TenArmor explicitly identified this as a 'small reentrancy hack'. Canonical pattern: target contract calls an external address (or ERC777/native ETH receiver) before updating internal state, allowing the callee to re-enter the same function and withdraw repeatedly against unchanged state. Reentrancy in 2026 is overwhelmingly found in (a) ERC777/ERC1363/ERC721 callbacks where the token standard reintroduces the historical Checks-Effects-Interactions hazard, (b) cross-function reentrancy where state of function A is read while function B re-enters, (c) read-only reentrancy where a view function returns stale data mid-attack. A pre-deployment audit catches this class via the standard CEI invariant or Slither's reentrancy-eth detector.
Method: Reentrancy — classic call-before-state-update. Root cause: TenArmor explicitly identified this as a 'small reentrancy hack'. Canonical pattern: target contract calls an external address (or ERC777/native ETH receiver) before updating internal state, allowing the callee to re-enter the same function and withdraw repeatedly against unchanged state. Reentrancy in 2026 is overwhelmingly found in (a) ERC777/ERC1363/ERC721 callbacks where the token standard reintroduces the historical Checks-Effects-Interactions hazard, (b) cross-function reentrancy where state of function A is read while function B re-enters, (c) read-only reentrancy where a view function returns stale data mid-attack. A pre-deployment audit catches this class via the standard CEI invariant or Slither's reentrancy-eth detector. Attack tx: 0x879b365b169dbf79c7f6fc7c2f7fd57eb1e53f0be8cf97ed817a7ff3d2e0ba69. First flagged by TenArmor TenMonitor.
- chain
- ethereum
- protocol
- BCB
- bug_class
- reentrancy
- date_occurred
- 2026-04-28
- loss_usd
- $39,800
- source_id
- tenarmor:ethereum:0x879b365b169dbf79c7f6fc7c2f7fd57eb1e53f0be8cf97ed817a7ff3d2e0ba69