A reentrancy attack happens when a function is externally invoked during its execution, allowing it to be run multiple times in a single transaction. This typically occurs when a contract calls another contract before it resolves its state.
A successful reentrancy attack can lead to fund drains, unauthorized function calls, or state changes that disrupt the normal operations of the contract.
The infamous DAO hack was a reentrancy attack. An attacker exploited a reentrancy vulnerability to drain around 3.6 million Ether from the contract.