Click the single line that lets a malicious contract re-enter and drain the vault:
1function withdraw(uint amount) {2 require(balance[msg.sender] >= amount);3 (bool ok,) = msg.sender.call{value: amount}("");4 balance[msg.sender] -= amount;5}
function withdraw(uint amount) {
require(balance[msg.sender] >= amount);
(bool ok,) = msg.sender.call{value: amount}("");
balance[msg.sender] -= amount;
}