26 Кві, 2023

Reentrancy (SWC-107)

Description

This vulnerability occurs when a contract calls an external contract without sufficient checks and the external contract is able to call back into the calling contract before the first invocation is complete. This can lead to unintended behavior and even enable an attacker to drain the contract’s funds.

To mitigate this vulnerability, developers should ensure that they use the “Checks-Effects-Interactions” pattern when calling external contracts. This means that all checks should be done before any external contract is called, and all state changes should be made after all external contracts have been called. This pattern helps to prevent reentrancy attacks by ensuring that the external contracts cannot change the state of the calling contract before it has finished executing.

In addition to this pattern, it is important to use appropriate access controls to prevent unauthorized access to sensitive functions and data, and to carefully review and audit smart contracts for potential vulnerabilities.

Відновлення

Reentrancy is a type of vulnerability that can occur when a contract calls an external contract that has not been fully executed yet, allowing the external contract to call back into the original contract and potentially modify its state. This can lead to unexpected behavior and can be used by attackers to exploit vulnerabilities in the contract.

To avoid this type of vulnerability, one best practice is to follow the Checks-Effects-Interactions pattern. This pattern involves performing all necessary checks and updating internal state before interacting with any external contracts. By doing so, you can ensure that the contract’s state is consistent and that any interactions with external contracts are safe and predictable.

In addition to the Checks-Effects-Interactions pattern, using a reentrancy lock can also help prevent reentrancy vulnerabilities. A reentrancy lock is a mechanism that prevents a contract from being reentered by multiple calls at the same time. OpenZeppelin’s ReentrancyGuard is an example of a widely-used reentrancy lock in Solidity. It uses a mutex (mutual exclusion) lock to prevent reentrancy attacks by limiting the number of times a function can be executed at the same time.

By following best practices like the Checks-Effects-Interactions pattern and using reentrancy locks, developers can reduce the risk of reentrancy vulnerabilities in their contracts.

Contract Samples

Code with a vulnerability

				
					pragma solidity 0.4.24;
contract SimpleDAO {
  mapping (address => uint) public credit;    
  function donate(address to) payable public{
    credit[to] += msg.value;
  }    
  function withdraw(uint amount) public{
    if (credit[msg.sender]>= amount) {
      require(msg.sender.call.value(amount)());
      credit[msg.sender]-=amount;
    }
  }  
  function queryCredit(address to) view public returns(uint){
    return credit[to];
  }
}

				
			

Code without a vulnerability

				
					pragma solidity 0.4.24;
contract SimpleDAO {
  mapping (address => uint) public credit;
  function donate(address to) payable public{
    credit[to] += msg.value;
  }  
  function withdraw(uint amount) public {
    if (credit[msg.sender]>= amount) {
      credit[msg.sender]-=amount;
      require(msg.sender.call.value(amount)());
    }
  }  
  function queryCredit(address to) view public returns (uint){
    return credit[to];
  }
}

				
			

Tools for scaning SWC-107

1. Mythril: It is a popular open-source smart contract security analysis tool that can detect reentrancy vulnerabilities.

2. Slither: It is a static analysis tool for smart contracts that can detect the SWC-107 vulnerability.

3. Securify: It is an automated security scanner for Ethereum smart contracts that can detect reentrancy vulnerabilities.

4. Oyente: It is a symbolic execution tool that can detect reentrancy vulnerabilities in smart contracts.

5. SmartCheck: It is a security analysis tool for smart contracts that can detect reentrancy and other vulnerabilities.

Загальна перерахування слабких місць (CWE)

CWE-841: Improper Enforcement of Behavioral Workflow

Mitigation for SWC-107

1. Use the Checks-Effects-Interactions pattern: This means that all state changes should be made before any external calls are made. This can help prevent reentrancy attacks, as the contract’s state is updated before any external calls are made.

2. Use the “withdraw pattern” for transferring funds: This involves keeping track of the balance of a user’s account within the contract and requiring the user to explicitly withdraw funds from the contract. This can help prevent reentrancy attacks, as the balance of the user’s account is updated before any external calls are made.

3. Use the latest version of the Solidity compiler: The latest version of the Solidity compiler includes a fix for the reentrancy vulnerability. By using the latest version of the compiler, developers can ensure that their contracts are protected against known vulnerabilities.

4. Limit the gas available to external calls: By limiting the gas available to external calls, developers can prevent reentrancy attacks from consuming all the available gas and causing the contract to revert.

5. Use mutex locks: Mutex locks can be used to prevent a function from being called recursively. This can help prevent reentrancy attacks by ensuring that only one instance of the function is executed at a time.

6. Avoid using call.value(): The call.value() function can be used to transfer Ether to another contract, but it also creates a low-level call that can be vulnerable to reentrancy attacks. Instead, developers should use transfer() or send() to transfer Ether to other contracts.

Висновок

SWC-107 is a critical vulnerability that can lead to a reentrancy attack in which a malicious contract can take over the control flow and interact with the calling contract in undesirable ways. To mitigate this vulnerability, it is recommended to follow best practices such as avoiding complex control flow, using the latest version of Solidity, and using the withdrawal pattern to transfer funds. Developers should also ensure that they are familiar with the contract they are interacting with and perform appropriate checks to prevent reentrancy attacks. Furthermore, the use of automated security tools and manual code reviews can also help to detect and mitigate this vulnerability.

Інші Послуги

Готові до безпеки?

зв'язатися з нами