ExchangeDEX+

Buy Crypto Markets Spot Futures500X Earn Events

Reentrancy is one of the oldest and most documented attack vectors in smart contract security. And yet — in 2025 — it’s still popping up…Continue reading on Coinmonks »Reentrancy is one of the oldest and most documented attack vectors in smart contract security. And yet — in 2025 — it’s still popping up…Continue reading on Coinmonks »

Reentrancy Bugs: Why They Still Break Smart Contracts

Author: Medium

Source: Medium

2025/10/24 20:06

WHY$0.00000001527-0.13%

SMART$0.003945-2.66%

Press enter or click to view image in full size

Reentrancy is one of the oldest and most documented attack vectors in smart contract security. And yet — in 2025 — it’s still popping up in real-world audits, bug bounties, and mainnet exploits.

This post isn’t a tutorial. It’s a pattern review. A breakdown of where developers still get it wrong, and how subtle variations of reentrancy continue to break production protocols.

1. The Classic Pattern Still Appears

You’ve seen this one in every blog post since The DAO hack (2016), but developers still write it:

function withdraw() public {
uint amount = balances[msg.sender];
(bool sent, ) = msg.sender.call{value: amount}("");
require(sent, "Transfer failed");
balances[msg.sender] = 0;
}

🧠 What’s wrong?
State is updated after external call. If the receiving contract is malicious, it can recursively call withdraw() before balances[msg.sender] is reset.

2. The Safe Pattern (Still Ignored)

function withdraw() public {
uint amount = balances[msg.sender];
balances[msg.sender] = 0;
(bool sent, ) = msg.sender.call{value: amount}("");
require(sent, "Transfer failed");
}

Market Opportunity

WHY Price(WHY)

$0.00000001527

$0.00000001527$0.00000001527

-0.13%

USD

WHY (WHY) Live Price Chart

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.