fix(audit): more reentrancy checks (#1450)

**Motivation:**

Release functions did not have a `nonReentrant` check, and while code is
well isolated it would be nice to prevent the concern entirely.

**Modifications:**

* Applied the `nonReentrant` modifier to both `releaseSlashEscrow` and
`releaseSlashEscrowByStrategy` functions within the `SlashEscrowFactory`
to prevent potential reentrancy vulnerabilities.

* Relocated the `nonReentrant` modifier from
`clearBurnOrRedistributableShares` to
`clearBurnOrRedistributableSharesByStrategy` in the `StrategyManager` to
ensure both methods are protected.

**Result:**

Less reentrancy-based security risk.

Author: 0xClandestine

src/contracts/core/SlashEscrowFactory.sol

@@ -5,11 +5,19 @@ import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
 import "@openzeppelin-upgrades/contracts/proxy/ClonesUpgradeable.sol";
 import "@openzeppelin-upgrades/contracts/proxy/utils/Initializable.sol";
 import "@openzeppelin-upgrades/contracts/access/OwnableUpgradeable.sol";
+import "@openzeppelin-upgrades/contracts/security/ReentrancyGuardUpgradeable.sol";
 import "../permissions/Pausable.sol";
 import "../mixins/SemVerMixin.sol";
 import "./SlashEscrowFactoryStorage.sol";
 
-contract SlashEscrowFactory is Initializable, SlashEscrowFactoryStorage, OwnableUpgradeable, Pausable, SemVerMixin {
+contract SlashEscrowFactory is
+    Initializable,
+    SlashEscrowFactoryStorage,
+    OwnableUpgradeable,
+    Pausable,
+    SemVerMixin,
+    ReentrancyGuardUpgradeable
+{
     using SafeERC20 for IERC20;
     using OperatorSetLib for *;
     using EnumerableSet for *;
@@ -104,7 +112,7 @@ contract SlashEscrowFactory is Initializable, SlashEscrowFactoryStorage, Ownable
     function releaseSlashEscrow(
         OperatorSet calldata operatorSet,
         uint256 slashId
-    ) external onlyWhenNotPaused(PAUSED_RELEASE_ESCROW) {
+    ) external onlyWhenNotPaused(PAUSED_RELEASE_ESCROW) nonReentrant {
         address redistributionRecipient = allocationManager.getRedistributionRecipient(operatorSet);
 
         _checkReleaseSlashEscrow(operatorSet, slashId, redistributionRecipient);
@@ -136,7 +144,7 @@ contract SlashEscrowFactory is Initializable, SlashEscrowFactoryStorage, Ownable
         OperatorSet calldata operatorSet,
         uint256 slashId,
         IStrategy strategy
-    ) external virtual onlyWhenNotPaused(PAUSED_RELEASE_ESCROW) {
+    ) external virtual onlyWhenNotPaused(PAUSED_RELEASE_ESCROW) nonReentrant {
         address redistributionRecipient = allocationManager.getRedistributionRecipient(operatorSet);
 
         _checkReleaseSlashEscrow(operatorSet, slashId, redistributionRecipient);

src/contracts/core/StrategyManager.sol

@@ -171,7 +171,7 @@ contract StrategyManager is
     function clearBurnOrRedistributableShares(
         OperatorSet calldata operatorSet,
         uint256 slashId
-    ) external nonReentrant returns (uint256[] memory) {
+    ) external returns (uint256[] memory) {
         // Get the strategies to clear.
         address[] memory strategies = _burnOrRedistributableShares[operatorSet.key()][slashId].keys();
         uint256 length = strategies.length;
@@ -190,7 +190,7 @@ contract StrategyManager is
         OperatorSet calldata operatorSet,
         uint256 slashId,
         IStrategy strategy
-    ) public returns (uint256) {
+    ) public nonReentrant returns (uint256) {
         EnumerableMap.AddressToUintMap storage burnOrRedistributableShares =
             _burnOrRedistributableShares[operatorSet.key()][slashId];
 

src/contracts/interfaces/IStrategyManager.sol

@@ -137,6 +137,7 @@ interface IStrategyManager is IStrategyManagerErrors, IStrategyManagerEvents, IS
 
     /**
      * @notice Removes burned shares from storage and transfers the underlying tokens for the slashId to the slash escrow.
+     * @dev Reentrancy is checked in the `clearBurnOrRedistributableSharesByStrategy` function.
      * @param operatorSet The operator set to burn shares in.
      * @param slashId The slash ID to burn shares in.
      * @return The amounts of tokens transferred to the slash escrow for each strategy