Re-Entrancy Attack

Solidity Programming Language
3 min readMar 10, 2022

Aim: To learn re-entrancy attack


Advisor: Grandzero

EtherStore contract

Deploy the EtherStore contract and deposits the ether from 3 different accounts.

0x5c6B0f7Bf3E7ce046039Bd8FABdfD3f9F5021678 deposits 10 ether


0x03C6FcED478cBbC9a4FAB34eF9f40767739D1Ff7 deposits 10 ether


0x1aE0EA34a72D944a8C7603FfB3eC30a6669E454C deposits 10 ether


Attack contract

We deploy Attack contract with EtherStore contract address.

Attack time!

function attack() external payable


require(msg.value >= 1 ether);

etherStore.deposit{value: 1 ether}();



We need 1 ether for attacking.

When you click the attack button:

1- require(msg.value >= 1 ether); this is require controlling whether you sent the 1 ether

2- etherStore.deposit{value: 1 ether}(); this deposits 1 ether to the EtherStore contract

3-etherStore.withdraw(); this call the withdraw function

4-(bool sent, ) ={value: bal}(“”);

This function works but it has fault.

You should use the call function with signature of the called function.

There is no signature.

1 ether sents to new contract but system falls to the fallback function.

5-System calls the fallback function

fallback() external payable


if (address(etherStore).balance >= 1 ether)



} }

6- Again, fallback function directs us to the withdraw function.

7–1 ether sents to new contract but system falls to the fallback function.


31- Attack code collects all the ethers from first contract.

Do you want to see in this process in debug?

Dr. Engin YILMAZ



Solidity Programming Language

Solidity basics for beginners: Learn the fundamentals of smart contract development and build your first DApp! #Solidity #Foundry #Ethereum #Opcodes #DApps