Mediaboss Marketing

Some of the biggest hacks in the blockchain industry, where millions of dollars worth of cryptocurrency tokens got stolen, resulted from reentrancy attacks. While these hacks have becomes less common in recent years, they still pose a significant threat to blockchain applications and users.

So what precisely are reentrancy attacks? How are they deployed? And are there any measures developers can take to prevent them from happening?

A reentrancy attack occurs when a vulnerable smart contract function makes an external call to a malicious contract, temporarily giving up control of the transaction flow. The malicious contract then repeatedly calls the original smart contract function before it finishes executing while draining its funds.

Essentially, a withdrawal transaction on the Ethereum blockchain follows a three-step cycle: balance confirmation, remittance, and balance update. If a cybercriminal can hijack the cycle before the balance update, they can repeatedly withdraw funds until a wallet is drained.

One of the most infamous blockchain hacks, the Ethereum DAO hack, as covered by Coindesk, was a reentrancy attack that led to a loss of over $60 million worth of eth and fundamentally changed the course of the second largest cryptocurrency.

Imagine a bank in your hometown where virtuous locals keep their money; its total liquidity is $1 million. However, the bank has a flawed accounting systemstaffers wait until the evening to update bank balances.

Your investor friend visits the town and discovers the accounting flaw. He creates an account and deposits $100,000. A day later, he withdraws $100,000. After one hour, he makes another attempt of withdrawing $100,000. Since the bank has not updated his balance, it still reads $100,000. So he gets the money. He does this repeatedly until there's no money left. Staffers only realize there's no money when they balance the books in the evening.

In the context of a smart contract, the process goes as follows:

Generally, the attacker successfully exploits the reentrancy vulnerability to their advantage, stealing funds from the contract.

So how exactly might a reentrancy attack technically occur when deployed? Here's a hypothetical smart contract with a reentrancy gateway. We'll use axiomatic naming to make it easier to follow along.

The VulnerableContract lets users deposit eth into the contract using the deposit function. Users can then withdraw their deposited eth using the withdraw function. However, there's a reentrancy vulnerability in the withdraw function. When a user withdraws, the contract transfers the requested amount to the user's address before updating the balance, creating an opportunity for an attacker to exploit.

Now, here's what an attacker's smart contract would look like.

When the attack is launched:

The attack can happen very fast, depending on the network's performance. When involving complex smart contracts such as the DAO Hack, which led to the hard fork of Ethereum into Ethereum and Ethereum Classic, the attack happens over several hours.

To prevent a reentrancy attack, we need to modify the vulnerable smart contract to follow the best practices for secure smart contract development. In this case, we should implement the "checks-effects-interactions" pattern as in the code below.

In this fixed version, we've introduced an isLocked mapping to track whether a particular account is in the process of a withdrawal. When a user initiates a withdrawal, the contract checks if their account is locked (!isLocked[msg.sender]), indicating that no other withdrawal from the same account is currently in progress.

If the account isn't locked, the contract continues with the state change and external interaction. After the state change and external interaction, the account is unlocked again, allowing future withdrawals.

Generally, there are three main types of reentrancy attacks based on their nature of exploitation.

Reentrancy attacks can manifest in different forms and so require specific measures to prevent each.

Reentrancy attacks have caused substantial financial losses and undermined trust in blockchain applications. To protect contracts, developers must adopt best practices diligently to avoid reentrancy vulnerabilities.

They should also implement secure withdrawal patterns, use trusted libraries, and conduct thorough audits to fortify the smart contract's defense further. Of course, staying informed about emerging threats and being proactive with security efforts can ensure they uphold blockchain ecosystems' integrity too.

Visit link:

What Is a Reentrancy Attack and How Does It Work? - MUO - MakeUseOf