ERC777 tokens allow arbitrary callbacks via hooks that are called during token transfers. Malicious contract addresses may cause reentrancy on such callbacks if reentrancy guards are not used.
address token;
mapping(address => uint) canBorrowAmount;
/* 🙅♂️ */
function badBorrow(uint amounts) public {
require(amounts <= canBorrowAmount[msg.sender]); // 1.𝗖𝗛𝗘𝗖𝗞
IERC777(token).transfer(msg.sender, amounts) // 3.𝗜𝗡𝗧𝗘𝗥𝗔𝗖𝗧𝗜𝗢𝗡
canBorrowAmount[msg.sender] - amounts; // 2.𝗘𝗙𝗙𝗘𝗖𝗧𝗦
}
/* 🙆♂️ */
function goodBorrow(uint amounts) public {
require(amounts <= canBorrowAmount[msg.sender]); // 1.𝗖𝗛𝗘𝗖𝗞
canBorrowAmount[msg.sender] - amounts; // 2.𝗘𝗙𝗙𝗘𝗖𝗧𝗦
IERC777(token).transfer(msg.sender, amounts) // 3.𝗜𝗡𝗧𝗘𝗥𝗔𝗖𝗧𝗜𝗢𝗡
}
https://eips.ethereum.org/EIPS/eip-777
https://twitter.com/dmihal/status/1251505373992845317
https://medium.com/amber-group/preventing-re-entrancy-attacks-lessons-from-history-c2d96480fac3