# Tutorial 9: Read-Only Reentrancy {% hint style="info" %} [**Book an audit with Zokyo**](https://www.zokyo.io/) {% endhint %} {% hint style="info" %} **Read-Only Reentrancy in Smart Contracts: Unveiling the Subtleties.** This intricate guide is designed to furnish blockchain auditors, developers, and tech enthusiasts with a profound comprehension of the nuances associated with read-only reentrancy attacks within smart contracts. Drawing from tangible examples and thorough research, this exposition emerges as an essential manual for recognizing, understanding, and thwarting these deceptive security threats. {% endhint %} Smart contracts, the lifeblood of many blockchain platforms, represent a paradigm shift in transactional trust, enabling self-executing contracts with codes that act as unbreakable promises. Yet, within their coded clauses and automated operations lie covert threats, some of which have only recently entered the limelight. One such threat is the read-only reentrancy attack. Diverging from conventional reentrancy attacks, which exploit the ability to recursively call back into the originating contract, mutating its state maliciously, read-only reentrancy attacks are more veiled in their approach. They leverage ostensibly benign operations, cloaked under the premise of "reading" data without altering it. These attacks capitalize on the Ethereum EVM's nuances, manipulating the perceived state of a contract through `view` and `pure` functions. To the untrained eye, these operations may seem harmless given their non-state-changing facade. However, when executed strategically, they can provide attackers with insights into manipulated contract states or influence decisions in interlinked contracts, even if these operations are reverted by the end of the transaction. Such sophisticated attack vectors amplify the challenges for auditors and developers. Unlike blatant vulnerabilities, read-only reentrancy can easily be overlooked, given its non-mutative nature on the surface. This underlines the imperative need for an exhaustive exploration of this subject. Our guide embarks on this very journey, aiming to unravel the intricacies of read-only reentrancy attacks, demystify their operational mechanics, and offer robust countermeasures. With a heightened understanding and awareness of these nuanced attacks, we aspire to bolster the security frameworks of smart contracts, ensuring that blockchain's promise of trustless transactions remains unbroken. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorial-9-read-only-reentrancy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.