DEV Community: Logesh N The latest articles on DEV Community by Logesh N (@logeshn21). https://dev.to/logeshn21 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1373880%2Ff3610d75-b117-41ae-839f-9f13190449ff.png DEV Community: Logesh N https://dev.to/logeshn21 en COMMON VULNERABILITIES: REENTRANCY PART — II Logesh N Fri, 22 Mar 2024 05:37:32 +0000 https://dev.to/logeshn21/common-vulnerabilities-reentrancy-part-ii-2bmh https://dev.to/logeshn21/common-vulnerabilities-reentrancy-part-ii-2bmh <h3> Types of reentrancy: </h3> <p>The reentrancy vulnerability is divided into four different types. They are,</p> <ul> <li>Single function reentrancy</li> <li>Cross-function reentrancy</li> <li>Cross-contract Reentrancy</li> <li>Read-only Reentrancy</li> </ul> <h3> Single function reentrancy: </h3> <ul> <li>In single-function reentrancy, the vulnerability occurs within the same function of a contract. This typically happens when the contract performs external calls to other contracts or accounts before completing its internal state changes.</li> <li>An attacker exploits this vulnerability by recursively calling the same function of the contract before the previous call completes, allowing them to manipulate the contract's state unpredictably.</li> <li>Single function reentrancy vulnerability is often the result of improper sequencing of state changes and external calls within a function.</li> <li>This type of attack is the simplest and easiest to prevent. It occurs when the vulnerable function is the same function the attacker is trying to recursively call. For example: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">contract</span> <span class="nx">Vulnerable</span> <span class="p">{</span> <span class="nf">mapping </span><span class="p">(</span><span class="nx">address</span> <span class="o">=&gt;</span> <span class="nx">uint</span><span class="p">)</span> <span class="kr">private</span> <span class="nx">balances</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">withdraw</span><span class="p">()</span> <span class="kr">public</span> <span class="p">{</span> <span class="c1">// Effects</span> <span class="nx">uint</span> <span class="nx">amount</span> <span class="o">=</span> <span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">];</span> <span class="c1">// Interactions </span> <span class="p">(</span><span class="nx">bool</span> <span class="nx">success</span><span class="p">,</span> <span class="p">)</span> <span class="o">=</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">.</span><span class="nx">call</span><span class="p">.</span><span class="nf">value</span><span class="p">(</span><span class="nx">amount</span><span class="p">)(</span><span class="dl">""</span><span class="p">);</span> <span class="nf">require</span><span class="p">(</span><span class="nx">success</span><span class="p">);</span> <span class="c1">// Additional Effects (this line is vulnerable to reentrancy)</span> <span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>In the above code, the <code>withdraw()</code> function is vulnerable to a single function reentrancy attack. An attacker can repeatedly call the <code>withdraw()</code> function before updating the <code>balance</code>, resulting in multiple withdrawals.</p> <h3> Cross-function reentrancy: </h3> <ul> <li>Cross-function reentrancy involves multiple functions within the same contract. The vulnerability arises when one function makes an external call to another function before completing its own state changes.</li> <li>An attacker can exploit this vulnerability by calling into the same contract from within the externally called function, potentially reentering the original function or other functions within the contract.</li> <li>Cross-function reentrancy vulnerability can be challenging to detect as it involves interactions between different functions within the same contract.</li> <li>This type of attack is more complex and harder to prevent. It occurs when the vulnerable function calls another function that is also vulnerable to reentrancy. For example: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">contract</span> <span class="nx">Vulnerable</span> <span class="p">{</span> <span class="nf">mapping </span><span class="p">(</span><span class="nx">address</span> <span class="o">=&gt;</span> <span class="nx">uint</span><span class="p">)</span> <span class="kr">private</span> <span class="nx">balances</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">transfer</span><span class="p">(</span><span class="nx">address</span> <span class="nx">to</span><span class="p">,</span> <span class="nx">uint</span> <span class="nx">amount</span><span class="p">)</span> <span class="kr">public</span> <span class="p">{</span> <span class="c1">// Checks</span> <span class="k">if </span><span class="p">(</span><span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="nx">amount</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Effects</span> <span class="nx">balances</span><span class="p">[</span><span class="nx">to</span><span class="p">]</span> <span class="o">+=</span> <span class="nx">amount</span><span class="p">;</span> <span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span> <span class="o">-=</span> <span class="nx">amount</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">withdraw</span><span class="p">()</span> <span class="kr">public</span> <span class="p">{</span> <span class="c1">// Checks</span> <span class="nx">uint</span> <span class="nx">amount</span> <span class="o">=</span> <span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">];</span> <span class="c1">// Interactions</span> <span class="p">(</span><span class="nx">bool</span> <span class="nx">success</span><span class="p">,</span> <span class="p">)</span> <span class="o">=</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">.</span><span class="nx">call</span><span class="p">.</span><span class="nf">value</span><span class="p">(</span><span class="nx">amount</span><span class="p">)(</span><span class="dl">""</span><span class="p">);</span> <span class="nf">require</span><span class="p">(</span><span class="nx">success</span><span class="p">);</span> <span class="c1">// Effects</span> <span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ul> <li>The <code>withdraw</code> function initiates a <code>transfer</code> of funds to the caller using a low-level <code>call</code>.</li> <li>Before the function completes and sets the <code>balance</code> to zero, it does not prevent other functions (such as <code>transfer</code>) from being called.</li> <li>An attacker can exploit this by calling the <code>withdraw</code> function and, during the <code>call</code>, reentering the contract through another function like <code>transfer</code>, taking advantage of the fact that the <code>balance</code> has not yet been set to zero.</li> </ul> <h3> Explanation to above Vulnerable contract: </h3> <p>The <code>Vulnerable</code> contract does not strictly adhere to the Checks-Effects-Interactions pattern.</p> <ol> <li> <p><strong>Transfer Function</strong>:</p> <ul> <li> <strong>Checks</strong>: The <code>transfer</code> function checks if the sender (<code>msg.sender</code>) has a sufficient <code>balance</code> to perform the <code>transfer</code>. This check ensures that the <code>transfer</code> is only executed when the sender has enough funds.</li> <li> <strong>Effects</strong>: If the sender has a sufficient <code>balance</code>, the function updates the balances of the sender and the recipient accordingly.</li> <li> <strong>Interactions</strong>: There is no interactions in <code>transfer</code> function.</li> </ul> </li> <li> <p><strong>Withdraw Function</strong>:</p> <ul> <li> <strong>Checks</strong>: The <code>withdraw</code> function retrieves the balance of the caller (<code>msg.sender</code>) and uses it for the withdrawal. However, it does not explicitly check if the <code>balance</code> is greater than zero before initiating the withdrawal, which could lead to unnecessary gas expenditure if the balance is zero.(i.e, <code>amount = 0</code>)</li> <li> <strong>Effects</strong>: After retrieving the <code>balance</code>, the function initiates an <code>external call</code> using <code>msg.sender.call.value(amount)("")</code> to transfer funds to the caller. Then, it immediately sets the caller's <code>balance</code> to zero.</li> <li> <strong>Interactions</strong>: The external call to transfer funds is performed before the state change of setting the balance to zero, violating the sequencing principle of the Checks-Effects-Interactions pattern.</li> </ul> </li> </ol> <p>In summary, while the <code>transfer</code> function in the <code>Vulnerable</code> contract follows the Checks-Effects-Interactions pattern by performing state changes before interactions, the <code>withdraw</code> function violates this pattern by initiating an external call before completing its internal state changes. This violation exposes the contract to reentrancy vulnerabilities. To mitigate this vulnerability, developers should ensure that all state changes are completed before interacting with external contracts or accounts, following the Checks-Effects-Interactions pattern consistently across all contract functions.</p> <h3> Cross-contract Reentrancy: </h3> <ul> <li>Cross-contract reentrancy occurs when a contract interacts with external contracts, and the vulnerability lies in the interaction between different contracts.</li> <li>An attacker exploits this vulnerability by recursively calling back into the vulnerable contract from within an external contract before the original call completes, potentially causing unexpected behavior or manipulating the state of the contracts involved.</li> <li>This type of reentrancy vulnerability often arises when contracts trust external contracts to perform certain actions without properly validating or handling the consequences of the interactions. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">contract</span> <span class="nx">Vulnerable</span> <span class="p">{</span> <span class="nf">mapping</span><span class="p">(</span><span class="nx">address</span> <span class="o">=&gt;</span> <span class="nx">uint256</span><span class="p">)</span> <span class="kr">public</span> <span class="nx">balances</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">withdraw</span><span class="p">(</span><span class="nx">uint256</span> <span class="nx">amount</span><span class="p">)</span> <span class="kr">public</span> <span class="p">{</span> <span class="c1">// Checks: Whether the `user` has neccessary amount</span> <span class="nf">require</span><span class="p">(</span><span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="nx">amount</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Insufficient balance</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Effects: Update sender's balance</span> <span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span> <span class="o">-=</span> <span class="nx">amount</span><span class="p">;</span> <span class="c1">// Interactions: External contract call</span> <span class="nx">ExternalContract</span> <span class="nx">externalContract</span> <span class="o">=</span> <span class="nc">ExternalContract</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">);</span> <span class="nx">externalContract</span><span class="p">.</span><span class="nf">withdraw</span><span class="p">(</span><span class="nx">amount</span><span class="p">);</span> <span class="c1">// Additional effects (this line is vulnerable to reentrancy)</span> <span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span> <span class="o">+=</span> <span class="nx">amount</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">contract</span> <span class="nx">ExternalContract</span> <span class="p">{</span> <span class="kd">function</span> <span class="nf">withdraw</span><span class="p">(</span><span class="nx">uint256</span> <span class="nx">amount</span><span class="p">)</span> <span class="nx">external</span> <span class="p">{</span> <span class="c1">// Some logic</span> <span class="c1">// Vulnerable to reentrancy attack</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">.</span><span class="nf">call</span><span class="p">(</span><span class="dl">""</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>In this example, the <code>withdraw</code> function of the <code>ExternalContract</code> is vulnerable to reentrancy. When called by the <code>Vulnerable</code> contract, an attacker can exploit this vulnerability to reenter the <code>Vulnerable</code> contract and manipulate the sender's <code>balance</code>.</p> <h3> Read-only Reentrancy: </h3> <ul> <li>Read-only reentrancy is a specific type of reentrancy vulnerability where the attacker is limited to reading contract state during the reentrant call, without the ability to modify state directly.</li> <li>While read-only reentrancy may seem less severe than other types, it can still lead to information leakage or manipulation of contract behavior based on the observed state.</li> <li>This type of vulnerability may occur when contracts allow external calls to view certain state variables without adequate protection against reentrancy attacks.</li> </ul> <p>In the example below, a banking contract is presented that permits users to deposit and withdraw:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="dl">"</span><span class="s2">@openzeppelin/contracts/security/ReentrancyGuard.sol</span><span class="dl">"</span><span class="p">;</span> <span class="nx">contract</span> <span class="nx">Bank</span> <span class="nx">is</span> <span class="nx">ReentrancyGuard</span> <span class="p">{</span> <span class="nf">mapping </span><span class="p">(</span><span class="nx">address</span> <span class="o">=&gt;</span> <span class="nx">uint</span><span class="p">)</span> <span class="kr">public</span> <span class="nx">balances</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">deposit</span><span class="p">()</span> <span class="nx">external</span> <span class="nx">payable</span> <span class="p">{</span> <span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span> <span class="o">+=</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">value</span><span class="p">;</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">withdraw</span><span class="p">()</span> <span class="kr">public</span> <span class="nx">nonReentrant</span> <span class="p">{</span> <span class="c1">// Checks</span> <span class="nx">uint</span> <span class="nx">amount</span> <span class="o">=</span> <span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">];</span> <span class="c1">// Interactions</span> <span class="p">(</span><span class="nx">bool</span> <span class="nx">success</span><span class="p">,</span> <span class="p">)</span> <span class="o">=</span> <span class="nf">payable</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">).</span><span class="nx">call</span><span class="p">{</span><span class="nl">value</span><span class="p">:</span> <span class="nx">amount</span><span class="p">}(</span><span class="dl">""</span><span class="p">);</span> <span class="nf">require</span><span class="p">(</span><span class="nx">success</span><span class="p">);</span> <span class="c1">// Effects</span> <span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The <code>Bank</code> contract protects itself against reentrancy issues by using OpenZeppelin's <code>ReentrancyGuard</code>. Additionally, a third-party smart contract exists that uses the bank's publicly available <code>balances</code> mapping for its own business logic, e.g. managing shares based on a user's investment in the bank:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">contract</span> <span class="nx">BankConsumer</span> <span class="p">{</span> <span class="nx">Bank</span> <span class="kr">private</span> <span class="nx">bank</span><span class="p">;</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">address</span> <span class="nx">_bank</span><span class="p">)</span> <span class="p">{</span> <span class="nx">bank</span> <span class="o">=</span> <span class="nc">Bank</span><span class="p">(</span><span class="nx">_bank</span><span class="p">);</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">getBalance</span><span class="p">(</span><span class="nx">address</span> <span class="nx">account</span><span class="p">)</span> <span class="kr">public</span> <span class="nx">view</span> <span class="nf">returns </span><span class="p">(</span><span class="nx">uint256</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">bank</span><span class="p">.</span><span class="nf">balances</span><span class="p">(</span><span class="nx">account</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The bank's <code>withdraw</code> function is safeguarded against reentrancy. Still, this guard only applies to the contract itself and does not extend to other systems. The execution flow of the external call in <code>withdraw</code> can be taken over by an attacker, who can then craft a smart contract that presents a misleading balance while interacting with other projects.</p> <p>In this case, <code>BankConsumer</code> is such a project, merely exposing a <code>view</code> function for illustration purposes. Such a <code>view</code> function could be internally utilized elsewhere, e.g. for assigning shares and a check preventing users to liquidate more shares than they own. An outdated <code>balance</code> exposed by the <code>Bank</code> contract can be exploited by designing a malicious receive function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">contract</span> <span class="nx">Attacker</span> <span class="p">{</span> <span class="nx">event</span> <span class="nc">Checkpoint</span><span class="p">(</span><span class="nx">uint256</span> <span class="nx">balance</span><span class="p">);</span> <span class="nx">Bank</span> <span class="kr">private</span> <span class="nx">bank</span><span class="p">;</span> <span class="nx">BankConsumer</span> <span class="kr">private</span> <span class="nx">consumer</span><span class="p">;</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">address</span> <span class="nx">_bank</span><span class="p">,</span> <span class="nx">address</span> <span class="nx">_consumer</span><span class="p">)</span> <span class="nx">payable</span> <span class="p">{</span> <span class="nx">bank</span> <span class="o">=</span> <span class="nc">Bank</span><span class="p">(</span><span class="nx">_bank</span><span class="p">);</span> <span class="nx">consumer</span> <span class="o">=</span> <span class="nc">BankConsumer</span><span class="p">(</span><span class="nx">_consumer</span><span class="p">);</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">attack</span><span class="p">()</span> <span class="kr">public</span> <span class="p">{</span> <span class="nx">emit</span> <span class="nc">Checkpoint</span><span class="p">(</span><span class="nx">consumer</span><span class="p">.</span><span class="nf">getBalance</span><span class="p">(</span><span class="nf">address</span><span class="p">(</span><span class="k">this</span><span class="p">)));</span> <span class="nx">bank</span><span class="p">.</span><span class="nx">deposit</span><span class="p">{</span><span class="nl">value</span><span class="p">:</span> <span class="mi">1</span> <span class="nx">ether</span><span class="p">}();</span> <span class="nx">bank</span><span class="p">.</span><span class="nf">withdraw</span><span class="p">();</span> <span class="nx">emit</span> <span class="nc">Checkpoint</span><span class="p">(</span><span class="nx">consumer</span><span class="p">.</span><span class="nf">getBalance</span><span class="p">(</span><span class="nf">address</span><span class="p">(</span><span class="k">this</span><span class="p">)));</span> <span class="p">}</span> <span class="nf">receive</span><span class="p">()</span> <span class="nx">external</span> <span class="nx">payable</span> <span class="p">{</span> <span class="nx">emit</span> <span class="nc">Checkpoint</span><span class="p">(</span><span class="nx">consumer</span><span class="p">.</span><span class="nf">getBalance</span><span class="p">(</span><span class="nf">address</span><span class="p">(</span><span class="k">this</span><span class="p">)));</span> <span class="c1">// more malicious code here</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The Attacker contract records Checkpoint events, illustrating that the balances visible to the <code>BankConsumer</code> contract are outdated. When the system is set up in <code>Remix</code>, and the attack function is executed, the following events are logged by the Attacker contract:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="p">[</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">from</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xE3Ca443c9fd7AF40A2B5a95d43207E763e56005F</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">topic</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xde5ae8a37da230f7df39b8ea385fa1ab48e7caa55f1c25eaaef1ed8690f36998</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">event</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Checkpoint</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">args</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">0</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">balance</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0</span><span class="dl">"</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">from</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xE3Ca443c9fd7AF40A2B5a95d43207E763e56005F</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">topic</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xde5ae8a37da230f7df39b8ea385fa1ab48e7caa55f1c25eaaef1ed8690f36998</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">event</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Checkpoint</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">args</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">0</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">1000000000000000000</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">balance</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">1000000000000000000</span><span class="dl">"</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">from</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xE3Ca443c9fd7AF40A2B5a95d43207E763e56005F</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">topic</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xde5ae8a37da230f7df39b8ea385fa1ab48e7caa55f1c25eaaef1ed8690f36998</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">event</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Checkpoint</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">args</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">0</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">balance</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">]</span> </code></pre> </div> <p>The second Checkpoint event indicates that, during the <code>receive</code> function, the <code>Bank</code> contract still presents a <code>balance</code> of 1 ETH for the Attacker contract address despite the funds having been transferred to the attacker. This outdated information can be manipulated to mislead third-party infrastructure building on the Bank contract, such as <code>BankConsumer</code>.</p> <p><strong>Another Example</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">contract</span> <span class="nx">Vulnerable</span> <span class="p">{</span> <span class="nf">mapping</span><span class="p">(</span><span class="nx">address</span> <span class="o">=&gt;</span> <span class="nx">uint256</span><span class="p">)</span> <span class="kr">public</span> <span class="nx">balances</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">viewBalance</span><span class="p">(</span><span class="nx">address</span> <span class="nx">account</span><span class="p">)</span> <span class="nx">external</span> <span class="nx">view</span> <span class="nf">returns </span><span class="p">(</span><span class="nx">uint256</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Vulnerable to read-only reentrancy</span> <span class="k">return</span> <span class="nx">balances</span><span class="p">[</span><span class="nx">account</span><span class="p">];</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">contract</span> <span class="nx">Attacker</span> <span class="p">{</span> <span class="nx">Vulnerable</span> <span class="nx">vulnerableContract</span><span class="p">;</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">address</span> <span class="nx">vulnerableAddress</span><span class="p">)</span> <span class="kr">public</span> <span class="p">{</span> <span class="nx">vulnerableContract</span> <span class="o">=</span> <span class="nc">Vulnerable</span><span class="p">(</span><span class="nx">vulnerableAddress</span><span class="p">);</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">viewAndManipulateBalance</span><span class="p">(</span><span class="nx">address</span> <span class="nx">account</span><span class="p">)</span> <span class="nx">external</span> <span class="p">{</span> <span class="c1">// Read the balance</span> <span class="nx">uint256</span> <span class="nx">balance</span> <span class="o">=</span> <span class="nx">vulnerableContract</span><span class="p">.</span><span class="nf">viewBalance</span><span class="p">(</span><span class="nx">account</span><span class="p">);</span> <span class="c1">// Manipulate contract behavior based on the observed balance</span> <span class="k">if </span><span class="p">(</span><span class="nx">balance</span> <span class="o">&gt;</span> <span class="mi">100</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Do something</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>In this example, the <code>viewBalance</code> function of the Vulnerable contract is vulnerable to read-only reentrancy. An attacker can call this function recursively, observing the <code>balance</code> of multiple accounts, and manipulate the behavior of another contract (Attacker) based on the observed balances.</p> <h3> Conclusion : </h3> <p>Each type of reentrancy vulnerability presents unique challenges and risks, but they all share the common characteristic of allowing attackers to exploit the sequential execution of contract code to their advantage. Solidity developers should be aware of these vulnerabilities and follow best practices, such as using mutex patterns or reentrancy guards, to prevent and mitigate their impact.</p> <p>To prevent reentrancy attacks, you should avoid making external calls in critical sections of your code, and use the nonReentrant modifier provided by the OpenZeppelin library or implement the Checks-Effects-Interactions pattern.</p> <p>For more visit my Github: <a href="https://github.com/logesh21n/Solidity-Common-Vulnerabilities">https://github.com/logesh21n/Solidity-Common-Vulnerabilities</a></p> web3 soliditysecurity blockchain security COMMON VULNERABILITIES: REENTRANCY PART — I Logesh N Fri, 22 Mar 2024 05:20:15 +0000 https://dev.to/logeshn21/common-vulnerabilities-reentrancy-part-i-3coh https://dev.to/logeshn21/common-vulnerabilities-reentrancy-part-i-3coh <p>Reentrancy is a vulnerability that can occur in smart contracts when they interact with other contracts. This vulnerability allows an attacker to repeatedly call back into the vulnerable contract before the current call completes, potentially leading to unexpected behavior and allowing the attacker to manipulate the contract's state.</p> <ol> <li><p><strong>Contract Interaction</strong>: Smart contracts often interact with other contracts on the Ethereum blockchain, either to transfer tokens, update state, or perform other operations.</p></li> <li><p><strong>External Calls</strong>: When a contract makes an external call to another contract using the <code>call</code> or <code>send</code> function, execution is temporarily transferred to the called contract. This means that the original contract's execution pauses while the called contract executes its code.</p></li> <li><p><strong>Untrusted Contract Interaction</strong>: In a reentrancy attack, an attacker exploits this pause in execution to call back into the original contract from within the called contract before the original call completes. This creates a loop where the attacker's contract can repeatedly call back into the vulnerable contract before the original call finishes.</p></li> <li><p><strong>State Manipulation</strong>: During each reentrant call, the attacker's contract can manipulate the state of the vulnerable contract, potentially altering balances, updating permissions, or performing other unauthorized actions.</p></li> <li><p><strong>Unexpected Behavior</strong>: Depending on the logic of the vulnerable contract, this repeated reentrant calling can lead to unexpected behavior, such as incorrect state changes, loss of funds, or denial of service.</p></li> <li><p><strong>Example</strong>: One common scenario where reentrancy can occur is in contracts that involve transferring funds. If the contract's state is updated after transferring funds but before updating the sender's balance, an attacker can exploit this window of opportunity to repeatedly call back into the contract, effectively withdrawing funds multiple times before the sender's <code>balance</code> is updated.</p></li> </ol> <h2> Mitigation </h2> <p>To prevent reentrancy vulnerabilities, developers should follow best practices such as using the "Checks-Effects-Interactions" pattern, where state changes are made before interacting with external contracts, and using mechanisms like <code>reentrancy guard</code> to prevent multiple reentrant calls during the same transaction. Additionally, avoiding the use of <code>send</code> and <code>call.value</code> for transferring Ether, in favor of <code>transfer</code> or using withdrawal patterns, can help mitigate the risk of reentrancy attacks.</p> <h2> Checks-Effects-Interactions: </h2> <p>Checks-Effects-Interactions are commonly used in the context of software development patterns and best practices, particularly in the Ethereum and smart contract development community.</p> <ul> <li><p><strong>Checks</strong>: These refer to validation steps or conditions that need to be verified before proceeding with certain actions in a smart contract. Checks ensure that preconditions are met before executing critical operations.</p></li> <li><p><strong>Effects</strong>: Effects encompass the changes or updates made to the state of the smart contract after certain conditions have been checked and validated. These changes typically involve modifying variables, updating balances, emitting events, or performing other state modifications.</p></li> <li><p><strong>Interactions</strong>: Interactions involve communication and engagement with external entities, such as other smart contracts, Ethereum addresses, or off-chain systems. Interactions can include sending Ether, calling functions in other contracts, emitting events, or triggering external actions.</p></li> </ul> <p>While Solidity itself provides language constructs for implementing these concepts, such as conditional statements (<code>if</code>, <code>require</code>, <code>assert</code>), state variables, and functions for interacting with external contracts (<code>call</code>, <code>send</code>, <code>transfer</code>), the categorization into "checks," "effects," and "interactions" is more of a conceptual framework or design pattern used by developers to structure their smart contracts in a clear and secure manner.</p> <p>In Solidity, the Checks-Effects-Interactions pattern refers to a best practice for structuring smart contract functions to mitigate certain types of vulnerabilities, including reentrancy. Let's break down what each of these components entails within the context of Solidity:</p> <ol> <li> <p><strong>Checks</strong>: </p> <ul> <li>Checks involve validating conditions before executing the main logic of the function. This ensures that the function can only proceed if certain prerequisites are met.</li> <li>Common checks include verifying input parameters, ensuring that the sender has the required permissions or balance, and confirming that the contract is in the correct state to execute the desired operation.</li> <li>Checks are typically performed using <code>if</code> or <code>require</code> or <code>assert</code> statements to validate conditions and revert the transaction if necessary.</li> </ul> </li> <li> <p><strong>Effects</strong>:</p> <ul> <li>Effects encompass the changes made to the contract's state as a result of executing the function. This includes modifications to storage variables, updating balances, emitting events, or performing other state-altering operations.</li> <li>It's crucial to ensure that all necessary state changes are made in this phase of the function execution. These changes should accurately reflect the intended behavior of the contract and the outcome of the function execution.</li> </ul> </li> <li> <p><strong>Interactions</strong>:</p> <ul> <li>Interactions involve communicating with external contracts or accounts, such as sending Ether, calling functions on other contracts, or emitting events that trigger off-chain actions.</li> <li>It's important to perform interactions after completing all state changes to minimize the risk of vulnerabilities like reentrancy.</li> <li>Interactions should be carefully handled to account for potential failures, such as handling errors that occur during external calls and ensuring that the contract's state remains consistent.</li> </ul> </li> </ol> <p>To illustrate these concepts, let's consider a simple example of a Solidity function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">transfer</span><span class="p">(</span><span class="nx">address</span> <span class="nx">recipient</span><span class="p">,</span> <span class="nx">uint256</span> <span class="nx">amount</span><span class="p">)</span> <span class="kr">public</span> <span class="p">{</span> <span class="c1">// Check if the sender has sufficient balance</span> <span class="nf">require</span><span class="p">(</span><span class="nx">balance</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="nx">amount</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Insufficient balance</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Effects: Update sender and recipient balances</span> <span class="nx">balance</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span> <span class="o">-=</span> <span class="nx">amount</span><span class="p">;</span> <span class="nx">balance</span><span class="p">[</span><span class="nx">recipient</span><span class="p">]</span> <span class="o">+=</span> <span class="nx">amount</span><span class="p">;</span> <span class="c1">// Interactions: Emit an event to log the transfer</span> <span class="nx">emit</span> <span class="nc">Transfer</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">,</span> <span class="nx">recipient</span><span class="p">,</span> <span class="nx">amount</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>In this example</strong>:</p> <ul> <li>The "checks" are performed using the <code>require</code> statement to ensure that the sender has sufficient balance to transfer the specified amount.</li> <li>The "effects" involve updating the <code>balances</code> of the sender and recipient in the contract's state.</li> <li>The "interactions" consist of <code>emitting an event</code> to log the transfer, which communicates the outcome of the transaction but doesn't involve external contracts or accounts in this case.</li> </ul> <p>Let's consider another example, this time involving a contract that allows users to withdraw funds from their account balances:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">contract</span> <span class="nx">SimpleBank</span> <span class="p">{</span> <span class="nf">mapping</span><span class="p">(</span><span class="nx">address</span> <span class="o">=&gt;</span> <span class="nx">uint256</span><span class="p">)</span> <span class="kr">public</span> <span class="nx">balances</span><span class="p">;</span> <span class="nx">event</span> <span class="nc">Withdrawal</span><span class="p">(</span><span class="nx">address</span> <span class="nx">indexed</span> <span class="nx">account</span><span class="p">,</span> <span class="nx">uint256</span> <span class="nx">amount</span><span class="p">);</span> <span class="kd">function</span> <span class="nf">withdraw</span><span class="p">(</span><span class="nx">uint256</span> <span class="nx">amount</span><span class="p">)</span> <span class="kr">public</span> <span class="p">{</span> <span class="c1">// Checks: Ensure that the sender has a sufficient balance to withdraw</span> <span class="nf">require</span><span class="p">(</span><span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="nx">amount</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Insufficient balance</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Effects: Update the sender's balance</span> <span class="nx">balances</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span> <span class="o">-=</span> <span class="nx">amount</span><span class="p">;</span> <span class="c1">// Interactions: Transfer Ether to the sender</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">.</span><span class="nf">transfer</span><span class="p">(</span><span class="nx">amount</span><span class="p">);</span> <span class="c1">// Emit an event to log the withdrawal</span> <span class="nx">emit</span> <span class="nc">Withdrawal</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">,</span> <span class="nx">amount</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>In this example:</p> <ol> <li> <p><strong>Checks</strong>:</p> <ul> <li>The function starts with a check to ensure that the sender (<code>msg.sender</code>) has a sufficient balance to withdraw the specified amount. If the condition is not met, the function will revert, preventing the transaction from proceeding.</li> </ul> </li> <li> <p><strong>Effects</strong>:</p> <ul> <li>After the check is successfully passed, the function proceeds to update the sender's <code>balance</code> by subtracting the withdrawn amount from their account <code>balance</code>. This modification reflects the effect of the withdrawal on the contract's state.</li> </ul> </li> <li> <p><strong>Interactions</strong>:</p> <ul> <li>Once the state changes have been applied, the function performs the interaction by transferring Ether (<code>amount</code>) to the sender's address (<code>msg.sender</code>) using <code>transfer()</code>. This action effectively completes the withdrawal process by transferring funds to the user.</li> <li>Additionally, the function emits an event (<code>Withdrawal</code>) to log the withdrawal transaction, providing transparency and allowing clients to monitor account activity.</li> </ul> </li> </ol> <p>This example demonstrates how the Checks-Effects-Interactions pattern can be applied in a contract that involves user interactions and state changes. By following this pattern, the contract ensures that critical checks are performed upfront, state changes are accurately reflected, and interactions with external entities are handled safely and consistently.</p> <h2> Attacker's Perspective </h2> <p><strong>Example Vulnerable Contract</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">contract</span> <span class="nx">VulnerableBank</span> <span class="p">{</span> <span class="nf">mapping </span><span class="p">(</span><span class="nx">address</span><span class="o">=&gt;</span><span class="nx">uint256</span><span class="p">)</span> <span class="nx">balance</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">deposit</span> <span class="p">()</span> <span class="nx">external</span> <span class="nx">payable</span> <span class="p">{</span> <span class="nx">balance</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span><span class="o">+=</span><span class="nx">msg</span><span class="p">.</span><span class="nx">value</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Note: The `withdraw()` function does not follows the Checks-Effects-Interactions pattern</span> <span class="kd">function</span> <span class="nf">withdraw</span> <span class="p">()</span> <span class="nx">external</span> <span class="nx">payable</span><span class="p">{</span> <span class="nf">require</span><span class="p">(</span><span class="nx">balance</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span><span class="o">&gt;=</span><span class="mi">0</span><span class="p">,</span><span class="dl">'</span><span class="s1">Not enough ether</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Checks</span> <span class="nf">payable</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">).</span><span class="nx">call</span><span class="p">{</span><span class="nl">value</span><span class="p">:</span><span class="nx">balance</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]}(</span><span class="dl">""</span><span class="p">);</span> <span class="c1">// Interactions</span> <span class="nx">balance</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span><span class="o">=</span><span class="mi">0</span><span class="p">;</span> <span class="c1">// Effects</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">banksBalance</span> <span class="p">()</span> <span class="kr">public</span> <span class="nx">view</span> <span class="nf">returns </span><span class="p">(</span><span class="nx">uint256</span><span class="p">){</span> <span class="k">return</span> <span class="nf">address</span><span class="p">(</span><span class="k">this</span><span class="p">).</span><span class="nx">balance</span><span class="p">;</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">userBalance</span> <span class="p">(</span><span class="nx">address</span> <span class="nx">_address</span><span class="p">)</span> <span class="kr">public</span> <span class="nx">view</span> <span class="nf">returns </span><span class="p">(</span><span class="nx">uint256</span><span class="p">){</span> <span class="k">return</span> <span class="nx">balance</span><span class="p">[</span><span class="nx">_address</span><span class="p">];</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Attack Scenario</strong>:</p> <ul> <li> <strong>Attacker</strong>: The attacker creates a malicious contract. See below for Attacker's Contract.</li> <li> <strong>Malicious contract</strong>: Calls the <code>deposit</code> function on a vulnerable contract to increase its balance by 1 eth.</li> <li> <strong>Vulnerable contract</strong>: It records the <code>transfer</code> and increases the attacker’s contract <code>balance</code>.</li> <li> <strong>Malicious contract</strong>: Calls the <code>withdraw</code> function on a vulnerable contract to extract everything they deposited.</li> <li> <strong>Vulnerable contract</strong>: Checks if the stored <code>balance</code> of the attacker is greater than or equal to 0.</li> <li> <strong>Vulnerable contract</strong>: Yes, it is greater than 0 due to the transfer in 3.</li> <li> <strong>Vulnerable contract</strong>: It transfers the value of the deposited <code>amount</code> to the attacker’s contract.</li> <li> <strong>Malicious contract</strong>: When a transfer is received, the <code>receive</code> function is called.</li> <li> <strong>Malicious contract</strong>: The <code>receive</code> function checks if the bank’s <code>balance</code> is higher than 1 eth, if yes it calls the <code>withdraw</code> function again on the vulnerable contract.</li> <li> <strong>Vulnerable contract</strong>: Allows another <code>withdraw</code> because the attacker’s <code>balance</code> has not yet been updated. …and so (6-10) on until all 10 eths are pulled out!</li> </ul> <p><strong>Attacker's Contract</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">contract</span> <span class="nx">LetsRobTheBank</span> <span class="p">{</span> <span class="nx">VulnerableBank</span> <span class="nx">bank</span><span class="p">;</span> <span class="nf">constructor </span><span class="p">(</span><span class="nx">address</span> <span class="nx">payable</span> <span class="nx">_target</span><span class="p">)</span> <span class="p">{</span> <span class="nx">bank</span> <span class="o">=</span> <span class="nc">VulnerableBank</span><span class="p">(</span><span class="nx">_target</span><span class="p">);</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">attack</span> <span class="p">()</span> <span class="kr">public</span> <span class="nx">payable</span> <span class="p">{</span> <span class="nx">bank</span><span class="p">.</span><span class="nx">deposit</span><span class="p">{</span><span class="nl">value</span><span class="p">:</span><span class="mi">1</span> <span class="nx">ether</span><span class="p">}();</span> <span class="nx">bank</span><span class="p">.</span><span class="nf">withdraw</span><span class="p">();</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">attackerBalance</span> <span class="p">()</span> <span class="kr">public</span> <span class="nx">view</span> <span class="nf">returns </span><span class="p">(</span><span class="nx">uint256</span><span class="p">){</span> <span class="k">return</span> <span class="nf">address</span><span class="p">(</span><span class="k">this</span><span class="p">).</span><span class="nx">balance</span><span class="p">;</span> <span class="p">}</span> <span class="nf">receive </span><span class="p">()</span> <span class="nx">external</span> <span class="nx">payable</span> <span class="p">{</span> <span class="k">if</span><span class="p">(</span><span class="nx">bank</span><span class="p">.</span><span class="nf">banksBalance</span><span class="p">()</span><span class="o">&gt;</span><span class="mi">1</span> <span class="nx">ether</span><span class="p">){</span> <span class="nx">bank</span><span class="p">.</span><span class="nf">withdraw</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>How to protect yourself against reentrancy attack?</strong></p> <p>Design functions based on the following principles – Checks Effects Interactions</p> <ul> <li>First – make all your checks,</li> <li>Then – make changes e.g. update balances,</li> <li>Finally – call another contract.</li> </ul> <p>CEI pattern will eliminate most of the problems, so try to always build the contract logic based on this scheme. Make all your checks first, then update balances and make changes, and only then call another contract.</p> <p><strong>Updated Vulnerable Contract</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">contract</span> <span class="nx">VulnerableBank</span> <span class="p">{</span> <span class="nf">mapping </span><span class="p">(</span><span class="nx">address</span><span class="o">=&gt;</span><span class="nx">uint256</span><span class="p">)</span> <span class="nx">balance</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">deposit</span> <span class="p">()</span> <span class="nx">external</span> <span class="nx">payable</span> <span class="p">{</span> <span class="nx">balance</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span><span class="o">+=</span><span class="nx">msg</span><span class="p">.</span><span class="nx">value</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Note: The `withdraw()` function does not follows the Checks-Effects-Interactions pattern</span> <span class="kd">function</span> <span class="nf">withdraw</span> <span class="p">()</span> <span class="nx">external</span> <span class="nx">payable</span><span class="p">{</span> <span class="nf">require</span><span class="p">(</span><span class="nx">balance</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span><span class="o">&gt;=</span><span class="mi">0</span><span class="p">,</span><span class="dl">'</span><span class="s1">Not enough ether</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Checks</span> <span class="nx">balance</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]</span><span class="o">=</span><span class="mi">0</span><span class="p">;</span> <span class="c1">// Effects</span> <span class="nf">payable</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">).</span><span class="nx">call</span><span class="p">{</span><span class="nl">value</span><span class="p">:</span><span class="nx">balance</span><span class="p">[</span><span class="nx">msg</span><span class="p">.</span><span class="nx">sender</span><span class="p">]}(</span><span class="dl">""</span><span class="p">);</span> <span class="c1">// Interactions</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">banksBalance</span> <span class="p">()</span> <span class="kr">public</span> <span class="nx">view</span> <span class="nf">returns </span><span class="p">(</span><span class="nx">uint256</span><span class="p">){</span> <span class="k">return</span> <span class="nf">address</span><span class="p">(</span><span class="k">this</span><span class="p">).</span><span class="nx">balance</span><span class="p">;</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">userBalance</span> <span class="p">(</span><span class="nx">address</span> <span class="nx">_address</span><span class="p">)</span> <span class="kr">public</span> <span class="nx">view</span> <span class="nf">returns </span><span class="p">(</span><span class="nx">uint256</span><span class="p">){</span> <span class="k">return</span> <span class="nx">balance</span><span class="p">[</span><span class="nx">_address</span><span class="p">];</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Use mutex – add nonReentrant modifier</strong></p> <ul> <li>Use a ready-made implementation of <code>nonReentrant</code> modifier.</li> <li>Add <code>nonReentrant</code> modifier to all external functions.</li> <li>Go through all the functions and if you are sure that the vulnerability does not exist in a particular function, remove the modifier.</li> </ul> <h2> Conclusion </h2> <p>The reentrancy bug is a serious vulnerability ("critical") in smart contracts that allows attackers to manipulate the contract's state by repeatedly calling back into the contract before the current call completes. This can lead to unexpected behavior, loss of funds, or denial of service. To prevent reentrancy attacks, developers should follow best practices such as using the Checks-Effects-Interactions pattern, implementing mutex patterns or reentrancy guards, and avoiding making external calls in critical sections of the code. By adhering to these practices, developers can ensure the security and integrity of their smart contracts on the Ethereum blockchain.</p> <p><strong>For more visit my Github</strong>: <a href="https://github.com/logesh21n/Solidity-Common-Vulnerabilities">https://github.com/logesh21n/Solidity-Common-Vulnerabilities</a></p> smartcontractsecurity web3 security blockchain