Checks-Effects-Interactions (CEI) is a defensive coding pattern for smart contracts that mandates a strict order of operations: first perform all Checks (e.g., validating inputs, requirements, and access controls), then update all internal Effects (i.e., modifying the contract's state variables), and finally execute external Interactions (i.e., calling other contracts or sending Ether). This sequence is critical because it prevents the state of the contract from being manipulated by an external call before the contract's own logic is complete, which is the core vulnerability exploited in reentrancy attacks.
LABS
Glossary
Checks-Effects-Interactions
Checks-Effects-Interactions (CEI) is a fundamental smart contract programming pattern designed to prevent reentrancy attacks by strictly ordering state changes before external calls.
Chainscore © 2026
definition
SECURITY PATTERN
What is Checks-Effects-Interactions?
A foundational smart contract programming pattern designed to prevent reentrancy attacks and other state inconsistencies.
The pattern directly counters the classic reentrancy attack, where a malicious contract's fallback function recursively calls back into the vulnerable function before its initial execution finishes. By updating all state variables (Effects) before making any external calls (Interactions), the contract ensures that subsequent logic checks will see the updated, correct state, making reentrant calls harmless. For example, a withdrawal function should deduct a user's balance from storage before sending them Ether, so any reentrant call will find a zero balance.
While essential, CEI is a synchronous protection and does not guard against all forms of reentrancy, such as cross-function reentrancy or attacks involving multiple contracts. It is considered a best practice and is often enforced by automated security tools. Modern Solidity developers frequently combine CEI with additional safeguards like the ReentrancyGuard modifier from OpenZeppelin, which uses a mutex lock, and by following the "pull over push" pattern for payments to minimize trust assumptions in external calls.
how-it-works
SECURITY PATTERN
How the Checks-Effects-Interactions Pattern Works
The Checks-Effects-Interactions (CEI) pattern is a critical smart contract design principle that prevents reentrancy attacks and ensures state consistency by enforcing a strict order of operations.
The Checks-Effects-Interactions pattern is a defensive programming methodology that mandates a specific sequence of operations within a smart contract function to protect against state corruption and reentrancy vulnerabilities. It requires developers to first perform all checks (e.g., validating inputs and permissions), then update all internal effects (i.e., modifying the contract's state variables), and only finally execute external interactions (such as calls to other contracts or sending Ether). This order prevents an external call from re-entering the function and interacting with an inconsistent or intermediate state, which was the primary exploit vector in the infamous DAO hack.
The core logic of the pattern hinges on state finality. By updating all internal storage before making any external calls, the contract's state is settled and immutable for the remainder of the transaction. If a malicious contract is called and attempts a reentrant call back into the original function, the checks will likely fail (as balances or flags have already been updated), and the effects will not be applied a second time. This makes the function idempotent with respect to state changes for a given transaction. A common implementation technique is to use a state variable as a lock or to apply effects using the "pull over push" pattern for payments, further mitigating risks.
Consider a simple withdrawal function. Following CEI, it would: 1) CHECK that the caller's balance is sufficient, 2) EFFECT by zeroing out the caller's balance in the contract's storage, and 3) INTERACT by sending the Ether to the caller. If the recipient is a malicious contract, its receive or fallback function cannot re-enter to withdraw again because the balance has already been set to zero. Deviating from this order—such as sending Ether before updating the balance—is what allows reentrancy attacks. While Solidity's ReentrancyGuard is a useful complementary tool, understanding and applying the CEI pattern remains a fundamental skill for writing robust smart contracts.
key-features
SECURITY PRIMER
Key Features of the CEI Pattern
The Checks-Effects-Interactions (CEI) pattern is a fundamental smart contract security design principle that enforces a strict order of operations to prevent critical vulnerabilities like reentrancy attacks.
01
1. Checks: Validate First
The first step is to perform all validity checks and access control before any state changes or external calls. This includes verifying function arguments, caller permissions (e.g., require(msg.sender == owner)), and contract state invariants. It ensures the transaction is authorized and valid before proceeding.
02
2. Effects: Update State
After checks pass, the contract must update its internal state. This includes writing to storage variables, emitting events, and recording balances. For example, deducting a user's balance before sending them tokens. This step must be completed before any external interaction to lock in state changes.
03
3. Interactions: Call External Contracts Last
The final step is to perform external calls to other contracts or addresses (e.g., address.send(), contract.call()). By this point, all state is finalized, making the contract resilient to reentrancy attacks where a malicious contract could call back in and exploit intermediate, inconsistent state.
04
Prevents Reentrancy Attacks
CEI is the primary defense against reentrancy, a vulnerability where an external contract maliciously calls back into the vulnerable function before its initial execution finishes. By finalizing state (Effects) before the call (Interaction), subsequent reentrant calls see the updated, consistent state, preventing double-spends or logic errors. The infamous 2016 DAO hack exploited a violation of this pattern.
05
Enforces Atomicity & Consistency
The pattern ensures operations are atomic from the perspective of the calling contract. If an external call fails or reverts, the state changes (Effects) have already been securely recorded. This maintains consistency and prevents partial executions that could leave the contract in an invalid or exploitable state.
06
A Foundational Best Practice
CEI is not a specific function but a design template applied to every function that interacts externally. It is a cornerstone of secure smart contract development, mandated by auditors and formal verification tools. While newer solutions like Reentrancy Guards (nonReentrant modifier) provide additional protection, CEI remains the essential underlying discipline.
code-example
SECURITY PATTERN
Code Example: CEI vs. Vulnerable Pattern
A practical comparison demonstrating the critical security difference between the Checks-Effects-Interactions (CEI) pattern and a common, vulnerable alternative in smart contract development.
The Checks-Effects-Interactions (CEI) pattern is a defensive programming paradigm that structures function execution to prevent reentrancy attacks by strictly ordering operations: first perform all checks (e.g., validating inputs and permissions), then update all internal effects (e.g., state variables), and finally execute external interactions (e.g., call, transfer). This sequence ensures the contract's state is finalized and consistent before any external call is made, which could potentially call back into the function. In contrast, a vulnerable pattern inverts this order, performing an external interaction before updating internal state, leaving a temporary inconsistency that a malicious contract can exploit.
Consider a simple withdrawal function. A vulnerable implementation might first send Ether via address.send(amount) and then update a balance mapping with balances[msg.sender] = 0. This creates a dangerous window where the recipient's contract can re-enter the withdrawal function via a receive or fallback function. Because the sender's balance hasn't yet been zeroed, the checks pass again, allowing funds to be drained. The CEI-compliant version safeguards against this by first zeroing the balance (balances[msg.sender] = 0) as the effect, and only then performing the external transfer as the final interaction.
This vulnerability is not theoretical; it was the primary attack vector in the infamous DAO hack of 2016. Modern Solidity developers often use the ReentrancyGuard modifier from libraries like OpenZeppelin as an additional layer of protection, which implements a mutex lock. However, CEI remains a fundamental and essential code-level discipline. It is a logical guard that should be applied even when using other mitigations, as it promotes a clear and secure architecture by design, reducing the attack surface for a wide range of state manipulation exploits beyond just simple reentrancy.
visual-explainer
CHECKS-EFFECTS-INTERACTIONS
Visualizing the CEI Pattern
A conceptual guide to understanding the execution flow of a secure smart contract function.
The Checks-Effects-Interactions (CEI) pattern is a defensive programming template that dictates a strict, three-phase order of operations within a smart contract function to prevent critical vulnerabilities like reentrancy attacks. By enforcing a sequence where state changes are finalized before any external calls, it creates a logical barrier against malicious contracts that could exploit intermediate states. Visualizing this pattern as a one-way flow—from validation, to internal updates, to external communication—is key to writing robust Solidity code.
The first phase, Checks, involves validating all preconditions and inputs at the function's entry point. This includes verifying caller permissions (e.g., using require(msg.sender == owner)), ensuring sufficient balances, and checking that parameters are within expected bounds. These initial guards act as a fail-fast mechanism, preventing the function from proceeding with invalid or malicious data. Proper checks are the foundation for predictable contract behavior and gas efficiency, as they revert transactions before any costly state modifications are made.
Following successful checks, the Effects phase is where the contract's internal state variables are updated. This includes operations like deducting a balance, incrementing a counter, or setting a new owner address. Crucially, all intended state changes for the transaction should be written to storage before any interaction with external addresses. This step solidifies the contract's new state, making it impossible for an external call to re-enter the function and observe or interact with an inconsistent, intermediate version of the data.
The final Interactions phase is where the function performs external calls to other contracts or transfers native tokens (e.g., using .call{value: ...}() or .transfer()). By this point, all internal logic and state updates are complete, making the contract's state consistent and immutable for the remainder of the transaction. If the external call fails or triggers a reentrant callback, the attacker will encounter a contract that has already recorded the effects of the initial call, neutralizing the threat. This strict ordering is the core defense of the pattern.
A classic example is a simple withdrawal function. First, it checks that the caller has a sufficient balance. Then, it effects the state by zeroing out the caller's balance in the contract's storage. Finally, it interacts by sending the Ether to the caller's address. If this order were reversed—sending Ether before updating the balance—a malicious contract's receive function could re-enter the withdrawal function, pass the balance check again, and drain funds multiple times in a single transaction.
security-considerations
CHECKS-EFFECTS-INTERACTIONS
Security Considerations and Limitations
The Checks-Effects-Interactions (CEI) pattern is a critical smart contract design principle that prevents reentrancy attacks by enforcing a strict order of operations.
01
Core Definition
Checks-Effects-Interactions is a defensive programming pattern that mandates a specific execution order: first perform all checks (e.g., validating inputs and permissions), then update all internal effects (e.g., state variables), and finally perform external interactions (e.g., calls to other contracts). This sequence prevents state corruption during reentrant calls.
02
The Reentrancy Vulnerability
A reentrancy attack occurs when a malicious contract exploits a state update that happens after an external call. For example, in a vulnerable withdrawal function, if the contract sends Ether before updating the user's balance, the attacker's fallback function can recursively call back into the original function, draining funds. The 2016 DAO hack exploited this flaw, resulting in the loss of ~3.6 million ETH.
03
Applying the Pattern
To implement CEI, structure your function as follows:
- Checks:
require(msg.sender == owner, "Not owner"); - Effects:
balances[msg.sender] = 0; - Interactions:
(bool success, ) = msg.sender.call{value: amount}("");This ensures the contract's state is finalized before any external call is made, making reentrancy impossible for that state.
04
Limitations and Complementary Guards
CEI is not a silver bullet. It primarily guards against single-function reentrancy. Developers must also consider:
- Cross-function reentrancy: An attacker re-enters a different function that shares state.
- Use of ReentrancyGuard: A modifier (like OpenZeppelin's) that uses a mutex lock (
nonReentrant). - Pull-over-push architecture: Having users withdraw funds themselves, eliminating untrusted external calls from the contract.
05
Real-World Example: Secure vs. Vulnerable
Vulnerable Code (Wrong Order):
solidityfunction withdraw() public { uint amount = balances[msg.sender]; (bool success, ) = msg.sender.call{value: amount}(""); // INTERACTION FIRST require(success); balances[msg.sender] = 0; // EFFECT LAST - TOO LATE! }
Secure Code (CEI Pattern):
solidityfunction withdraw() public { uint amount = balances[msg.sender]; // CHECK (implicit) balances[msg.sender] = 0; // EFFECT FIRST (bool success, ) = msg.sender.call{value: amount}(""); // INTERACTION LAST require(success); }
06
Related Security Patterns
CEI is part of a broader secure development toolkit:
- Pull Payments: Mitigates reentrancy by having beneficiaries "pull" funds.
- Rate Limiting / Caps: Limits the amount withdrawable per transaction or time period.
- Emergency Stop: A circuit breaker (
pausemodifier) to halt functions during an attack. - Formal Verification: Using tools like Certora or Scribble to mathematically prove a contract adheres to its specification, including the CEI pattern.
ecosystem-usage
SECURITY PATTERN
Ecosystem Usage and Adoption
The Checks-Effects-Interactions pattern is a critical smart contract security design principle used to prevent reentrancy attacks and other state inconsistencies by strictly ordering operations.
01
Core Principle
The pattern mandates a strict, three-step execution order for functions that modify state and call external contracts:
- Checks: Validate all conditions and arguments (e.g., balances, permissions).
- Effects: Update all internal state variables of the current contract.
- Interactions: Perform external calls to other contracts or addresses.
This order prevents the external call from interfering with the contract's own state logic.
02
Preventing Reentrancy
This is the primary defense against reentrancy attacks. By updating state before making an external call, the contract's critical invariants (like a user's balance) are already set to their new values. If the called contract maliciously re-enters the original function, the Checks phase will fail because the state has already been updated, blocking the attack. This made the pattern essential after the infamous DAO hack.
03
Implementation Example
A secure withdrawal function following the pattern:
solidityfunction withdraw(uint amount) public { // CHECK: Verify the user has sufficient balance require(balances[msg.sender] >= amount, "Insufficient balance"); // EFFECT: Update the user's balance state FIRST balances[msg.sender] -= amount; // INTERACTION: Send ether after state is safe (bool success, ) = msg.sender.call{value: amount}(""); require(success, "Transfer failed"); }
The dangerous anti-pattern is performing the Interaction before the Effect.
04
Beyond Reentrancy
While famous for stopping reentrancy, the pattern also guards against other state consistency issues:
- Race Conditions: Ensures a consistent view of state for all external interactions.
- Logic Flows: Makes function execution paths more predictable and easier to reason about during audits.
- Gas Optimization: Failed checks revert early, saving gas before costly state changes or external calls are made.
06
Adoption & Best Practice
This pattern is a foundational security teaching in all major smart contract development resources. Its adoption is measured by its inclusion in:
- Security Audits: A primary check for auditors reviewing state-changing functions.
- Developer Tooling: Linters and static analyzers like Slither flag violations.
- Educational Standards: It is a core module in platforms like CryptoZombies and the Ethereum Foundation's resources. Adherence is considered a mark of professional contract design.
CHECKS-EFFECTS-INTERACTIONS PATTERN
Common Misconceptions About CEI
The Checks-Effects-Interactions (CEI) pattern is a fundamental smart contract security practice, but its application and limitations are often misunderstood. This section clarifies the most frequent points of confusion.
No, while the CEI pattern is a primary defense against reentrancy attacks, its core purpose is to establish a robust state management order that prevents a broader class of vulnerabilities. By performing all state changes (effects) before making external calls (interactions), you create a state machine that is internally consistent before ceding control to an external contract. This principle also mitigates issues like cross-function reentrancy, where a malicious contract re-enters a different function, and other state consistency bugs that can arise from unexpected execution flows. CEI is a foundational discipline for writing predictable and secure contracts.
CHECKS-EFFECTS-INTERACTIONS PATTERN
Frequently Asked Questions (FAQ)
The Checks-Effects-Interactions pattern is a critical smart contract security and design principle that prevents common vulnerabilities by enforcing a strict order of operations. This FAQ addresses its purpose, implementation, and importance for developers.
The Checks-Effects-Interactions (CEI) pattern is a smart contract development best practice that mandates a specific, secure order of operations within a function to prevent reentrancy attacks and state inconsistencies. It requires that a function first performs all necessary validations and condition checks, then updates the contract's internal state variables (effects), and only finally makes external calls to other contracts or addresses (interactions). This sequence isolates state changes from external dependencies, ensuring the contract's internal logic is completed and its state is finalized before any potentially malicious external code can execute and interfere.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall