DEFI RISK AND SMART CONTRACT SECURITY

How to Stop Reentrancy Loops Before They Strike

10 min read
#Smart Contract #security #Audit #Reentrancy #Mitigation
How to Stop Reentrancy Loops Before They Strike

When a smart contract talks to another contract, it’s like borrowing a coffee mug from a friend to drink your tea. You expect the mug to stay in the cupboard after you return it, but if the friend decides to spill the tea, pull the mug out again, fill it, and start the cycle again, you’re in trouble. In DeFi, that spill is a reentrancy attack—a loop that keeps draining the contract’s balance without ever stopping.

The first thing that sets fear in my mind is seeing a project’s balance vanish overnight. I remember watching a snapshot of the Poly Network hack; it made headlines not because of how many tokens were stolen, but because the same mistake—reentrancy—was the knife that sliced through two unrelated protocols. When that news came around, I was thinking about my own portfolio and whether I’d put too much trust in an interface that promised “simple yield farming” without looking under the hood.

The Core of a Reentrancy Loop

Reentrancy happens when a contract calls an external address that, in turn, calls back into the original contract before the first call finishes. Let’s break down the typical sequence:

  1. Caller invokes Target.
  2. Target calls an External contract.
  3. External re‑enters Target before the first execution completes.
  4. The state of Target is still in flux, so the re‑entered call can manipulate balances or storage that shouldn’t be modified until the original call finishes.

Each time the contract re‑enters, another balance change can happen, and the loop can continue until the gas runs out. That’s why the old DAO hack drained a large chunk of its tokens in one go.

The heart of the danger is that the contract can finish executing after the state has already been corrupted. Think of it like a recipe that sets the oven temperature at the last minute. If someone else can change the oven temperature again before the dish is finished, the meal is ruined.

Why It Matters for Everyday Investors

You might ask: “I’m just an investor, not a coder. Should I care?” Absolutely. Imagine you invest in a yield aggregator that has a weak reentrancy defense. The aggregator uses its balance to pay out profits. If an attacker can drain that balance by repeatedly calling the withdraw function, the aggregator’s ability to honor payouts collapses. Even if you didn’t touch the code, your exposure might be via the protocol’s token.

Also, remember the compound effect. A successful reentrancy attack on a liquidity pool can reduce the pool’s liquidity, which spreads to smaller projects that borrow from it. It’s the same way that a local coffee shop that suddenly runs dry of beans influences the whole supply chain. So even if the protocol you invested in survives, the ripple can affect assets you hold in your portfolio.

Classic Real‑World Attacks

The DAO (2016)

The easiest way to see the pattern: The attackers made a recursive call through a pull‑payment pattern. Each time the DAO contract sent tokens, the attacker called withdraw() again before the first call balanced.

Parity Multisig (2017)

In 2017, the Parity wallet library’s fallback transfer function allowed attackers to call transfer again before state updates, triggering a loop that froze hundreds of billions of dollars.

Poly Network (2021)

The Poly Network attack exploited a reentrancy flaw in the cross‑chain bridge. The attacker used a malicious contract that re‑entered the bridge contract during its transfer, effectively taking funds without ever needing a signature from Poly’s team.

These attacks aren't just old gossip. They illustrate that reentrancy is a timeless problem in Ethereum’s architecture—if you write a function that alters state after calling an external delegate, you’re opening a doorway.

Anatomy of a Reentrancy Attack

Let’s diagram it mentally. Suppose Pool.withdraw(amount) does:

function withdraw(uint256 amount) external {
    User storage user = users[msg.sender];
    uint256 bal = user.balance;
    require(bal >= amount);
    // Transfer out
    user.token.transfer(msg.sender, amount);
    // Update balance *after*
    user.balance -= amount;
}

The vulnerable spot: the transfer happens before the balance update. The malicious contract’s receive() (or fallback) triggers withdraw() again before the first transaction finishes. The attacker now sees the original bal and can pull more than they should.

The loop ends only when the gas limit is reached or the external call to transfer() reverts. But the state might already be corrupted.

Defensive Patterns

1. Checks-Effects-Interactions

This is the golden rule. Move state changes before external calls:

user.balance -= amount;          // Effect
user.token.transfer(msg.sender, amount); // Interaction

If an attacker re‑enters, the state has already been updated. The require check will fail, preventing further damage.

2. Reentrancy Guard

Add a simple mutex to gate re‑entrant calls:

bool private locked;
modifier noReentrancy() {
    require(!locked, "ReentrancyGuard: reentrant call");
    locked = true;
    _;
    locked = false;
}

Deploying noReentrancy() on the function that interacts with external addresses protects against recursive calls. It’s used in OpenZeppelin’s contracts, so a lot of standards already include it.

3. Pull Over Push

Instead of pushing tokens to users, let them pull:

// Withdraw function
function requestWithdrawal(uint256 amount) external {
    User storage user = users[msg.sender];
    require(user.balance >= amount, "Insufficient balance");
    user.balance -= amount;
    user.pendingWithdrawal += amount;
}

// Then a separate function for users to pull
function withdraw() external {
    uint256 amount = users[msg.sender].pendingWithdrawal;
    users[msg.sender].pendingWithdrawal = 0;
    user.token.transfer(msg.sender, amount);
}

Now, the external transfer happens outside the main state‑mutation routine. If a malicious user re‑enters, they just see the updated pending balance, which is locked.

Pull‑pull patterns naturally decouple the function that changes state from the one that interacts with outside contracts, creating a barrier against many reentrancy types.

4. Transfer Helper Libraries

For ERC20 tokens that may not follow the standard, use SafeERC20 from OpenZeppelin. It checks return values and uses low‑level calls with proper safety checks. That prevents a token contract from dropping the Ether you’re sending into a recursive loop.

5. Explicit Gas Stipends

Call external contracts with a limited gas stipend using call{gas: 20000} (the old example). This prevents a re‑entrant function from having enough gas to call back into the same contract. But modern best practice favors Checks-Effects-Interactions and reentrancy guards over gas‑limiting tricks.

Auditing and Tooling

You may wonder whether audits are a waste of time. Think of audits as hiring a gardener who looks over your plant’s health and points out hidden pests. If you ignore that advice, the plant may still look tidy but could be wilting under the surface.

  • Formal verification: Tools like Slither and Manticore can highlight reentrancy patterns automatically. They scan the byte code for patterns in which a call is followed by a state variable write.
  • Manual review: A senior developer can spot subtle reentrancy vulnerabilities that automated tools miss, especially when patterns involve dynamic calls or delegatecall usage.
  • Security communities: Engaging with the Ethereum security mailing lists or Discords can bring fresh eyes to your code. Many projects publish audit reports publicly, and reviewers often point out reentrancy concerns.

Audits are not guarantees but are a safety net that reduces the probability of a failure by highlighting potential loops before they’re exploited. Remember, the goal is reduction of risk, not elimination.

Deployment and Governance Safeguards

Even the safest code can break if deployed wrong. Governance mechanisms can act as a failsafe.

  • Pause mechanisms: Include a Pausable module that lets the contract owner pause critical functions. In a sudden reentrancy attempt, the operator can pause the withdraw functions across the board until the issue is resolved.
  • Upgradeability: Using a proxy pattern allows you to update the logic contract if you discover a vulnerability after deployment. Upgradeability with a controlled admin role is like installing a newer firmware on your router to patch a security hole.
  • Timelocks: For major changes (like adding a new withdraw method or removing a guard), enforce a timelock. This gives the community a chance to review before the change goes live.

When a project has community governance, it’s essential that the DAO holds enough authority to call setPause(true) or upgradeProxy() quickly.

How to Protect Yourself as an Investor

  1. Read the audit reports: Before depositing, glance through the audit summary. If reentrancy defenses are present, they’re usually highlighted. Look for words like ReentrancyGuard, pull payment, or checks effects interactions.
  2. Verify the code: Use Etherscan to view the verified source. Look at the withdraw or transfer functions; check their order of operations.
  3. Check the community sentiment: Active community discussions in forums often surface subtle concerns that audit reports miss. If you see a lot of noise about a vulnerability, tread carefully.
  4. Limit exposure: Don’t put all your investments into one protocol with a new code base. Diversify across chains and ecosystems to reduce the risk of catastrophic loss from a single reentrancy hole.
  5. Keep an eye on security updates: When a protocol issues a patch or an upgrade for a reentrancy issue, apply it. Think of it as updating the software on your computer—ignore it and you’re vulnerable.

A Practical, Grounded Takeaway

Reentrancy loops are like an open back door that a savvy thief can swing through repeatedly. The cure? Make the door slam shut between each sweep. Apply the Checks‑Effects‑Interactions pattern to every function that calls out, wrap vulnerable functions in a ReentrancyGuard, and adopt pull over push when possible. If your protocol uses ERC20 tokens, enforce the safe transfer library.

When you’re reviewing a protocol, ask yourself:

  • Is the user’s balance updated before the transfer occurs?
  • Does the function use a guard to prevent recursion?
  • If an attacker calls back, can they see any state change that persists?
  • Is there a pause or timelock that would activate if an abnormal pattern emerges?

If you answer “yes” to most of these questions, you’re dealing with a healthy contract. If you can’t find a clear answer, that’s a red flag.

When you feel uncertain—because even seasoned developers can miss a corner case—seek external audits or community review. Don’t be afraid to walk away; a protocol that does not demonstrate a commitment to reducing risk is a place where your funds might get caught in an unwanted loop.

Let’s zoom out. Think of DeFi contracts as gardens on a shared plot. Just as you wouldn’t leave a fence open, don’t leave a reentrancy guard open. A small, well‑installed gate can prevent a thief but also keeps your plants (investments) safe and growing.

Markets test patience before rewarding it. Reentrancy defenses test the contract’s resilience. Stay calm, stay informed, and keep your risk in check.

JoshCryptoNomad
Written by

JoshCryptoNomad

CryptoNomad is a pseudonymous researcher traveling across blockchains and protocols. He uncovers the stories behind DeFi innovation, exploring cross-chain ecosystems, emerging DAOs, and the philosophical side of decentralized finance.

Back

Contents