@pamm

Smart contracts are the backbone of Web3, powering decentralized applications (dApps), DeFi protocols, and NFTs on blockchains like Ethereum. However, their immutable nature, once deployed, they can't be easily patched, which makes vulnerabilities particularly dangerous. Reentrancy attacks occur when an external contract calls back into the original contract before the first execution is complete, allowing the attacker to repeatedly drain funds. Attackers exploit this by repeatedly calling a vulnerable contract's function, draining funds, or manipulating state. A clear example is the DAO hack in 2016, where an attacker stole approximately $50 million worth of Ether. How Reentrancy Attack Works: A vulnerable contract (e.g., a DeFi protocol) has a function like 'withdraw()' that sends Ether or tokens to a user’s address (an external call). Before updating its internal balance, the external contract (controlled by the attacker) calls back into 'withdraw()' again.

0 reply

0 recast

0 reaction