State the pattern clearly: "I follow checks-effects-interactions religiously — validate inputs, update state, then make external calls. I also use OpenZeppelin ReentrancyGuard as defence in depth."
Reentrancy occurs when a contract makes an external call before updating its own state, allowing the called contract to re-enter and repeat the action (e.g., withdraw funds multiple times). The DAO hack (2016) exploited this to drain 3.6M ETH. Prevention: checks-effects-interactions pattern (update state before external calls), ReentrancyGuard modifier (OpenZeppelin), or pull payment pattern. Strong candidates discuss read-only reentrancy via view functions and cross-function reentrancy.
Fundamental smart contract security. Candidates who cannot explain reentrancy should not be writing contracts that handle funds. Ask about cross-function reentrancy to test depth beyond the basic single-function case.