Skip to content


These are attacks which are no longer possible due to changes in the protocol or improvements to solidity. They are recorded here for posterity and awareness.

Call Depth Attack (deprecated)

As of the EIP 150 hardfork, call depth attacks are no longer relevant* (all gas would be consumed well before reaching the 1024 call depth limit).

Constantinople Reentrancy Attack

On January 16th, 2019, Constantinople protocol upgrade was delayed due to a security vulnerability enabled by EIP 1283. EIP 1283: Net gas metering for SSTORE without dirty maps proposes changes to reduce excessive gas costs on dirty storage writes.

This change led to possibility of a new reentrancy vector making previously known secure withdrawal patterns (.send() and .transfer()) unsafe in specific situations*, where the attacker could hijack the control flow and use the remaining gas enabled by EIP 1283, leading to vulnerabilities due to reentrancy.

Back to top