Too Long; Didn't Read
A reentrancy attack occurs when a function makes an external call to another untrusted contract. Then the untrtrusted contract makes a call back to the original function in an attempt to drain funds. When the contract fails to update its state prior to sending funds the attacker can continuously call the withdraw function to drain the contract’s funds. A famous real-world attack is the DAO attack which caused a loss of 60 million US dollars. A vulnerable smart contract has 10 eth. An attacker stores 1 eth using the deposit function. An attacker calls withdraw function and points to a malicious contract as a recipient.