Smart contracts on the Ethereum blockchain continue to suffer from well-published errors, leading to a lack of confidence in the whole Ethereum contract platform. A particular example is the very well-known smart contract reentrancy vulnerability, which still continues to be exploited. In this article, we present a method that provided a smart contract which may be vulnerable to such a reentrancy attack, and proceeds to attempt to automatically derive an “attacker” contract which can be used to successfully attack the vulnerable contract. The method uses property-based testing to generate, semi-randomly, large numbers of such potential attacker contracts and then checks whether any of them is a successful attacker.