■ Description

Some tokens allow reentrant calls on transfer (e.g. ERC777 tokens).

This has been exploited in the wild on multiple occasions

■ Example

// This is a hook function in ERC777. This is the key for Reentrancy-attack
interface ERC777TokensRecipient {
    function tokensReceived(
        address operator,
        address from,
        address to,
        uint256 amount,
        bytes calldata data,
        bytes calldata operatorData
    ) external;
}

■ How to protect against this attack?

■ Resources

https://github.com/d-xo/weird-erc20#reentrant-calls

14. ERC777 callbacks and reentrancy

https://eips.ethereum.org/EIPS/eip-777#hooks