Smart contracts process transactions automatically based on pre-written code. When someone sends a transaction to a smart contract, the contract executes its programmed instructions step by step. However, some contracts contain a dangerous flaw called reentrancy that allows attackers to steal funds by interrupting this normal flow.
Reentrancy attacks exploit the timing of when a smart contract sends money and when it updates its internal records. Picture a bank vault with an automated system. When you request a withdrawal, the system should check your balance, give you the money, then mark your account as having less money. But what if the system gives you money first, and only updates your balance record afterward?
During that brief moment between giving you money and updating records, the system still thinks you have your original balance. An attacker can exploit this timing gap. When the contract sends them money, they program their own contract to immediately request another withdrawal before the first transaction finishes.
Since the original contract has not yet updated its records, it still shows the attacker's full balance and approves the second withdrawal. This process can repeat rapidly, draining far more money than the attacker originally had. The most devastating reentrancy attack happened in 2016 against a project called The DAO on the Ethereum blockchain.
6 million ETH, worth around $50 million at the time. An attacker found a reentrancy vulnerability in The DAO's withdrawal function and used it to drain approximately one-third of all funds. This attack was so severe that the Ethereum community decided to reverse the blockchain's history to recover the stolen money, creating a permanent split in the community.
Here's a simplified example of how reentrancy works. Alice has 10 tokens in a smart contract. She calls the withdraw function to get her 10 tokens. The contract says "Alice has 10 tokens, sending them now" and transfers the tokens to Alice's address. But Alice's address is actually another smart contract she controls.
When Alice's contract receives the tokens, it immediately calls the withdraw function again. The original contract still shows Alice has 10 tokens because it has not yet updated her balance to zero. So it sends another 10 tokens. This cycle continues until the contract is empty. Modern smart contract developers prevent reentrancy using several techniques.
The most common approach is updating balances before sending money rather than after. Another method involves using "mutex locks" that prevent a function from being called again while it's already running. Some developers use special modifiers that automatically check for reentrancy attempts. Understanding reentrancy helps explain why smart contract security audits are so important.
Even small timing issues in code can lead to massive financial losses. This vulnerability demonstrates how blockchain's permanence and automation, while powerful, require extremely careful programming since mistakes cannot easily be undone.