Solidity Security – How NonReentrant Modifier Works

Securitysolidity

It's the source code from address 0x0d4535644fFeC908e39a711A01852Be40Bfe1C97, can the modifier nonReentrant prevent the re-entrance vulnerability?

contract ReentrancyGuard {
/// @dev counter to allow mutex lock with only one SSTORE operation
uint256 private _guardCounter;

constructor () internal {
    // The counter starts at one to prevent changing it from zero to a non-zero
    // value, which is a more expensive operation.
    _guardCounter = 1;
}

/**
 * @dev Prevents a contract from calling itself, directly or indirectly.
 * Calling a `nonReentrant` function from another `nonReentrant`
 * function is not supported. It is possible to prevent this from happening
 * by making the `nonReentrant` function external, and make it call a
 * `private` function that does the actual work.
 */
modifier nonReentrant() {
    _guardCounter += 1;
    uint256 localCounter = _guardCounter;
    _;
    require(localCounter == _guardCounter);
}

}

Best Answer

It basically checks that the value of localCounter has increased only by one. That means the function has been called only once (within the transaction).

The actual function is executed at _;. Before that it increases the counter by one and assigns the value to a local variable (opposed to the global variable _guardCounter). If the function calls itself, the code comes again to this phase and the counter is again increased by one (both the global and the local).

After the function has finished executing, it makes sure that the local counter is the same as the global counter. The local value will be the same only if the function was called only once - otherwise the global counter has been increased multiple times. If it was called multiple times, the execution will revert.

Related Solutions

Solidity – How Does the Re-entrancy Guard Modifier Work?

The code:

modifier modi() {
    prolog();
    _;
    epilog();
}
function func() modi() {
    stuff();
}

Is equivalent to:

function func() {
    prolog();
    stuff();
    epilog();
}

If func is re-entered (i.e., called from within the execution of stuff), then prolog is executed a second time before epilog was executed for the first time.

So by identifying and reverting upon a scenario in which prolog is executed a second time before epilog was executed for the first time, we can guard func from being re-entered.

Solidity – Does ReentrancyGuard Lock Every Address During nonReentrant Function Call?

Your locking example will not happen, every transaction is processed sequentially on the miner's side and then ordered in the blocks.

One miner cannot process A and B at the same time. And even if it could, it shouldn't, because they could both alter the state of the same contract at the same time.

You won't encounter this kind of race condition.

So to answer your specific questions :

a) Does the lock status (_status) applies to all addresses potentially interacting with the contract?

b) Does it only applies only to the address interacting with the nonReentrant function?

Technically, yes, _status is a global variable. But as transactions can only be processed sequentially in practice it's more of a per-transaction lock.

Best Answer

Related Solutions

Solidity – How Does the Re-entrancy Guard Modifier Work?

Solidity – Does ReentrancyGuard Lock Every Address During nonReentrant Function Call?

Related Topic