🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Reentrancy

Reentrancy is a recursive call issue where a malicious contract calls back the caller contract, before the first call is completed. If a state change is needed before making another external call, i.e. setting a value to zero, the state change may never happen due to recursive calls.

The recursive call continues until either the gas is exhausted or the call stack is full or the balance of the caller contract becomes zero.

SWC 107 Reentrancy

Remediation

  • Make sure all internal state changes are performed before the call is executed. This is known as the Checks-Effects-Interactions pattern
  • Use a reentrancy lock

For more detail guide, refer to DAO and recursive calls mini course on SecDim Learn.

Metadata

  • Severity: high
  • Slug: reentrancy

CWEs

  • 841: Improper Enforcement of Behavioral Workflow
  • 284: Improper Access Control

OWASP

  • A01:2021: Broken Access Control
  • SC05:2025: Reentrancy
Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.