518
edits
Difference between revisions of "Reentracy attack"
no edit summary
(A reentracy attack occurs when a function makes an external call to another untrusted contract.) |
|||
| Line 1: | Line 1: | ||
A reentrancy attack occurs when a function makes an external call to another untrusted contract. Then the | A reentrancy attack occurs when a function makes an external call to another untrusted contract. Then the untrusted contract makes a call back to the original function in an attempt to drain funds. | ||
If a contract uses call, send or transfer which may cause control flow to an external contract, with a fallback function, and then updates the state afterward then this causes the state of the contract to be incomplete when flow control is transferred. Therefore, when this fallback function is triggered, the flow of control may not return as the called contract expects and the caller might do any number of unexpected things such as calling the function again, calling another function or even calling another contract. | If a contract uses call, send or transfer which may cause control flow to an external contract, with a fallback function, and then updates the state afterward then this causes the state of the contract to be incomplete when flow control is transferred. Therefore, when this fallback function is triggered, the flow of control may not return as the called contract expects and the caller might do any number of unexpected things such as calling the function again, calling another function or even calling another contract. | ||
| Line 18: | Line 18: | ||
The contract is vulnerable to reentrancy attacks as a malicious attacker can prepare a contract that can recursively call the withdraw function before the balance is updated. | The contract is vulnerable to reentrancy attacks as a malicious attacker can prepare a contract that can recursively call the withdraw function before the balance is updated. | ||
[[Category:Glossary]] | |||