Common Attack Vectors

Secure your smart contracts from reentrancy attacks

A reentrancy attack is a classic yet still highly relevant threat in the world of smart contracts. They allow a malicious contract to repeatedly call a function in another contract before the original function updates its state. This sequence lets attackers drain funds from the victim's contract.
Book Demo
Trusted by leading Web3 projects
Detect abnormal function call sequences in real-time
Prevent fund drainage before transactions complete
Guard against reentrancy across 24+ chains simultaneously
What is a reentrancy attack?
Attackers exploit function callbacks to repeatedly withdraw funds before state updates complete. By calling the same function recursively, they drain contracts before balances are recorded

How reentrancy attack work

Initial Call
The attacker’s contract calls a vulnerable function such as withdraw() on the victim contract.
External Call
The victim contract sends funds back to the attacker’s contract.
Re-call
The attacker’s fallback function triggers another call to withdraw() before the balance is updated.
Repeat
Since the balance is not yet reduced, the withdraw() call succeeds again. The cycle continues until the contract is drained.
Why traditional smart contract audits don’t catch reentrancy attacks
Audits analyze isolated code. Flash loans exploit
live, multi-protocol interactions.
Reentrancy remains prevalent despite being well-known. Complex architectures, low-level calls, and cross-contract interactions create attack vectors audits miss. Modern variants cross-function reentrancy, cross-contract reentrancy, and read-only reentrancy exploit composable DeFi systems in ways static reviews can't predict.

Guardrail’s real-time monitoring protects your web3 project against reentrancy attacks

Our real-time security platform provides an essential layer of defense against reentrancy attacks, both for new protocols and existing contracts. While an audit can help identify potential vulnerabilities, our solution protects your contracts in real-time, even from undiscovered exploits.
Pre-execution Threat Simulation

Guardrail simulates every transaction in the mempool to identify any call stacks that could lead to a reentrancy attack. We analyze the sequence of external calls and state changes to detect malicious patterns. If a transaction attempts to exploit a reentrancy vulnerability, our platform can immediately flag it as a threat.

Real-Time Transaction Blocking

Our platform can be integrated with your protocol to automatically block transactions that attempt reentrancy attacks. This prevents malicious calls from being confirmed on-chain, protecting both your funds and your users.

Guards provide complete security coverage of every onchain

Pre-built Guards
Instantly set up ‘Guards’ for common attack vectors from our extensive blueprint library of 50+ ‘Guards’
Custom Guards
Custom monitoring for your unique protocol risks
Find out more

Frequently Asked Questions

Need more information?
Read our Docs
Why was the DAO hack significant for Ethereum security?

The DAO hack highlighted reentrancy vulnerabilities and led to a hard fork that split Ethereum into ETH and ETC. It reshaped security practices in smart contract development.

What best practices help developers prevent reentrancy?

Common practices include using the Checks-Effects-Interactions pattern, applying reentrancy guards, and avoiding low-level calls where possible.

Can reentrancy attacks target contracts beyond DeFi?

Yes. Any contract that transfers funds or tokens through external calls without proper state updates can be vulnerable, including NFT marketplaces and staking systems.

How does Guardrail’s simulation differ from static audits?

Audits provide a one-time code review. Guardrail simulates live transactions in real-time, detecting new attack attempts even if they exploit unknown vulnerabilities.

What happens if Guardrail blocks a suspicious transaction?

The transaction never reaches confirmation. Teams are alerted immediately and can review the flagged behavior before deciding how to proceed.

Get Guardrail to secure your assets onchain today

Start Monitoring
Subscribe to newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
TALK TO US
App LoginGet Started - Book ConsultationAboutSuccess StoriesBlogContactDocs
TALK TO US
Real-time security monitoring for onchain finance
Based in NYC
Backed by Coinbase, Haun & other leading investors
Subscribe to newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Launch App
Privacy Policy
Terms of use
Design by Klad
Launch App
Privacy Policy
Terms of use
Design by Klad