        vulnContract.withdrawBalance();
      }
}

How to fix?

Option 1: Adding a mutex locking:

modifier noReentrant() {
  require(!locked, "nooooope");
  locked = true;
  _;
  locked = false;
}

so

function withdrawBalance() public noReentrant {
    ...
}

Option 2: CEI (checks effects interaction) pattern

function withdrawBalance() public {
    uint amountToWithdraw = userBalances[msg.sender];
    userBalances[msg.sender] = 0; // update state first
    (bool success, ) = msg.sender.call.value(amountToWithdraw)("");
    requires(success);
}

Resources