Core Contracts

## Summary

In the StabilityPool contract, the ReentrancyGuard from OpenZeppelin is inherited but not initialized in the constructor. This can lead to vulnerabilities where functions susceptible to reentrancy attacks may be exploited, as the reentrancy protection mechanism is not enabled.

## Vulnerability Details

• Issue:
  The StabilityPool contract inherits from ReentrancyGuard, but the constructor does not call the _initialize function from ReentrancyGuard. As a result, the reentrancy guard is not properly initialized, leaving the contract exposed to reentrancy attacks.

• Affected Code:
  The constructor should initialize the ReentrancyGuard contract:

  __ReentrancyGuard_init();

• Root Cause:
  The ReentrancyGuard initialization is missing in the initialize function, which may leave the contract vulnerable to reentrancy attacks on functions that involve external calls.

## Recommendations

1. Initialize ReentrancyGuard in Constructor:
   Ensure the ReentrancyGuard is initialized properly during contract setup by calling:

   __ReentrancyGuard_init();

2. Modify initialize Function:
   Add the initialization call in the constructor:

   function initialize(

   address _rToken,

   address _deToken,

   address _raacToken,

   address _raacMinter,

   address _crvUSDToken,

   address _lendingPool

   ) public initializer {

   __ReentrancyGuard_init(); // Initialize ReentrancyGuard

   ...

   }

By initializing the ReentrancyGuard, the contract will be protected from potential reentrancy attacks, enhancing its security.