Reentrancy attack

Reentrancy attack

When you own all the money in the bank.

Introduction

Think of a day in your life when you wake up, go to your local bank and can withdraw any amount you want from that bank. What would you do with it? Go on a vacation, buy your dream car or donate it to charity?

Well, it is possible to withdraw unlimited money using a technique called a reentrancy attack. This technique has gained traction in the world of cryptocurrencies and today, we will talk about the logic behind it.

How money withdrawal works.

When you go to the bank to withdraw, a typical three-step process would be;

  1. Verification: the bank verifies that the amount on your account is equal to or greater than the amount you want to withdraw.

  2. Issue: The bank gives you the amount of money that you requested.

  3. Update: The bank updates your account to reflect the new balance after withdrawing.

How this attack works.

Let's say you have 100 dollars in the bank and you want to withdraw the whole amount. When you reach the bank, it performs the 3-step process. After this process is complete, you will walk out of the bank with 100 dollars in your pocket, and your account balance will be zero.

Imagine a scenario where you go to the bank to withdraw 100 dollars. The bank performs steps 1 and step 2, then something happens that stops the bank from performing step 3. At the end of the day, you walk out of the bank with 100 dollars, but still, your account has 100 dollars. So any time you can enter the bank again and request another withdrawal.

Now, if the bank again performs steps 1 and 2 and fails to perform step 3, you have 200 dollars but still, your account balance is showing 100 dollars. Assuming the bank does not realize this, it means you can keep going to the bank and asking for a withdrawal yet your account balance does not decrease.

If you repeat this 1000 times, boom, you have 100000 dollars but still, your account shows a balance of 100 dollars. You can continue requesting for withdrawal until the bank runs out of money to give you.

But wait, you only had 100 dollars but withdrew 100,000 dollars, which means that you withdrew the funds of other customers who had trusted the bank.

The bank is now in debt to pay the 99900 extra dollars that it lost because of the error it made by not performing step 3 every time you requested a withdrawal.

How it can be prevented.

Now that you know a reentrancy attack arises where the bank repeatedly performs steps 1 and 2 before performing step 3. How can it be prevented?

One common way of preventing a reentrancy attack would be interchanging steps 2 and 3. The new process, in this case, would be:

  1. Verification: As usual, the bank first confirms that the customer's account has the amount they want to withdraw.

  2. Update: The bank updates the customer's account balance to reflect the new balance

  3. Issue: The bank gives the customer the amount they requested.

Additionally, after performing step 1, the bank can first confirm that it has the money to give to the customer before performing step 2. This prevents the bank from updating the customer's balance only to find that they don't have enough money in their safe to give to the customer.

Conclusion

In this short article, you have learned the logic behind reentrancy attacks in smart contracts using an example of a bank, and how they can be prevented.