Reentrancy Attacks
A chronological and (hopefully) complete list of reentrancy attacks to date.
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Openzeppelin Contracts | 21,798 |  | 51 | 1,033 | 11 hours ago | 63 | September 07, 2022 | 179 | mit | JavaScript |
| OpenZeppelin Contracts is a library for secure smart contract development. | ||||||||||
| Smart Contract Best Practices | 6,529 | 3 months ago | 22 | |||||||
| A guide to smart contract security best practices | ||||||||||
| Capstone | 6,264 | 2 | 4 hours ago | 2 | April 12, 2022 | 349 | other | C | ||
| Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings. | ||||||||||
| Awesome Solidity | 5,801 | 3 days ago | 7 | |||||||
| ⟠ A curated list of awesome Solidity resources, libraries, tools and more | ||||||||||
| Quorum | 4,319 | 2 | 8 hours ago | 200 | March 14, 2022 | 27 | lgpl-3.0 | Go | ||
| A permissioned implementation of Ethereum supporting data privacy | ||||||||||
| Meshbird | 3,446 | 2 months ago | January 30, 2016 | 12 | apache-2.0 | Go | ||||
| Distributed private networking | ||||||||||
| Manticore | 3,371 |  | 1 | 1 | 7 days ago | 723 | July 07, 2022 | 261 | agpl-3.0 | Python |
| Symbolic execution tool | ||||||||||
| Mythril | 3,083 |  | 8 | 3 | 9 days ago | 292 | June 20, 2022 | 92 | mit | Python |
| Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. | ||||||||||
| Lighthouse | 2,269 | 6 hours ago | 1 | December 29, 2021 | 274 | apache-2.0 | Rust | |||
| Ethereum consensus client in Rust | ||||||||||
| Echidna | 2,014 | 6 hours ago | 129 | agpl-3.0 | Solidity | |||||
| Ethereum smart contract fuzzer | ||||||||||
Alternatives To Reentrancy AttacksSelect To Compare
Alternative Project Comparisons
Readme
A Historical Collection of Reentrancy Attacks
** Definition of a Reentrancy Attack**
Unsafe external call(s) that allow(s) malicious manipulation of the internal and/or associated external contract state(s).
** Types of Reentrancy Attacks**
- Single-Function Reentrancy
- Cross-Function Reentrancy
- Cross-Contract Reentrancy
- Cross-Chain Reentrancy
- Read-Only Reentrancy
** Reentrancy Attacks List**
A chronological and (hopefully) complete list of reentrancy attacks to date.
- WETH white hat attack June 10, 2016 | Victim contract, Exploit contract, Exploit transaction
- The DAO attack June 17, 2016 | Victim contract, Exploit contract, Exploit transaction
- SpankChain attack October 9, 2018 | Victim contract, Exploit contract, Exploit transaction
- imBTC Uniswap pool attack April 18, 2020 | Victim contract, Exploit contract, Exploit transaction
- Lendf.Me attack April 19, 2020 | Victim contract, Exploit contract, Exploit transaction
- Akropolis attack November 12, 2020 | Victim contract, Exploit contract, Exploit transaction
- ValueDeFi attack May 7, 2021 | Victim contract, Exploit contract, Exploit transaction
- Rari Capital attack May 8, 2021 | Victim contract, Exploit contract, Exploit transaction
- BurgerSwap attack May 27, 2021 | Victim contract, Exploit contract, Exploit transaction
- Iron Finance attack June 16, 2021 | Victim contract, Exploit contract, Exploit transaction
- PolyDEX attack June 20, 2021 | Victim contract, Exploit contract, Exploit transaction
- DeFiPie attack July 12, 2021 | Victim contract, Exploit contract, Exploit transaction
- Sanshu Inu attack July 20, 2021 | Victim contract, Exploit contract, Exploit transaction
- XSURGE attack August 16, 2021 | Victim contract, Exploit contract, Exploit transaction
- C.R.E.A.M. Finance attack August 30, 2021 | Victim contract, Exploit contract, Exploit transaction
- Siren Protocol attack September 3, 2021 | Victim contract, Exploit contract, Exploit transaction
- CreatureToadz attack October 21, 2021 | Victim contract, Exploit contract, Exploit transaction
- Grim Finance attack December 18, 2021 | Victim contract, Exploit contract, Exploit transaction
- Visor Finance attack December 21, 2021 | Victim contract, Exploit contract, Exploit transaction
- HypeBears attack February 3, 2022 | Victim contract, Exploit contract, Exploit transaction
- Bacon Protocol attack March 5, 2022 | Victim contract, Exploit contract, Exploit transaction
- Paraluni attack March 13, 2022 | Victim contract, Exploit contract, Exploit transaction
- Hundred Finance attack March 15, 2022 | Victim contract, Exploit contract, Exploit transaction
- Agave Finance attack March 15, 2022 | Victim contract, Exploit contract, Exploit transaction
- Revest Finance attack March 27, 2022 | Victim contract, Exploit contract, Exploit transaction
- Voltage Finance attack March 31, 2022 | Victim contract, Exploit contract, Exploit transaction
- BNB Brokers attack April 27, 2022 | Victim contract, Exploit contract, Exploit transaction
- Fei Protocol attack April 30, 2022 | Victim contract, Exploit contract, Exploit transaction
- Bistroo attack May 7, 2022 | Victim contract, Exploit contract, Exploit transaction
- Ownly attack May 10, 2022 | Victim contract, Exploit contract, Exploit transaction
- Omni attack July 10, 2022 | Victim contract, Exploit contract, Exploit transaction
- Stader Labs NearX attack August 16, 2022 | Victim contract, Exploit contract[^1], Exploit transaction
- Thunder Brawl attack September 30, 2022 | Victim contract, Exploit contract, Exploit transaction
- QuickSwap Lend attack October 23, 2022 | Victim contract, Exploit contract, Exploit transaction
- n00dleSwap attack October 25, 2022 | Victim contract, Exploit contract, Exploit transaction
- DFX Finance attack November 10, 2022 | Victim contract, Exploit contract, Exploit transaction
- Defrost Finance attack December 23, 2022 | Victim contract, Exploit contract, Exploit transaction
- Jaypeggers attack December 29, 2022 | Victim contract, Exploit contract, Exploit transaction
- Midas Capital attack January 15, 2023 | Victim contract, Exploit contract, Exploit transaction
- 2Pi Network attack January 15, 2023 | Victim contract, Exploit contract, Exploit transaction
- Abracadabra Money white hat attack January 16, 2023 | Victim contract, Exploit contract, Exploit transaction
- Orion Protocol attack February 2, 2023 | Victim contract, Exploit contract, Exploit transaction
- dForce Network attack[^2] February 9, 2023 | Victim contract, Exploit contract, Exploit transaction
- Dynamic attack February 22, 2023 | Victim contract, Exploit contract, Exploit transaction
Some of the exploits carried out involve multiple separate transactions as well as multiple victim and exploit contracts. For each attack, I have listed the most affected victim contract, the most critical exploit contract, and the most devastating exploit transaction.
Disclaimer
[^1]: We list the attacker's address here for the sake of completeness, but technically the attack was executed with a Near-specific transaction type called "Batch Transaction" and not with a specific exploit contract. [^2]: We list the victim contract, the exploit contract, and the exploit transaction on Arbitrum. However, the same exploit was carried out on Optimism with almost the same amount of loss: Victim contract, Exploit contract, Exploit transaction.
Popular Security Projects
Popular Ethereum Projects
Popular Security Categories
Related Searches
Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Security
Ethereum
Solidity
Exploitation
Smart Contracts