Can't understand the problem with the code

I am reading the following tutorial.

Tutorial

What is the problem with the following code:

function withdraw(uint amount) public {
     require(balances[msg.sender] >= amount);
     balances[msg.sender] -=amount;
     payable(msg.sender).transfer(amount);
     transactions++;

}

How is this code causing reentrancy attack?