Auto-sync: 2026-04-21 00:02

wiki/concepts/Reentrancy.md

@@ -0,0 +1,40 @@
+---
+title: "Reentrancy"
+type: concept
+tags: [smart-contract, vulnerability, security]
+sources: [blockchain-security-auditor]
+last_updated: 2026-04-20
+---
+
+## Definition
+重入攻击（Reentrancy）是一种智能合约安全漏洞，攻击者通过在外部调用期间重新进入同一合约来操纵状态，导致同一笔资金被多次提取。
+
+## Vulnerability Pattern
+```solidity
+// VULNERABLE: External call BEFORE state update
+function withdraw() external {
+    uint256 amount = balances[msg.sender];
+    (bool success,) = msg.sender.call{value: amount}("");
+    balances[msg.sender] = 0; // State updated AFTER external call
+}
+```
+
+## Attack Mechanism
+1. 攻击者部署恶意合约
+2. 将资金存入目标合约
+3. 调用 withdraw()
+4. 目标合约执行外部调用（发送 ETH）
+5. 恶意合约的 receive() 在状态更新前被触发
+6. 重新调用 withdraw()
+7. 由于状态未更新，攻击者可再次提取资金
+
+## Mitigation
+- **Checks-Effects-Interactions**：先更新状态，再执行外部调用
+- **ReentrancyGuard**：OpenZeppelin 提供的重入锁修饰符
+- **Pull Payment**：使用 PullPayment 模式替代直接发送
+
+## Connections
+- [[Smart Contract Vulnerability]] ← is_type_of ← [[Reentrancy]]
+- [[Checks-Effects-Interactions]] ← prevents ← [[Reentrancy]]
+- [[ReentrancyGuard]] ← prevents ← [[Reentrancy]]
+