// GLOSSARY -- SECURITY & COMPLIANCE

What is Reentrancy Attack?

1 min read Updated

A reentrancy attack exploits a smart contract vulnerability where an external call allows the attacker to re-enter the contract before the first execution completes — potentially draining funds by repeating withdrawal logic.

WHY IT MATTERS

Reentrancy is the most famous smart contract vulnerability. The pattern: a contract sends ETH to an address before updating its state. The receiving contract's fallback function re-calls the original contract, which still shows the old (higher) balance. The withdrawal repeats until the contract is drained.

The DAO hack (2016, $60M) was a reentrancy attack that led to Ethereum's most controversial hard fork. Despite being well-known, reentrancy variants continue to cause exploits — cross-function reentrancy, cross-contract reentrancy, and read-only reentrancy.

Prevention: follow the checks-effects-interactions pattern (update state before external calls), use reentrancy guards (mutexes), and consider using pull-over-push payment patterns.

FREQUENTLY ASKED QUESTIONS

How does the checks-effects-interactions pattern prevent reentrancy?
By updating state (effects) before making external calls (interactions). When the attacker re-enters, the state already reflects the withdrawal, so the check fails.
Is reentrancy still a real threat?
Yes. While simple reentrancy is caught by auditors, novel variants (cross-function, cross-contract, read-only) continue to cause exploits. The Curve Finance exploit in 2023 involved a reentrancy in Vyper.
What is a reentrancy guard?
A mutex (mutual exclusion lock) that prevents a function from being called again while it's still executing. OpenZeppelin's ReentrancyGuard is the standard implementation.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.