reentrancy-pattern-analysis
Systematically detects all reentrancy vulnerability variants in smart contracts — classic, cross-function, cross-contract, and read-only reentrancy. Builds call graphs, verifies CEI (Checks-Effects-Interactions) pattern compliance, traces state changes relative to external calls, and identifies callback vectors through ERC-777/ERC-1155 hooks. Use when auditing contracts that make external calls, transfer ETH or tokens, interact with callback-enabled standards, or have complex multi-contract architectures.
git clone --depth 1 https://github.com/quillai-network/quillshield_skills /tmp/reentrancy-pattern-analysis && cp -r /tmp/reentrancy-pattern-analysis/plugins/reentrancy-pattern-analysis/skills/reentrancy-pattern-analysis ~/.claude/skills/reentrancy-pattern-analysisSKILL.md
# Reentrancy Pattern Analysis
Systematically detect **all variants** of reentrancy vulnerabilities by mapping the relationship between external calls and state changes across the entire contract system.
## When to Use
- Auditing any contract that makes external calls (ETH transfers, token interactions, cross-contract calls)
- Reviewing contracts integrating with callback-enabled token standards (ERC-777, ERC-1155)
- Analyzing DeFi protocols with multi-contract architectures
- Verifying reentrancy guard coverage across all entry points
- When traditional tools only check for classic reentrancy but miss cross-function or read-only variants
## When NOT to Use
- Pure state variable analysis without external calls (use state-invariant-detection)
- Access control consistency checking (use semantic-guard-analysis)
- Full multi-dimensional audit (use behavioral-state-analysis, which orchestrates this skill)
## Core Concept: The CEI Invariant
**Checks-Effects-Interactions (CEI)** is the fundamental safety pattern:
```
1. CHECKS — Validate all conditions (require statements, access control)
2. EFFECTS — Update all state variables
3. INTERACTIONS — Make external calls (ETH transfers, token calls, cross-contract)
```
**Any function that performs INTERACTIONS before completing all EFFECTS is potentially vulnerable to reentrancy.**
## The Five Reentrancy Variants
### Variant 1: Classic Single-Function Reentrancy
The original and most well-known pattern. A function makes an external call before updating its own state, allowing the callee to re-enter the same function.
```solidity
// VULNERABLE
function withdraw(uint256 amount) public {
require(balances[msg.sender] >= amount);
(bool success, ) = msg.sender.call{value: amount}(""); // INTERACTION before EFFECT
require(success);
balances[msg.sender] -= amount; // State update AFTER external call
}
```
**Detection**: Find functions where state writes to variables used in `require` checks occur AFTER external calls.
### Variant 2: Cross-Function Reentrancy
Two or more functions share state, and an attacker re-enters through a DIFFERENT function than the one making the external call.
```solidity
function withdraw(uint256 amount) public {
require(balances[msg.sender] >= amount);
(bool success, ) = msg.sender.call{value: amount}("");
require(success);
balances[msg.sender] -= amount;
}
// Attacker re-enters HERE during withdraw's external call
function transfer(address to, uint256 amount) public {
require(balances[msg.sender] >= amount);
balances[msg.sender] -= amount;
balances[to] += amount;
}
```
**Detection**: For each external call in function F, check if any OTHER public function reads/writes the same state variables that F modifies after the call.
### Variant 3: Cross-Contract Reentrancy
The re-entry occurs through a different contract that shares state or trust relationships with the vulnerable contract.
```solidity
// Contract A
function withdrawFromVault() public {
uint256 shares = vault.balanceOf(msg.sender);
vault.burn(msg.sender, shares);
// External call — attacker can re-enter Contract B
(bool success, ) = msg.sender.call{value: shares * pricePerShare}("");
require(success);
}
// Contract B (attacker re-enters here)
function borrow() public {
uint256 collateral = vault.balanceOf(msg.sender); // Reads stale state!
// Shares not yet burned, so collateral appears inflated
uint256 loanAmount = collateral * maxLTV;
token.transfer(msg.sender, loanAmount);
}
```
**Detection**: Map all cross-contract dependencies. For each external call, identify which other contracts read the state that should have been updated.
### Variant 4: Read-Only Reentrancy
A view/pure function returns stale state during a reentrancy callback. No state is modified during re-entry — the attacker exploits the READING of inconsistent state by a third-party contract.
```solidity
// Pool contract
function removeLiquidity() external {
uint256 shares = balances[msg.sender];
// Burns LP tokens (updates internal accounting)
_burn(msg.sender, shares);
// External call BEFORE updating reserves
(bool success, ) = msg.sender.call{value: ethAmount}("");
// Reserves updated AFTER the call
totalReserves -= ethAmount;
}
// This view function returns stale data during the callback
function getRate() public view returns (uint256) {
return totalReserves / totalSupply(); // totalReserves not yet updated!
}
// Third-party contract reads the inflated rate
function priceOracle() external view returns (uint256) {
return pool.getRate(); // Returns wrong value during reentrancy
}
```
**Detection**: For each external call, identify view functions that read state variables modified AFTER the call. Check if any external protocol depends on those view functions.
### Variant 5: ERC-777 / ERC-1155 Callback Reentrancy
Token standards with built-in callback hooks that execute arbitrary code on the receiver during transfers.
```solidity
// ERC-777: tokensReceived() hook called on recipient
// ERC-1155: onERC1155Received() hook called on recipient
// ERC-721: onERC721Received() hook called on recipient
function deposit(uint256 amount) public {
token.transferFrom(msg.sender, address(this), amount); // Triggers callback!
// If token is ERC-777, msg.sender's tokensReceived() runs HERE
balances[msg.sender] += amount; // State update after callback
}
```
**Detection**: Identify all token `transfer`/`transferFrom`/`safeTransfer` calls. Check if the token could be ERC-777/ERC-1155/ERC-721. Verify state updates happen before the transfer.
## Three-Phase Detection Architecture
### Phase 1: Call Graph Construction
Build a complete map of all external interactions.
**For each function, extract:**
```
Function: withdraw()
├── External Calls:
│ ├── msg.sender.call{value: amount}("") at line 45
│ ├── token.transfer(user, amount) at line 48
│ └── oracle.getToken-efficient smart contract security auditing via Behavioral State Analysis (BSA). Scopes analysis to contract type, runs only relevant threat engines, and uses tiered output depth. Use for auditing smart contracts, security reviews, or DeFi threat modeling.
Blue-team release-gate analysis for smart contract deployment and upgrade readiness. Classifies repositories, checks deploy/upgrade execution paths, CI/CD trust boundaries, config drift, secrets/signer operational security, and outputs evidence-backed release verdicts.
Detects Denial of Service and griefing vulnerabilities in smart contracts. Covers unbounded loop DoS, block gas limit exhaustion, external call failure DoS, insufficient gas griefing (63/64 rule), storage bloat attacks, timestamp griefing, self-destruct force-feeding, and push vs pull payment pattern analysis. Use when auditing contracts with batch operations, loops over user data, reward distribution, dividend systems, or any logic that depends on address(this).balance or iterates over growing collections.
Detects unsafe external call patterns and token integration vulnerabilities in smart contracts. Covers unchecked call/delegatecall/staticcall return values, fee-on-transfer tokens, rebasing tokens, tokens with missing return values (USDT), ERC-777 callback risks, unsafe approve race conditions, return data bombs, gas stipend limitations, and push vs pull payment patterns. Use when auditing contracts that interact with external contracts, integrate arbitrary ERC20 tokens, distribute payments, or make low-level calls.
Detects input validation failures and arithmetic vulnerabilities in smart contracts. Covers missing zero-address and zero-amount checks, division-before-multiplication precision loss, rounding direction exploitation, ERC4626 vault share inflation attacks, unsafe integer casting, dust amount exploitation, and Solidity 0.8+ unchecked block edge cases. Use when auditing contracts with fee calculations, share pricing, exchange rates, unchecked blocks, or any public-facing functions that accept user input.
Detects price oracle manipulation and flash loan attack vectors in DeFi smart contracts. Classifies oracle trust models (Chainlink, TWAP, spot price, custom), identifies stale price risks, circular price dependencies, and flash loan atomicity exploitation patterns. Use when auditing DeFi protocols that depend on price data, oracle integrations, lending protocols, DEXs, derivatives, or any contract where flash loans could manipulate state within a single transaction.
Detects vulnerabilities in upgradeable proxy smart contracts including storage layout collisions, uninitialized implementations, function selector clashing, delegatecall context issues, and upgrade path safety. Covers Transparent Proxy, UUPS (EIP-1822), Beacon, Diamond (EIP-2535), and Minimal Proxy (EIP-1167) patterns. Use when auditing upgradeable contracts, reviewing implementation upgrades, analyzing delegatecall architectures, or verifying proxy pattern compliance.
Detects logic vulnerabilities in smart contracts by analyzing guard-state consistency patterns. Identifies functions that bypass security checks (require, modifiers) that other functions consistently apply. Uses the Consistency Principle — a contract is its own specification. Use when auditing smart contracts for missing access controls, inconsistent pause checks, logic bugs, forgotten modifiers, or when traditional tools report no issues but logic errors may exist.