Blockchain / Solidityprogramming~30 mins

Reentrancy attacks in Blockchain / Solidity - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Understanding Reentrancy Attacks in Smart Contracts

📖 Scenario: You are learning about smart contracts on the Ethereum blockchain. One common security problem is the reentrancy attack, where a malicious contract repeatedly calls back into a vulnerable contract to drain funds.In this project, you will create a simple vulnerable contract, then add a fix to prevent reentrancy attacks.

🎯 Goal: Build a smart contract that holds Ether and allows withdrawals. First, create a vulnerable version that can be attacked by reentrancy. Then, add a guard to prevent the attack.

📋 What You'll Learn

Create a contract with a mapping to track user balances

Write a withdraw function that sends Ether to the user

Add a boolean lock variable to prevent reentrancy

Use the lock variable to guard the withdraw function

Print events to show when withdrawals happen

💡 Why This Matters

🌍 Real World

Smart contracts on blockchains hold real money. Preventing reentrancy attacks protects users' funds from being stolen.

💼 Career

Blockchain developers must understand and fix reentrancy vulnerabilities to build secure decentralized applications.

Progress0 / 4 steps

Create a vulnerable contract with balances

Create a Solidity contract called VulnerableBank. Inside it, declare a public mapping called balances that maps address to uint. Also, write a deposit function that is payable and adds msg.value to the sender's balance.

Blockchain / Solidity

contract VulnerableBank {
    // Your code here
}

Need a hint?

Use mapping(address => uint) public balances; to store balances. The deposit function should be payable and add msg.value to balances[msg.sender].

Add a withdraw function vulnerable to reentrancy

Add a public function called withdraw that takes a uint amount. Inside, check that balances[msg.sender] is at least amount. Then, send amount Ether to msg.sender using call. Finally, subtract amount from balances[msg.sender]. Do not add any reentrancy protection yet.

Blockchain / Solidity

pragma solidity ^0.8.0;

contract VulnerableBank {
    mapping(address => uint) public balances;

    function deposit() public payable {
        balances[msg.sender] += msg.value;
    }

    // Add the withdraw function below
    // Your code here
}

Need a hint?

Use require to check balance. Use call to send Ether. Subtract amount from balance after sending.

Add a reentrancy guard using a lock variable

Add a private boolean variable called locked initialized to false. Modify the withdraw function to first check that locked is false, then set locked to true before sending Ether. After sending, set locked back to false. This prevents reentrancy.

Blockchain / Solidity

pragma solidity ^0.8.0;

contract VulnerableBank {
    mapping(address => uint) public balances;
    // Add a private boolean variable called locked

    function deposit() public payable {
        balances[msg.sender] += msg.value;
    }

    function withdraw(uint amount) public {
        // Add reentrancy guard using locked variable
        // Your code here
    }
}

Need a hint?

Use a boolean locked to block reentrant calls. Set it true before sending Ether and false after.

Add events and print withdrawal success

Declare an event called Withdrawal with parameters address indexed user and uint amount. Emit this event after a successful withdrawal inside the withdraw function. Finally, add a print statement that outputs "Withdrawal successful" after the event.

Blockchain / Solidity

pragma solidity ^0.8.0;

contract VulnerableBank {
    mapping(address => uint) public balances;
    bool private locked = false;

    // Declare Withdrawal event

    function deposit() public payable {
        balances[msg.sender] += msg.value;
    }

    function withdraw(uint amount) public {
        require(!locked, "Reentrant call detected");
        require(balances[msg.sender] >= amount, "Insufficient balance");

        locked = true;
        (bool success, ) = msg.sender.call{value: amount}("");
        require(success, "Transfer failed");
        balances[msg.sender] -= amount;
        locked = false;

        // Emit event and print success
        // Your code here
    }
}

Need a hint?

Declare event Withdrawal(address indexed user, uint amount); and emit it after withdrawal. Use print("Withdrawal successful") to show success.