May 9, 2024

Understanding and Preventing Reentrancy Attacks in Crypto

Understanding and Preventing Reentrancy Attacks in Crypto

A reentrancy attack is a vulnerability exploit where an attacker takes advantage of the asynchronous nature of certain operations in a smart contract to repeatedly call a function before the previous call is complete. 

This loophole allows for repeated execution of actions intended to occur only once enabling attackers to manipulate the contract's state leading to unexpected behaviour and potential asset theft.

A typical reentrancy attack happens when attackers use their smart contract to exploit loopholes in the smart contract of a protocol and drain funds by repeatedly sending the same withdraw function that the vulnerable smart contract honour without updating its balance.

This attack entered the spotlight in 2016 following the high-profile exploit of  Ethereum DAO an incident that eventually led to the creation of Ethereum Classic.

More recently, protocols such as Rari Capital/Fei (2022) and KyberSwap (2023) fell victim to reentrancy attacks suffering $80m and $47m in losses. 

This article dives deep into reentrancy attacks and recent variations such as read-only reentrancy attacks.

How Reentrancy Attack Works  

Image credit: hackernoon

A classic reentrancy attack is possible when the order in which a smart contract is set up to handle transactions goes like this; 

  • the vulnerable smart contract will first check its balance,
  • then send funds,
  • and then finally update its balance.

This sequence is known as “the check-interaction-effects code pattern” and the problem here is that the attacker will take advantage of the time gap the vulnerable smart contract creates between sending the funds and updating the balance as it creates a window in which an attacking smart contract can make another call to withdraw funds.

Due to this loophole, the vulnerable smart contract does not update its balance instead it just keeps sending funds until everything is drained.  

Read-only reentrancy attacks 

This is a relatively new variation of reentrancy attacks that target view functions that contain reentrancy vulnerabilities. 

While these functions do not alter the contract's state, they serve essential roles such as reporting token values. 

By exploiting the reentrancy vulnerability, the attacker can manipulate these values or cause the contract to report outdated values of tokens. This enables them to exploit smart contracts that rely on these values.

Types of Reentrancy Attacks 

Mono-Function Reentrancy:  This is the most basic and classic variation of a reentrancy attack, it occurs when a single function within a smart contract falls prey to repeated recursive calls before the completion of previous invocations. 

Cross-function reentrancy: This involves the recursive invocation of multiple functions within a smart contract. It becomes feasible when a vulnerable function shares state with another function that benefits the attacker. Exploiting the asynchronous nature of smart contracts, the attacker persistently calls back into multiple susceptible functions.

Cross-contract reentrancy: This attack usually occurs when multiple contracts share the same variable and some update the shared variable insecurely.

Some Recent Cases of Reentrancy Attacks   

Rari Capital/Fei Protocol Reentrancy Attack

 In 2022, the DeFi lending protocol lost $80 million worth of assets when an attacker, utilising flash loans, exploited a loophole in the protocol.

Image credit: Certik
  • The attacker flash-loaned 150m USDC and used it as collateral to borrow 1977 ETH via the “borrow ()” function.  
  • This function transfers funds before updating borrow records.
  •  This created a loophole for the attack to call the “exit market” function to get back(withdraw) their collateral (150m USDC).
  •  The attacker repeated these steps on multiple other tokens. 
  • Then the attacker paid back their flash loan. 

The $80m loot consisted of ETH, DAI, USDC, FRAX, UST and others.

DForce Read-Only Reentrancy Attack

The DeFi lending protocol was exploited for $3.7m via a read-only reentrancy attack. The attacker targeted the protocol’s Curve Finance vault on the Arbitrum and Optimism blockchains, a reentrancy vulnerability existed in code that was used to access price oracles when using Curve on Arbitrum or Optimism.

To exploit the vulnerability, the attacker deposited funds obtained from flash loans and then removed their deposit. During this removal, the attacker can exploit a reentrancy vulnerability and manipulate the perceived virtual price of the asset thus by driving down the virtual price, the attacker was able to liquidate other users’ positions in the wstETH/ETH pool.

As a result, the attacker was able to steal approximately $3.6 million from the protocol.

Preventing Rentrancy Attacks 

  • Reentrancy attacks can be prevented by employing the check-effects-interaction code pattern. This pattern ensures that internal state updates are executed before any value transfer, effectively recording the changes before proceeding with the transaction.
  • Read-only reentrancy is often exploited to change the perceived value of tokens thus using trusted and reputable external price oracles can go a long way in preventing such exploits. 
  • Reentrancy attacks occur due to vulnerabilities in smart contracts. Therefore, comprehensive smart contract security audits conducted by reputable third-party blockchain/smart contract auditing firms should be considered essential. These audits can help detect reentrancy threats and bugs, ensuring the integrity and security of the smart contract.

Closing Thoughts  

In 2023, a bug in some outdated versions of the Vyper programming language led to reentrancy vulnerabilities in protocols utilising these versions. 

One notable protocol affected was CurveFinance, resulting in the exploitation of liquidity pools on the platform. Ultimately, a total of $50.4 million was stolen from pools associated with Alchemix, JPEG’D, and the Metronome protocol. 

This incident serves as a reminder of the need for constant updating, keeping up with industry best practices and regular auditing of smart contracts/crypto-related systems. 

A third-party smart contract security audit is one of the most potent ways of detecting and preventing reentrancy vulnerabilities.  

Hashlock Australia’s leading blockchain and smart contract security firm is here for all your smart contract security needs. 

Contact us today!   

[Author’s Note: This article does not represent financial advice, everything written here is strictly for educational and informational purposes. Please do your own research before investing.]

Author: Godwin Okhaifo