Glossary
Reentrancy
A smart-contract bug where a malicious external call re-enters the calling contract mid-execution, before its state updates have been committed.
The 2016 DAO hack — which drained 60M USD of ETH and ultimately prompted the Ethereum / Ethereum Classic split — was a reentrancy exploit. A victim contract sent ETH to an attacker via low-level call, the attacker immediately called back into the victim, and because the victim hadn't yet decremented its internal balance, the attacker could withdraw the same balance repeatedly.
The fix is the "checks-effects-interactions" pattern: validate inputs, update state, then make external calls last. Reentrancy guards (a mutex) are the safety net for cases where the pattern is hard to enforce.