What is a reentrancy attack and how do you prevent it in smart contracts?

Reentrancy happens when a contract calls an external address that re-enters the contract before state updates finish. Prevention: - Checks-Effects-Interactions pattern - Reentrancy guards - Pull payments over push payments Always assume external calls can be malicious and design state transitions to be safe under re-entry.