Denial-of-Service Attack caused by nonReentrant modifier

The nonReentrant modifier is designed to prevent reentrancy attacks by ensuring that certain functions cannot be called again until the current execution is completed.

In a reentrancy attack, an attacker can recursively call a contract's function before the previous call is completed, leading to unexpected behavior or manipulation of the contract's state. This can result in severe vulnerabilities, such as draining funds from a contract.

By using a nonReentrant modifier, developers can ensure that a function cannot be re-entered while it is still executing.

Here is an example of a custom nonReentrant modifier for clarity:

However, the contracts in our examples use OpenZeppelin's ReentrancyGuard implementation, which is a standard and reliable solution.

When a nonReentrant modifier is misused or misunderstood, it can inadvertently block legitimate access to a contract's functions, leading to a form of DoS attack.

This can happen if the modifier is applied too broadly or if it is applied to functions that should remain callable under normal circumstances.

Consider a scenario where the nonReentrant modifier is misapplied, leading to a situation that could be interpreted as a DoS attack:

As you can see, the withdraw and updateBalanceInfo both have the "nonReentrant" modifier. If now the withdraw function is called it will invoke the updateBalanceInfo function but it will revert because of the nonReentrant modifier.