Reentrancy 2025: The $35.7M Smart Contract Classic 🔄

Introduction: A Decades-Old Vulnerability That Refuses to Die

In September 2024, the cryptocurrency world witnessed yet another devastating reminder that history repeats itself in the blockchain space. The Penpie protocol, a yield farming platform built on Pendle Finance, fell victim to a sophisticated reentrancy attack that drained approximately $27 million in cryptocurrency. When combined with other major reentrancy attacks throughout 2024, the total losses from this vulnerability type reached approximately $47 million, demonstrating that despite years of warnings and protective measures, reentrancy remains one of the most persistent and costly vulnerabilities in smart contract security.

This article examines the Penpie attack in detail, explores why reentrancy attacks continue to plague the blockchain ecosystem eight years after the infamous DAO hack, and provides insights into how developers and protocols can protect themselves from this enduring threat.

Understanding Reentrancy Attacks: The Basics

Before diving into the Penpie incident, it’s essential to understand what makes reentrancy attacks so dangerous and why they persist despite being well-documented for years.

What Is a Reentrancy Attack?

A reentrancy attack exploits a fundamental characteristic of smart contract execution. When a contract calls another contract or function externally before completing its own state changes, it creates a window of opportunity for malicious actors. The called contract can “reenter” the original contract and potentially execute portions of its operations again, leading to unexpected and often catastrophic behaviors.

Think of it like a bank teller who processes withdrawal requests but only updates account balances at the end of their shift. A clever customer could make multiple withdrawal requests throughout the day, each time appearing to have the full balance available because the system hasn’t updated yet. By the time the teller reconciles accounts, the customer has withdrawn far more than they actually owned.

The Technical Mechanism

In smart contracts, reentrancy occurs when execution flow transfers to an external contract, usually via an external call like a fallback function, allowing a function to be called recursively before the initial execution completes. This recursive behavior allows attackers to manipulate contract state in ways the original developers never anticipated.

The vulnerability typically emerges when contracts fail to follow the “checks-effects-interactions” pattern, a best practice that dictates:

1. Checks: Validate all conditions and requirements
2. Effects: Update all state variables
3. Interactions: Make external calls to other contracts

When contracts make external calls before updating their internal state, they become vulnerable to reentrancy exploitation.

Types of Reentrancy Attacks

Modern reentrancy attacks have evolved beyond the simple single-function variant. Analysis of 73 real-world reentrancy attacks on EVM-compatible blockchains from 2016 to 2024 reveals that these attacks are more diverse and sophisticated than previously understood, frequently involving complex interactions across multiple contracts, projects, and even blockchains.

The main types include:

• Single-function reentrancy: The attacker reenters the same vulnerable function repeatedly
• Cross-function reentrancy: The attacker exploits shared state between multiple functions within the same contract
• Cross-contract reentrancy: Vulnerabilities arise from interactions between multiple contracts sharing state
• Cross-chain reentrancy: Exploitation occurs across different blockchain networks through cross-chain protocols
• Read-only function reentrancy: Attackers exploit view functions that read state during ongoing state changes

The Penpie Attack: A $27 Million Lesson

The Protocol and Its Purpose

Penpie is a yield farming protocol built on top of Pendle Finance, designed to help users maximize their returns from the Pendle ecosystem. Users could deposit Pendle Finance Market Tokens on Penpie to earn boosted PENDLE incentives, making it an attractive platform for yield-seeking DeFi investors.

The Attack Timeline

On September 3, 2024, at 6:23 PM UTC, a sophisticated attacker exploited a security vulnerability within the Penpie platform, seizing control of users’ funds and draining over $27 million worth of assets across the Arbitrum and Ethereum networks.

The speed and precision of the attack suggest careful planning and reconnaissance. The exploit was executed over the course of three transactions, demonstrating the attacker’s methodical approach and deep understanding of the protocol’s mechanics.

The Vulnerability: Two Fatal Flaws Combined

Two major factors together caused the incident: the PendleStakingUpg.batchHarvestMarketRewards function lacked reentrancy protection, and Penpie treated all Pendle Markets as valid pools for registration while the creation of Pendle Markets, PT, and YT tokens was permissionless.

This combination created a perfect storm. The permissionless nature of market creation meant anyone could register a market without thorough validation, while the lack of reentrancy protection in the reward harvesting function meant malicious markets could exploit the system.

How the Attack Unfolded

The attacker executed a sophisticated multi-step exploitation:

1. Creation of Malicious Infrastructure: The attacker created fake versions of Pendle’s underlying Standardized Yield (SY) token and linked them to Pendle Liquidity Provider tokens. This malicious SY contract would serve as the foundation for the attack.

2. Flash Loan Acquisition: The attacker used flash loans to borrow large amounts of assets from Balancer, including agETH, rswETH, egETH, and wstETH, which were deposited into the malicious SY contract. Flash loans allowed the attacker to temporarily control significant capital without actually owning it.

3. Market Registration: The attacker registered this malicious market on Penpie, taking advantage of the protocol’s permissionless market registration system that lacked proper validation mechanisms.

4. Reentrancy Exploitation: When the batchHarvestMarketRewards function was called, the malicious SY contract returned the tokens from the flash-loaned assets as rewards. During this process, the attacker exploited the reentrancy vulnerability by repeatedly calling back into the vulnerable function.

5. Reward Manipulation: By exploiting the vulnerability, the attacker was able to inflate their reward balance through reentrant calls, manipulating the reward distribution mechanism to claim excessive rewards.

6. Fund Extraction: After inflating the reward amount through reentrant calls and claiming all rewards from the system as the sole depositor in the fake Pendle Market, the attacker withdrew from the malicious market, converting the Pendle Market tokens back into their original asset forms.

The Technical Root Cause

The Penpie exploit stemmed from the absence of a reentrancy guard in the PendleStaking contract, a critical security oversight that left the protocol vulnerable to reentrant calls. The _harvestBatchMarketRewards function calculated rewards based on token balances before and after calling redeemRewards(), but this function lacked the protection mechanisms needed to prevent recursive calls.

When the redeemReward() method was called, it triggered the claimRewards() function for the specific malicious market, which allowed the attacker to reenter the PendleStaking.depositMarket() method. This reentry allowed the attacker to deposit high-value LP tokens repeatedly, minting shares and treating these tokens as rewards, all before the contract could update its state.

The Aftermath and Response

Immediately after detecting the attack, the Penpie and Pendle teams took swift action. The protocols were frozen, and moments after Penpie’s freeze, another malicious contract was deployed, indicating that the attacker was likely targeting the remaining $105 million that could have been stolen. The quick response likely prevented an even more catastrophic loss.

The Penpie team sent a Twitter/X message to the attacker requesting that the stolen funds be returned in exchange for a bounty, a common practice in the crypto space where protocols offer “white hat” rewards to hackers who return stolen funds. Unfortunately, the attacker elected not to return the funds and began laundering them via Tornado Cash, the notorious cryptocurrency mixing service.

According to blockchain security firm PeckShield, the hacker started moving the stolen funds on September 6, transferring funds to intermediary addresses and laundering them through Tornado Cash in multiple batches. By September 8, all funds had been laundered, making recovery virtually impossible.

The Penpie team filed a report with the Kampong Java Neighbourhood Police Centre in Singapore and started working with Hypernative to track the hacker’s movements. They also initiated communication with multiple blockchain security firms and law enforcement agencies, but the use of Tornado Cash made fund recovery extremely challenging.

The Audit Paradox: Why Did Security Reviews Miss This?

One of the most troubling aspects of the Penpie attack is that it occurred despite the protocol undergoing security audits. Penpie Finance had undergone two separate audits by reputable firms: Zokyo, known for auditing various protocols and chains including NEAR and Aurora, and WatchPug, which holds the second place on the all-time leaderboard in Code4rena, having earned over $800,000 in rewards.

So how did this vulnerability slip through?

The Scope Problem

The smart contract exploited in this attack was outside the scope of Zokyo’s original audit, and changes to the code were made after the function register pool was audited. This highlights a critical issue in smart contract security: audits are point-in-time assessments. Any changes made after an audit can introduce new vulnerabilities, and continuous security monitoring is essential.

The Evolution of Code

Smart contracts are often deployed, then upgraded or modified to add new features or fix bugs. Each modification can introduce new attack vectors, especially when changes affect how contracts interact with external systems. The permissionless market registration feature that enabled the Penpie attack may have been added or modified after the initial security reviews.

The Limitations of Traditional Auditing

The Penpie Finance hack underscores the limitations of traditional auditing methods and the need for more robust testing techniques. Traditional code reviews, even when performed by experienced auditors, can miss complex interaction patterns between multiple contracts, especially when those interactions involve external, permissionlessly created components.

Why Reentrancy Attacks Persist in 2024

The Penpie attack raises an important question: why do reentrancy attacks continue to succeed nearly eight years after the infamous DAO hack that cost $60 million and led to the Ethereum hard fork?

The DAO: The Original Sin

The DAO attack in 2016 resulted in the theft of $60 million worth of Ether from the DAO contract, causing a significant stir in the blockchain ecosystem and ultimately leading to the Ethereum hard fork. This event should have served as a definitive lesson for the entire industry, yet reentrancy attacks continue.

The Complexity Problem

Research reveals that reentrancy attacks are more diverse and sophisticated than previously understood, frequently involving complex interactions across multiple contracts, projects, and even blockchains. Critically, attackers are adapting to bypass traditional detection and defense techniques.

Modern DeFi protocols involve intricate webs of contracts interacting with each other. As complexity increases, so does the attack surface. What might appear secure in isolation can become vulnerable when integrated with external systems, especially in permissionless environments where anyone can create new contracts that interact with existing ones.

The Innovation vs. Security Tradeoff

The blockchain space moves at breakneck speed, with new protocols and features launching constantly. This rapid innovation often comes at the expense of thorough security review. Developers face pressure to ship products quickly to capture market share, and security considerations sometimes take a backseat to feature development.

The Permissionless Paradox

One of blockchain’s greatest strengths—permissionless innovation—also creates security challenges. Penpie’s open system for permissionless registration of new Pendle markets triggered the fraudulent activity. While permissionless systems enable innovation and composability, they also allow malicious actors to deploy attack infrastructure without requiring approval.

The Education Gap

Despite extensive documentation and numerous case studies, many developers still lack deep understanding of reentrancy vulnerabilities and how to prevent them. New developers entering the space may not have experienced the DAO hack firsthand and might not fully appreciate the severity of the threat.

Recent Reentrancy Attacks: A 2024 Retrospective

Penpie wasn’t the only victim of reentrancy attacks in 2024. The year saw multiple incidents including the Minterest attack in July, the Terra attack in July, the Lien attack in August, and the TrustSwap attack in September, followed by the Clober attack in December and the GemPad attack in December.

On March 5, 2024, the WOOFi WooPPV2 contract on the Woo Network was exploited in a reentrancy attack resulting in the loss of approximately $10 million. On March 23, 2024, the Curio DeFi project suffered a reentrancy exploit that resulted in roughly $16 million in losses.

On December 10, 2024, Clober DEX liquidity vault on Base Network was exploited resulting in a loss of 133.7 ETH, approximately $501,000, with the root cause being a reentrancy vulnerability in the burn function of the Rebalancer contract.

These repeated incidents demonstrate that reentrancy isn’t a solved problem—it’s an ongoing threat that requires constant vigilance.

Prevention and Mitigation: Lessons from Penpie

The Penpie attack offers valuable lessons for developers and security professionals working in the blockchain space.

Implement Reentrancy Guards

The most straightforward defense against reentrancy attacks is implementing reentrancy guards. One of the most effective solutions for preventing reentrancy attacks is to implement a reentrancy guard, a mechanism that ensures critical functions cannot be called multiple times within the same transaction, effectively blocking reentrancy exploits.

In Solidity, this typically involves using a mutex lock (mutual exclusion lock) that prevents a function from being called while it’s already executing. OpenZeppelin’s ReentrancyGuard is a widely used implementation that provides this protection.

Follow the Checks-Effects-Interactions Pattern

The checks-effects-interactions pattern ensures that state changes, such as updating a user’s balance, occur before any external calls are made. By adhering to this pattern, smart contracts can prevent the kind of repeated function calls seen in the Penpie exploit.

This pattern dictates a specific order of operations: 1. First, check all conditions and validate inputs 2. Second, update all state variables 3. Finally, interact with external contracts

By updating state before making external calls, contracts minimize the window of opportunity for reentrancy attacks.

Validate External Inputs Rigorously

Security recommendations include adding anti-reentrancy modifiers to functions and using a whitelist to verify incoming tokens, or better yet, using a unified packaging contract to regenerate tokens.

Penpie’s vulnerability was exacerbated by accepting all Pendle Markets as valid without thorough validation. Protocols should implement strict validation for any external contracts or tokens they interact with, especially in permissionless environments.

Conduct Comprehensive Testing

Ensuring proper testing involves writing comprehensive test cases that cover all possible business logic scenarios. Traditional unit tests aren’t enough—protocols need integration tests that simulate complex interaction patterns, including adversarial scenarios.

Consider Advanced Testing Methodologies

Mutation testing, a method of introducing controlled changes to software code to test the effectiveness of existing test suites, could have detected the Penpie vulnerability by introducing mutations that alter access control or the sequence of state updates and external calls in vulnerable functions.

Implement Continuous Security Monitoring

Audits are point-in-time assessments. Protocols need continuous security monitoring that can detect suspicious activity in real-time. The Penpie team worked with Hypernative to track the hacker’s movements after the attack, but ideally, such monitoring should be in place before an attack occurs.

Use Security-Focused Development Frameworks

Modern development frameworks and libraries often include built-in protections against common vulnerabilities. Using well-audited libraries like OpenZeppelin’s contracts can help prevent common pitfalls.

Plan for Incident Response

Even with perfect security, breaches can occur. Protocols should have incident response plans that include: - Circuit breakers or pause mechanisms - Communication channels with security firms and law enforcement - Procedures for attempting fund recovery - Clear communication strategies for affected users

The Penpie and Pendle teams’ swift response in freezing protocols likely prevented the theft of an additional $105 million, demonstrating the value of prepared incident response.

The Broader Implications for DeFi Security

The Penpie attack and the continued prevalence of reentrancy exploits highlight several critical issues facing the DeFi ecosystem.

The Composability Challenge

DeFi’s composability—the ability for protocols to seamlessly integrate with each other—is both a strength and a weakness. While it enables innovation and creates network effects, it also means that vulnerabilities in one protocol can be exploited through interactions with another. The permissionless nature of these interactions makes comprehensive security review extremely challenging.

The Audit Industry’s Limitations

Despite undergoing audits by reputable security firms, the critical vulnerability in Penpie remained undetected. This raises questions about the audit industry’s effectiveness and highlights the need for evolution in security practices. Point-in-time audits aren’t sufficient for protocols that continuously evolve.

The Need for Security Standards

The blockchain industry needs stronger security standards and best practices. While organizations like the Ethereum Foundation and various security firms publish guidelines, adoption remains inconsistent. Mandatory security standards for certain types of protocols, particularly those handling significant funds, might help reduce the frequency of attacks.

User Protection and Insurance

Users’ faith in the security and integrity of smart contracts and blockchain technology in general may be weakened by reentrancy attacks, with potential longer-term effects including regulatory and legal attention, diminished investor trust, and damage to the standing of blockchain platforms and projects.

The DeFi industry needs better mechanisms for protecting users from losses due to smart contract vulnerabilities. While some insurance protocols exist, they’re not widely adopted, and coverage is often insufficient.

The Economic Impact of Reentrancy Attacks

The financial toll of reentrancy attacks extends far beyond the immediate theft.

Direct Financial Losses

Historical data shows that the total financial loss caused by true positive reentrancy attacks reached 908.4 million USD, comprising approximately 840 Ethers (about 1.7 million USD) and tokens worth 906.9 million USD. This represents an enormous transfer of wealth from legitimate users to attackers.

Market Confidence

Each high-profile attack erodes confidence in DeFi protocols and blockchain technology generally. This can slow adoption, reduce investment, and limit the industry’s growth potential.

Opportunity Costs

Resources spent responding to attacks, recovering funds, and implementing remediation measures represent opportunity costs—time and money that could have been spent on innovation and growth.

Regulatory Scrutiny

High-profile hacks attract regulatory attention, potentially leading to increased oversight and compliance requirements that could stifle innovation.

Looking Forward: The Future of Smart Contract Security

As the blockchain ecosystem continues to mature, addressing the reentrancy vulnerability and other security challenges becomes increasingly critical.

Emerging Security Tools

New security tools are being developed to address the limitations of traditional auditing. Formal verification, which uses mathematical proofs to verify contract correctness, is becoming more accessible. Runtime monitoring systems can detect and prevent attacks as they occur.

Programming Language Evolution

Newer smart contract languages like Vyper have made strides in preventing common vulnerabilities through safer language design. However, even these languages aren’t immune to reentrancy issues, as demonstrated by the Curve Finance Vyper compiler bug that led to massive losses in 2023.

Security Education

The industry needs better security education for developers. More comprehensive training programs, certifications, and resources can help ensure that new developers understand common vulnerabilities and how to prevent them.

Industry Collaboration

The Penpie team initiated communication with multiple entities including Binance Security, Slowmist, and Chainalysis to demix the Tornado Cash deposits. This kind of industry collaboration is essential for improving security across the ecosystem.

Conclusion: A Classic That Won’t Retire

The Penpie attack serves as a stark reminder that reentrancy remains a critical vulnerability in smart contract security. Despite eight years of awareness since the DAO hack, reentrancy attacks remain a persistent threat to blockchain smart contracts today, causing significant financial losses despite numerous defense mechanisms.

The attack’s success despite security audits, the sophistication of the exploitation method, and the scale of the losses all underscore important lessons for the industry. Reentrancy isn’t a solved problem that can be addressed once and forgotten—it’s an ongoing challenge that requires constant vigilance, rigorous security practices, and continuous evolution of defensive techniques.

For developers, the message is clear: implement reentrancy guards, follow the checks-effects-interactions pattern, validate external inputs thoroughly, and conduct comprehensive testing that goes beyond simple unit tests. For protocols, continuous security monitoring and incident response planning are essential, not optional.

For the industry as a whole, the Penpie attack should serve as a catalyst for improving security standards, enhancing audit practices, and fostering better collaboration on security issues. Only through collective effort can we address this decades-old vulnerability that continues to cost users and protocols hundreds of millions of dollars.

The reentrancy attack is truly a “classic” vulnerability—one that has proven its staying power and refuses to be relegated to the history books. Until the industry collectively addresses the root causes and implements comprehensive defensive measures, we can expect to see this vulnerability continue to extract its costly toll from the blockchain ecosystem.

Key Takeaways

1. Reentrancy attacks remain a major threat: Despite being well-known since 2016, reentrancy vulnerabilities continue to result in massive losses, with approximately $47 million stolen in 2024 alone.

2. The Penpie attack was sophisticated: The September 2024 Penpie hack demonstrated how attackers can combine multiple vulnerabilities—permissionless market creation and lack of reentrancy protection—to devastating effect.

3. Audits aren’t foolproof: Security audits are point-in-time assessments. Code changes after audits can introduce new vulnerabilities, highlighting the need for continuous security monitoring.

4. Complexity increases risk: Modern DeFi protocols involve intricate interactions between multiple contracts, creating a larger attack surface and making comprehensive security review more challenging.

5. Prevention is possible but requires discipline: Implementing reentrancy guards, following the checks-effects-interactions pattern, and conducting thorough testing can prevent most reentrancy attacks.

6. The industry needs to evolve: Better security standards, improved education, advanced testing methodologies, and stronger collaboration are essential for addressing the ongoing threat of reentrancy attacks.

The fight against reentrancy attacks isn’t over—it’s an ongoing battle that requires dedication, expertise, and constant vigilance from everyone building and operating in the blockchain space.