Reentrancy Vulnerability Mechanics

Reentrancy vulnerability occurs when a smart contract makes an external call to an untrusted contract before updating its own internal state. The untrusted contract can then recursively call back into the original function, effectively re-entering the contract before the first execution has completed.

This allows an attacker to repeatedly withdraw funds or manipulate balances because the contract still believes the initial transaction is in progress. This vulnerability is a classic example of how state management errors in code can lead to massive financial losses in decentralized finance.

Proper mitigation involves using mutexes or ensuring that state changes, such as balance updates, are completed before any external interactions are initiated.