Reentrancy
What it detects
Reentrancy occurs when a contract makes an external call that re-enters the same contract before previous state changes are finalized. This detector looks for patterns like state updates after call or missing reentrancy guards.
Typical symptoms
- External calls made before updating balances
- Lack of a mutex or
nonReentrantmodifier
Solidity snippet (v0.8.25)
pragma solidity ^0.8.25;
contract Reentrant {
mapping(address => uint256) public balances;
function withdraw() external {
uint256 amount = balances[msg.sender];
// External call before state update
(bool ok, ) = msg.sender.call{value: amount}("");
require(ok, "failed");
balances[msg.sender] = 0;
}
}
Why it matters on EVM
Classic reentrancy attacks can drain funds or break assumptions about atomic operations in smart contracts.