What are internal transactions?

Have you ever noticed, while looking on etherscan, some transactions with smart contracts include an extra section that says “transfer” and then an amount of ETH? Ever wondered what that was? How does it work? Are they dangerous? That is an internal transaction. This article will dive into how smart contracts use internal transactions, where you might encounter them on Ethereum, and the risks associated with them.

A Quick Look at Ethereum Transactions

Transactions serve as the cornerstone of activity on the Ethereum blockchain, representing the actions initiated by users. These actions encompass a diverse range of operations, but the primary function of most transactions is the transfer of tokens from one address to another. This includes Ethereum’s native coin, Ether (ETH), and tokens like USDC. 

Beyond simple value transfers, transactions on Ethereum extend their impact through the execution of smart contracts. Smart contracts are self-executing “agreements” with predefined conditions. By initiating a transaction that interacts with a smart contract, users can trigger a multitude of actions. These smart contracts facilitate complex processes, ranging from decentralized finance (DeFi) protocols managing lending and borrowing to decentralized applications (DApps) offering various services, games, or experiences.

A breakdown of transaction types on the Ethereum Network, as explained in our Free 102 class

Have you ever noticed these special “to” transfers when reviewing transactions? Those are internal transactions and represent value transferred between smart contracts. They are the grease that makes Ethereum contracts interoperable and composable with each other. 

1. User sends value into contract 0xAAA…
2. Value comes out from contract 0xAAA… goes to contract 0xBBB… 

The second transaction here is the internal one. 

Internal transactions as accounting

Internal transactions can be often thought of as the accounting and housekeeping part of everyday transactions. Let’s imagine an example of a person purchasing an item at a convenience store using cash. When a customer walks into the store and initiates a transaction by handing over cash to the cashier, this mirrors a user triggering a transaction on the Ethereum blockchain involving a smart contract. 

An analogy for internal txs - they are often the housekeeping of a transaction you don't see!

In this analogy, the cashier represents the smart contract, and the cash transaction serves as the external (EOA-) user-initiated action. Now, just as the cashier might perform additional tasks behind the scenes, such as giving change or updating inventory records, a smart contract's code may include instructions for internal transactions. These internal transactions can be akin to the cashier's behind-the-counter actions.

What are internal transactions really?

In simple terms, internal transactions occur when there is a transfer of Ether (ETH) within the context of a smart contract. Unlike external transactions initiated by users directly interacting with the blockchain, internal transactions are always tied to the execution of smart contracts. In this scenario, the smart contract acts as the orchestrator, facilitating the movement of ETH between itself and another address. Internal transactions are essential components that allow smart contracts to automatically manage and distribute assets according to their code. Here’s an example of an internal transaction on Etherscan here.

What sets them apart 

Internal transactions in Ethereum are outcomes of smart contract execution and are not directly initiated by users; they are internal to Ethereum code. When a user triggers a transaction involving a smart contract, the contract's code may execute additional operations or interact with other contracts by sending internal transactions to them. 

Unlike Externally Owned Accounts (EOAs), smart contracts lack the ability to independently initiate transactions, they must be triggered by something else. EOAs, controlled by user-held private keys, are the entities with the capability to initiate transactions. Smart contracts can only execute code in response to transactions initiated by EOAs.

Smart Contracts and Internal Transactions

If you aren’t familiar with smart contracts, “[a] smart contract is simply a program that runs on the Ethereum blockchain. It's a collection of code… and data… that resides at a specific address on the Ethereum blockchain” (ethereum.org).

How smart contracts trigger internal transactions

When a user initiates a transaction involving a smart contract, the contract's code may include instructions for additional operations or interactions with other contracts. As the original transaction is processed, these instructions trigger internal transactions to other contracts or EOA addresses.

Where you might encounter internal transactions

(Un)Wrapping Ether

When unwrapping Wrapped Ether (WETH) you will encounter an internal transaction as part of the process. Unwrapping involves burning WETH ERC20 tokens in exchange for native ETH which is transferred to an address via an internal transaction.

Unwrap 4 ETH

Token Swaps

Swapping tokens on a decentralized exchange (DEX) like Uniswap for native ETH also involves internal transactions. When you submit a trade order, the Uniswap smart contract executes a series of internal transactions and associated actions to handle the token swap. This includes adjusting liquidity pools and ultimately delivering the equivalent amount of native ETH to your wallet.

USDC token swap on Uniswap

NFT Sales

Similarly, when someone purchases your NFT on a marketplace for ETH, the transaction triggers an internal transaction. Within the same transaction, the sold NFT is transferred to the new owner’s address and ETH is sent to your wallet via an internal transaction.

Blur NFT sale

Risks and Safety

Are internal transactions dangerous?

No, they are a fundamental feature of Ethereum, but their security is closely tied to the reliability of the smart contracts carrying out transactions. While internal transactions themselves are not inherently risky, there are security threats that arise from vulnerabilities within the code and logic of the smart contracts; reentrancy attacks are the most common exploit. But for the average user, simply knowing where to find them on etherscan; how and why they might show up there, will increase their understanding of etherscan and how to look at smart contract blockchains in general!

Additional Resources

• https://info.etherscan.com/understanding-an-ethereum-transaction/
• https://docs.moralis.io/web3-data-api/evm/internal-transaction
• https://ethereum.org/en/developers/docs/smart-contracts/ 
• https://boringsecurity.com/articles/why-do-we-need-weth 
• https://www.alchemy.com/overviews/reentrancy-attack-solidity 

Have any questions or want to learn more about web3 security and stay up to date on the most current security information, scams, and tactics? Join us in our discord at https://discord.gg/boringsecurity .