Yuqi Liu, Rui Xi, and Karthik Pattabiraman, Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2025. (Acceptance Rate: 20.1%). [ PDF | Talk] Artifacts available, reviewed and reproducible.
Abstract: Reentrancy attacks remain a persistent threat to blockchain smart contracts today, causing significant financial losses despite numerous defense mechanisms. This paper presents a comprehensive analysis of 73 real-world reentrancy attacks on EVM-compatible blockchains from 2016 to 2024, investigating the factors contributing to their continued prevalence. Through integrated qualitative and quantitative analyses, we identify key trends in exploited vulnerabilities, track the evolution of attacker techniques, and expose a widening gap between academic research and real-world practice. Our findings reveal that reentrancy attacks are more diverse and sophisticated than previously understood, frequently involving complex interactions across multiple contracts, projects, and even blockchains. Critically, we highlight how attackers are adapting to bypass traditional detection and defense techniques. This research provides crucial insights into the evolving threat landscape, challenges outdated assumptions, and offers practical guidelines for developing more robust and effective reentrancy defenses.