.svg)
.avif)
Smart contracts are self-executing codes that form the backbone of the Web3 ecosystem. Smart contracts serve as the foundational threads of the Web3 ecosystem, delicately balancing billions on an open network. Today, we'll discuss the re-entrancy attack, one of the most common vulnerabilities that affects smart contracts. This is a great place to start if you want to learn about Solidity and how to audit smart contracts. This is the first article in a series on auditing Solidity smart contracts. The series will cover vulnerabilities and resources that smart contract auditors use.
What Is A Re-Entrancy Attack?Ìý
A re-entrancy attack is a smart contract vulnerability where an exploiter contract takes advantage of a loophole in a victim contract, repeatedly withdrawing from it until the victim contract becomes bankrupt. This vulnerability occurs when the victim contract fails to verify the exploiter's new balance in a timely manner.Ìý
Smart contracts often interact by calling one another, and the attacker contract in a re-entrancy attack initially deposits tokens into the victim contract and then makes a withdrawal call. The attacker contract intentionally restricts the victim contract from receiving tokens, leading to a mismatch and triggering the fallback function, which receives Ether. The attacker contract includes manipulative code that continuously calls the victim contract, causing it to unknowingly send Ether repeatedly. This allows the attacker to drain the victim contract's funds until it is depleted.
CryptoCasino is a dApp that allows users to gamble with cryptocurrency. The smart contract governing CryptoCasino has a vulnerability that allows for a re-entrancy-like attack. The smart contract also allows users to withdraw their remaining balance at any time. The contract updates the user's balance