Understanding Re-entrancy Attacks in Smart Contracts

Sep 12, 2024

Smart Contract Hacking and Security: Re-entrancy Attack

Introduction

  • Speaker: Jonny
  • Topic: Smart contract hacking and security, focusing on re-entrancy attacks.
  • Importance: Millions lost due to these attacks (e.g., DAO in 2017, $150M lost, and more recent attacks).

What is a Re-entrancy Attack?

  • Definition: A vulnerability allowing an attacker to re-enter a function before its execution is complete.
  • Historical Context: Notable incidents include:
    • DAO Incident (2017): $150 million lost.
    • Wintermute (April 2022): $80 million stolen.
    • Rivet Finance (March 2022): $11 million stolen.

Educational Intent

  • Aim: To educate on re-entrancy attacks for protective, ethical hacking (white hat) rather than malicious intent.
  • Practical Simulation: Attacks will be simulated using Hardhat and Solidity.
  • Code Security: Learning to write secure code against re-entrancy vulnerabilities.

Understanding Re-entrancy Attack

  • Mechanism:
    • An attacker can repeatedly call a function to withdraw funds before the balance is updated.
    • Example with a bank smart contract:
      • Smart contract stores user balances in a mapping.
      • Withdrawal sends Ether first, then updates the balance, leading to multiple withdrawals before balance update.

Illustration of Attack

  • Scenario:
    • User (Bob) deposits 3 Ether.
    • Withdrawal function sends Ether to Bob and only then updates his balance.
    • If Bob is a malicious smart contract, it triggers a fallback function to re-call the withdrawal function multiple times.

Code Example: Ether Bank

  • Deposit Function: Accepts Ether and updates balance.
  • Withdrawal Function: Sends Ether first, then updates the balance, creating vulnerability.

Practical Simulation

  • Setting Up:
    • Using Hardhat to simulate a local blockchain to deploy smart contracts.
    • Scripts to deploy the bank contract, simulate deposits, and execute attacks.

Attack Plan

  • Attack Contract:
    • Deploy a malicious contract that first deposits 1 Ether and then calls the withdrawal function.
    • Use a fallback function to recursively call withdraw until the bank is drained.

Code Implementation

  • Attack Contract Outline:
    • Interface for Ether Bank with deposit and withdrawal functions.
    • Execute function to start the attack:
      • Deposit 1 Ether.
      • Call withdrawal to initiate the re-entry.
    • Fallback function to check balance and withdraw again if funds remain.

Protecting Against Re-entrancy Attacks

  • Best Practices:
    • Update State Variables First: Always update balance before sending Ether.
    • Mutex Lock: Use a boolean variable to restrict re-entrance.
      • Implement a modifier (e.g., re-entrancy guard) to enforce this lock.
    • Using Libraries: Leverage OpenZeppelin’s re-entrancy guard for built-in protection.

Conclusion

  • Recap: Understanding and simulating re-entrancy attacks helps in writing secure smart contracts.
  • Call to Action: Like, subscribe, and provide feedback on further topics for future videos.