07.SWC-107_Reentrancy
2023-07-13 15:50:58 # 09.SWC

SWC-107_Reentrancy

State Variable Default Visibility

  • Description: One of the major dangers of calling external contracts is that they can take over the control flow. In the reentrancy attack (a.k.a. recursive call attack), a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways.
  • Remediation: The best practices to avoid Reentrancy weaknesses are:

vulnerability contract

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
pragma solidity ^0.5.0;

contract ModifierEntrancy {

mapping (address => uint) public tokenBalance;
string constant name = "Nu Token";
Bank bank;

constructor() public{
bank = new Bank();
}

//If a contract has a zero balance and supports the token give them some token
function airDrop() hasNoBalance supportsToken public{
tokenBalance[msg.sender] += 20;
}

//Checks that the contract responds the way we want
modifier supportsToken() {
// reentrancy vulneability
require(keccak256(abi.encodePacked("Nu Token")) == bank.supportsToken());
_;
}

//Checks that the caller has a zero balance
modifier hasNoBalance {
require(tokenBalance[msg.sender] == 0);
_;
}
}

contract Bank{

function supportsToken() external returns(bytes32) {
// reentrancy
return keccak256(abi.encodePacked("No Token"));
}

}
Prev
2023-07-13 15:50:58 # 09.SWC
Next