Reentrancy Attacks

A reentrancy attack is a critical smart contract vulnerability where a malicious contract repeatedly calls a vulnerable function before the original transaction completes and updates the contract's state. The attacker exploits the gap between when a function performs an action (like transferring funds) and when it updates its internal accounting. By recursively calling the same function through a fallback mechanism, attackers can drain significantly more value than their initial deposit. This occurs because the contract checks the user's balance only after the external call, allowing multiple withdrawals against the same balance. Reentrancy remains one of the most dangerous smart contract attack vectors. Example: The 2016 DAO hack exploited a reentrancy vulnerability in the Ethereum DAO smart contract, allowing an attacker to recursively drain approximately $60 million worth of Ether by repeatedly calling the withdrawal function before the contract updated its balance records. Why it matters for smart contracts: Reentrancy vulnerabilities can completely compromise contract security and drain user funds. Developers must use checks-effects-interactions patterns, mutex locks, or the pull-over-push pattern to prevent these attacks and ensure contract integrity.

Category: smart contracts, wallets security

Explore the full Web3 Glossary — 2,062+ expert-curated definitions. Need guidance? Talk to our consultants.