■ Description

Some tokens allow reentrant calls on transfer (e.g. ERC777 tokens).

This has been exploited in the wild on multiple occasions

• imBTC uniswap pool drained
• lendf.me drained

■ Example

// This is a hook function in ERC777. This is the key for Reentrancy-attack
interface ERC777TokensRecipient {
    function tokensReceived(
        address operator,
        address from,
        address to,
        uint256 amount,
        bytes calldata data,
        bytes calldata operatorData
    ) external;
}

■ How to protect against this attack?

• Don’t set the token by user
• Check the tokenAddress
• Create a whitelist for approved token addresses
• Use pattern of “Check-Effects-Interactions”.

■ Resources

https://github.com/d-xo/weird-erc20#reentrant-calls

14. ERC777 callbacks and reentrancy

https://eips.ethereum.org/EIPS/eip-777#hooks