Add protection to prevent reentrancy from malicious token contract

[romanzac]

Problem

The test__ReentrancyProtectionRegister and test__ReentrancyProtectionWithdraw are currently failing - reentrancy attempt on register and withdrawal is possible if TOKEN is a malicious contract. Wrong token contract could be configured by a mistake for long enough to let attacker attempt reentrancy. The current situation is:

• register:
  reentrancy attack failed with low level error:
  "SafeERC20: low-level call failed"

• withdraw:
  reentrancy attack failed with business logic preventing further calls:
  "Insufficient deposit balance"

Impact

Low occurrence, low impact.

To reproduce

1. Please checkout de7b417
2. cd waku-rlnv2-contract
3. forge test --match-test test__ReentrancyProtectionRegister -vvvv
4. forge test --match-test test__ReentrancyProtectionWithdraw -vvvv

Expected behavior

RLN contract should ideally provide strong guarantees for the users regardless of chain or TOKEN contract configured.

Screenshots/logs

test__ReentrancyProtectionRegister.log
test__ReentrancyProtectionWithdraw.log

[stubbsta]

@jm-clius how should this be prioritised? It is low risk for mainnet where the token will be a well known secure token.

[jm-clius]

Since it's low priority, I would leave this for general improvements as part of the scheduled work we do before formal verification and an audit (which requires modularising/rearchitecting the contract in any case). I.e. around item 4 in logos-messaging/research#115