Home/Blockchain/Reentrancy Attack Simulator/Introduction

Previous Module

Gas Fee Visualization

🔄 Reentrancy Attacks: The $60M DAO Hack

Discover the vulnerability that nearly destroyed Ethereum in 2016

Your Progress

0 / 5 completed

🚨 Understanding Reentrancy Attacks

Reentrancy is one of the most devastating smart contract vulnerabilities. It allowed the infamous 2016 DAO hack that drained $60 million and led to Ethereum's hard fork.

🎯 Interactive: Vulnerability Types Explorer

Explore the 4 main types of reentrancy vulnerabilities:

💸

Withdrawal Reentrancy

Critical

Most common: attacker reenters during ETH withdrawal

Vulnerable Pattern

Updates balance AFTER sending ETH

Impact

Complete fund drainage

Real-World Example

The DAO hack ($60M stolen)

What is a Reentrancy Attack?

A reentrancy attack occurs when a malicious contract calls back into the victim contract before the first invocation finishes. This allows the attacker to repeatedly execute functions while the contract's state is inconsistent.

The Basic Pattern:

User calls vulnerable function

Example: withdraw(1 ETH)

Contract sends ETH to user

msg.sender.call(value: 1 ETH)

⚠️ Malicious fallback triggered

Attacker's receive() function executes

⚠️ Attacker calls withdraw() again

Balance not yet updated, check passes

⚠️ Repeat until contract drained

Original balance update never happens

Why It's So Dangerous

💰

Massive Financial Loss

The DAO hack alone resulted in $60M stolen. Many DeFi protocols have lost millions to reentrancy.

🔍

Hard to Detect

Code can look correct at first glance. The vulnerability emerges from execution order, not syntax.

⚡

Automated Exploitation

Bots scan for vulnerable contracts 24/7. Attacks happen within minutes of deployment.

🌐

Network Impact

Major hacks can affect network stability, gas prices, and user trust in the entire ecosystem.

What You'll Learn

1️⃣

The DAO Hack

Deep dive into the historic 2016 exploit that drained $60M and forced Ethereum's hard fork.

2️⃣

Attack Mechanics

Step-by-step simulation of how reentrancy attacks work and why contracts are vulnerable.

3️⃣

Prevention Techniques

Checks-Effects-Interactions pattern, ReentrancyGuard, and other battle-tested solutions.

4️⃣

Secure Code Patterns

Practical examples of vulnerable vs secure implementations you can use immediately.

⚠️ Critical Warning

Even experienced developers write vulnerable code. According to ConsenSys Diligence, reentrancy vulnerabilities appear in approximately 8% of all audited smart contracts.

Key takeaway: Every external call is potentially dangerous. Always assume untrusted contracts can execute arbitrary code.