0
0
Blockchain / Solidityprogramming~10 mins

Reentrancy attacks in Blockchain / Solidity - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Concept Flow - Reentrancy attacks
Start Transaction
Call External Contract
External Contract Calls Back
Re-enter Vulnerable Function
Modify State Unexpectedly
Complete Original Function
Funds Drained or State Corrupted
This flow shows how a contract calls an external contract, which then calls back into the original contract before its state is updated, causing unexpected state changes.
Execution Sample
Blockchain / Solidity
function withdraw(uint amount) public {
  require(balances[msg.sender] >= amount);
  (bool success, ) = msg.sender.call{value: amount}();
  require(success);
  balances[msg.sender] -= amount;
}
This function sends Ether to the caller before updating their balance, allowing reentrancy if the caller is a contract.
Execution Table
StepActionbalances[msg.sender]Call SuccessState ChangeNotes
1Check balance >= amount100N/ANoBalance sufficient, proceed
2Send Ether via call100trueNoEther sent, external call starts
3External contract calls withdraw again100N/ANoReentrancy occurs before balance update
4Check balance >= amount (reentrant)100N/ANoStill sufficient, proceed again
5Send Ether via call (reentrant)100trueNoEther sent again
6Update balance (reentrant)0N/AYesBalance set to 0 after reentrant call
7Return from reentrant call0N/ANoBack to first call
8Update balance (original call)0N/AYesBalance set to 0 again, but funds already drained
9End function0N/ANoFunds drained due to reentrancy
💡 Execution stops after balance is drained due to reentrancy before state update.
Variable Tracker
VariableStartAfter Step 2After Step 6After Step 8Final
balances[msg.sender]100100000
Call SuccessN/AtrueN/AN/AN/A
Key Moments - 3 Insights
Why does the balance not update before the external call?
Because the balance is updated after sending Ether (step 8), the external contract can call back before the update (step 3), causing reentrancy.
What allows the external contract to call withdraw again?
The external call uses low-level call which forwards control, allowing the external contract to re-enter the vulnerable function before state changes.
Why is the balance zero after the reentrant call?
Because the balance is only updated after the external call returns, the reentrant call drains funds before the balance is reduced.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is balances[msg.sender] after step 6?
A0
B100
C50
DUndefined
💡 Hint
Check the 'balances[msg.sender]' column at step 6 in the execution_table.
At which step does the external contract call withdraw again?
AStep 5
BStep 2
CStep 3
DStep 8
💡 Hint
Look for the row mentioning 'External contract calls withdraw again' in the execution_table.
If the balance was updated before the external call, how would the execution_table change?
AReentrancy would still occur with same results
BThe balance would be reduced before call, preventing reentrancy
CThe call success would be false
DThe external contract could not call back
💡 Hint
Consider the variable_tracker and when balances[msg.sender] changes relative to the call.
Concept Snapshot
Reentrancy attacks happen when a contract calls an external contract before updating its own state.
The external contract can call back into the original contract, causing unexpected repeated execution.
Always update state before sending Ether or calling external contracts.
Use patterns like checks-effects-interactions to prevent this.
Low-level calls (call, delegatecall) can enable reentrancy if not handled carefully.
Full Transcript
This visual trace shows a reentrancy attack in a blockchain smart contract. The withdraw function sends Ether to the caller before updating the caller's balance. Because the balance update happens after the external call, a malicious contract can call withdraw again during the external call, draining funds multiple times. The execution table tracks each step, showing the balance remains unchanged during the reentrant call, allowing repeated withdrawals. The variable tracker highlights how balances[msg.sender] changes only after the reentrant call finishes, causing the vulnerability. Key moments clarify why the order of operations matters and how reentrancy happens. The quiz tests understanding of the balance changes and call flow. The snapshot summarizes the key rule: always update state before external calls to prevent reentrancy.