nexus/wiki/concepts/Reentrancy.md

title, type, tags, sources, last_updated

title	type	tags	sources	last_updated
Reentrancy	concept	smart-contract vulnerability security	blockchain-security-auditor	2026-04-20

Definition

重入攻击（Reentrancy）是一种智能合约安全漏洞，攻击者通过在外部调用期间重新进入同一合约来操纵状态，导致同一笔资金被多次提取。

Vulnerability Pattern

// VULNERABLE: External call BEFORE state update
function withdraw() external {
    uint256 amount = balances[msg.sender];
    (bool success,) = msg.sender.call{value: amount}("");
    balances[msg.sender] = 0; // State updated AFTER external call
}

Attack Mechanism

1. 攻击者部署恶意合约
2. 将资金存入目标合约
3. 调用 withdraw()
4. 目标合约执行外部调用（发送 ETH）
5. 恶意合约的 receive() 在状态更新前被触发
6. 重新调用 withdraw()
7. 由于状态未更新，攻击者可再次提取资金

Mitigation

• Checks-Effects-Interactions：先更新状态，再执行外部调用
• ReentrancyGuard：OpenZeppelin 提供的重入锁修饰符
• Pull Payment：使用 PullPayment 模式替代直接发送

Connections

• Smart Contract Vulnerability ← is_type_of ← Reentrancy
• Checks-Effects-Interactions ← prevents ← Reentrancy
• ReentrancyGuard ← prevents ← Reentrancy