Reentrancy Attack Patterns: Detection and Prevention

Frequently Asked Questions

01.What is the difference between single-function and cross-function reentrancy?

Single-function reentrancy occurs when an attacker re-enters the same function before its state updates complete, exploiting the window between an external call and the subsequent storage write. Cross-function reentrancy is more subtle: the attacker calls a different function in the same contract that shares mutable state with the original function, bypassing guards that only protect individual functions rather than shared state. The Cream Finance 2021 exploit used a cross-function path via ERC-777 receive callbacks to drain funds from a lending pool that had no single-function guard failure.

02.Does the CEI pattern alone guarantee protection against all reentrancy variants?

No. The Checks-Effects-Interactions pattern prevents the most common single-function variant by ensuring all state is committed before any external call executes. However, it does not protect against read-only reentrancy, where an attacker re-enters a view function mid-transaction to read stale state that another contract uses as a price or balance signal. It also does not cover cross-contract reentrancy attacks where two cooperating contracts exploit shared state across different protocol contracts. CEI must be combined with nonReentrant guards and, for high-value protocols, formal verification to cover all four attack surfaces.

03.What does Certora Prover add that Slither and Echidna cannot provide?

Slither is a static analysis tool that matches code patterns against known vulnerability signatures. Echidna is a fuzzer that explores state transitions probabilistically up to a bounded iteration count. Both can miss vulnerabilities in unexplored execution paths. Certora Prover performs formal mathematical verification: it encodes your contract and your invariant specifications as a satisfiability problem and proves, with mathematical certainty, that no execution sequence can violate those invariants. This means a passing Certora run guarantees the invariant holds for all possible inputs and call sequences, not only the ones Slither detected or Echidna happened to reach.

04.How does EIP-1153 transient storage change reentrancy guard implementation?

EIP-1153 introduces TSTORE and TLOAD opcodes that write to storage slots cleared automatically at transaction end, with no gas refund mechanism needed. A reentrancy lock implemented with TSTORE costs approximately 100 gas to set and 100 gas to read, compared to the 2,200 gas cold SLOAD and 5,000 gas SSTORE required by a conventional nonReentrant guard using persistent storage. For protocols executing thousands of transactions daily, this efficiency difference compounds materially. The lock is still enforced: a re-entrant call mid-transaction sees the TSTORE value as set and reverts. The key benefit is eliminating the persistent storage write cost while preserving the security guarantee.