Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SUBMIT
Crypto Flexs
Home»HACKING NEWS»Single Function Reentrancy Attack – Ackee Blockchain
HACKING NEWS

Single Function Reentrancy Attack – Ackee Blockchain

By Crypto FlexsJune 20, 20245 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Single Function Reentrancy Attack – Ackee Blockchain
Share
Facebook Twitter LinkedIn Pinterest Email

reentrant attack

Re-entrancy attacks only apply to smart contracts due to the nature of external calls. When a contract interacts with another contract through an external call, such as during a token transfer, the receiving contract can execute arbitrary code in response. This execution may lead to unexpected behavior that was not anticipated by the original contract programmer.

In a reentrancy attack, the receiving contract takes advantage of an external call by calling a function recursively before the first call completes. This behavior is different from simply calling a function once and could lead to a security breach. From a developer’s perspective, these executions are difficult to prevent because it is difficult to predict and imagine how they might occur. There are a variety of scenarios in which re-entry can be utilized. This article provides a simple example of a re-entrancy attack and how to prevent it.

Single function reentrancy attack analysis

This is the source code of a simple vault contract that allows users to deposit and withdraw funds. The withdraw function is vulnerable to re-entrancy attacks.

A call comes from outside msg.senderat withdraw function. This is where re-entrancy attacks can occur. An attacker can make a phone call. withdraw It operates multiple times before the first call completes, resulting in unexpected behavior.

Let’s analyze the code execution. withdraw function. The problem with this function is that it updates the value after the outer call. Below is how. withdraw Function operation:

1. uint256 amount = balances(msg.sender);
2. // send ETH amount of ETH value // whatever the user can do as a function call
3. balances(msg.sender) = 0;

So we withdraw function is equivalent to calling two functions.

  • Calculate the amount and send ETH.
  • Set your balance to 0.

The requirement is that other functions can run after the first function is completed, but eventually the second function must run.

From the above analysis, we can understand the concept of reentrancy, which is calling a function again from within the user’s external function.

Let’s consider the following scenario: This is allowed because the execution meets the above requirements. But a problem occurred.

1. uint256 amount = balances(msg.sender);
2. // send ETH amount of ETH value // call withdraw() again
2.1. uint256 amount2 = balances(msg.sender);
2.2. // send ETH amount2 of ETH value // only receive value, nothing else this time.
2.3. balances(msg.sender) = 0;
3. balances(msg.sender) = 0;

As a result of this execution, the user will receive as a balance double the amount of ETH held in this contract. However, the run was still successful. Similarly, you can do it 10 times or you can do it 100 times. Users can receive 100 times the amount of ETH held in this contract as balance.

Attack example

This is an example of an attacker contract.

This is Wake’s test file.

Deploy the vault, store 10 ETH, and distribute the attacker contract with 1 ETH.

By calling attacker_contract.attack() The attack function in the attacker contract is called from a function in the Python test code.

In the attack function, 1 ETH is deposited into the vault and withdrawn from the vault. The withdraw function calls an external call to send ether to the attacker. Therefore, the receive function of the attacker contract is called. at receive() The function calls: withdraw Functional again.

Call tracing for attacks. The attacker contract has 1ETH and the vault contract has 10ETH. After the 5th withdraw By calling the function recursively, there are 6 ETH in the attacker’s contract and 5 ETH in the storage.

This is a single-function reentrancy attack. Most other reentrancy attacks are based on this scenario. However, the complexity and functional structure of the project makes it difficult to detect.

Prevention

There are several ways to prevent this attack. Although these prevention methods are effective against single-function reentrancy attacks, they are not guaranteed to prevent all reentrancy attacks.

Here are some common methods:

re-entry guard

ReentrancyGuard makes it impossible to renew your contract.

After external call, check and write the value.

The unexpected execution flow of the above attack includes resetting the balance to zero twice. This reset assumes that your previous balance value is the same as your current balance value. sheep, but it changes. This example shows how programmers fail to anticipate reentrancy.

Change the code that deducts amounts from the balance to properly manage the user’s balance.

Confirmation-Effect-Interaction

Another preventative method is to first finish changing the state of the function and then call the external function. As explained above, a function call can be viewed as two separate function calls. We disable the attack by having the second part of the function do nothing.

conclusion

In conclusion, understanding and preventing re-entrancy vulnerabilities is important to develop secure smart contracts. For example, even though there are other types of reentrancy attacks, ReentrancyGuard is not sufficient to completely prevent some contracts. It is important to understand the concept of reentry and how to utilize it.

There is a reentrant example Github repository. There are other types of reentrancy attacks and also protocol-specific reentrancy attacks.

We also discussed different types of reentrancy and protocol-specific reentrancy in the blog.

You can write reentrancy attacks and learn how they work in practice.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Videos and Podcasts | Vault 12

July 14, 2026

Kresus launches cryptocurrency inheritance service for self-managed wallet users.

July 12, 2026

Cryptocurrency Inheritance Update: May 2026

July 8, 2026
Add A Comment

Comments are closed.

Recent Posts

Market Summary: While IBM stumbles and PayPal acquisition rumors swirl, financial giants shine.

July 15, 2026

CoinGecko -MEXC Ranks Second In TradFi Perpetual Futures With $323.9 Billion In Trading Volume

July 15, 2026

Circle wins legal battle over Heka’s USDC issuance and redemption accounts

July 15, 2026

CT3 Announces Dedicated Storage Contracts To Expand Decentralized Storage Infrastructure

July 15, 2026

TxFlow L1 Introduces Probly, Marking The Next Stage Of Its Multi-Application Ecosystem With Prediction Markets

July 15, 2026

Videos and Podcasts | Vault 12

July 14, 2026

As AI platforms move away from unlimited, Sogni AI is launching a $20 fair use unlimited plan on community GPUs.

July 14, 2026

EthSystems Launches To Build Privacy Solutions For Institutions On Ethereum

July 14, 2026

MEXC Reports 7.1 Billion USDT In SpaceX Futures Volume As Q2 Closes The Gap To Wall Street

July 14, 2026

MEXC Reports 142% Volume Surge For MU Futures Following Record Micron Earnings Beat

July 14, 2026

OpenSea adds Good Vibes Club NFT to NFT Reserve

July 13, 2026

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Market Summary: While IBM stumbles and PayPal acquisition rumors swirl, financial giants shine.

July 15, 2026

CoinGecko -MEXC Ranks Second In TradFi Perpetual Futures With $323.9 Billion In Trading Volume

July 15, 2026

Circle wins legal battle over Heka’s USDC issuance and redemption accounts

July 15, 2026
Most Popular

Celestia, Pullix and Quant are strong and could increase profits before Christmas

December 9, 2023

Goose boom bang! Slot -Collision, Cash and Manga Massacre

September 27, 2025

The Daily: Crypto Meets the White House, Cboe Resubmits for Spot Bitcoin ETF Options, Trump Jr. Talks Mimecoin, and More

August 10, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2026 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.