Re-Entrancy

Contract A calls contract B. Contract B has a default/fallback function designed to call back into A before the transaction finishes execution. Exploit usually involves recursively calling a withdraw function to drain contract A.

Used in: DAO hack, Uniswap hack, CREAM hack, BurgerSwap hack

Victim

Attacker

Prevention

  • Use send() instead of raw_call(). Re-entrancy will fail because send() won’t forward the gas for the next action.

  • Use the @nonreentrant(<key>) modifier on your withdrawal functions. This will block re-entrancy.