W3-REENTRANCYImpact

Reentrancy Attack

Vulnerable contract sends ETH before updating its state — attacker contract re-enters the withdraw function in fallback, drains funds (classic DAO 2016).

§ Where this technique fits

W3-REENTRANCY is catalogued under the Impact tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Reentrancy → drain vault contract
Vulnerable withdraw() sends ETH before updating balance. Attacker contract re-enters via fallback() until the vault is empty — the canonical DAO-2016 pattern.
step 2 / 6

§ What commonly comes next

01
Exfiltration Over C2 Channel
T1041 · Exfiltration
seen 1×
02
Valid Accounts
T1078 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Reentrancy → drain vault contract

§ What commonly comes next