What is re-entrancy

Re-entrancy happens in single-thread computing environments, when the execution stack jumps or calls subroutines, before returning to the original execution.

On one hand, this single-thread execution ensures contracts’ atomicity and eliminates some race conditions. On the other hand, contracts are vulnerable to poor execution ordering.

Example of poor code ordering: transferring the amount before deducting from internal balances ledger

In the example above, Contract B is a malicious contract which recursively calls A.withdraw() to deplete Contract A’s funds. Note that the fund extraction successfully finishes before Contract A returns from its recursive loop, and even realizes that B has extracted way above its own balance.

This Ethernaut level exploits this reentrancy issue and the following, additional factors that led to the DAO hack: