Re-Entrancy
Contract A calls contract B. Contract B has a default/fallback function designed to call back into A before the transaction finishes execution. Exploit usually involves recursively calling a withdraw function to drain contract A.
Used in: DAO hack, Uniswap hack, CREAM hack, BurgerSwap hack
Victim
Attacker
Prevention
Use send() instead of raw_call(). Re-entrancy will fail because send() won’t forward the gas for the next action.
Use the @nonreentrant(<key>) modifier on your withdrawal functions. This will block re-entrancy.