Add cross-cutting reentrancy_guard wrapping around external SAC transfers in withdraw and distribute_payouts

[greatest0fallt1me]

Description

The reentrancy_guard module exposes with_external_call/before_external_call/after_external_call, but it must actually wrap every cross-contract token transfer. withdraw, claim_winnings, distribute_payouts, and withdraw_collected_fees perform SAC transfer calls that should follow checks-effects-interactions and be guarded so a malicious token cannot re-enter mid-payout.

Requirements and Context

• Identify all external transfer calls in contracts/predictify-hybrid/src/lib.rs / bets.rs / fees.rs.
• Apply state mutation before the transfer and wrap the transfer in ReentrancyGuard::with_external_call.
• Ensure guard state is restored on transfer failure.
• Must be secure, tested, and documented
• Should be efficient and easy to review

Suggested Execution

1. Fork the repo and create a branch

   git checkout -b task/reentrancy-guard-transfers

2. Implement changes
   • contracts/predictify-hybrid/src/lib.rs, contracts/predictify-hybrid/src/bets.rs, contracts/predictify-hybrid/src/fees.rs, contracts/predictify-hybrid/src/reentrancy_guard.rs
3. Test and commit
   • cargo test -p predictify-hybrid -- reentrancy
   • Cover edge cases: re-entrant token mock, transfer failure rollback
   • Include test output and notes in the PR

Example commit message

task: guard external token transfers against reentrancy

Acceptance Criteria

• All payout/withdraw transfers follow checks-effects-interactions
• Transfers are wrapped by the reentrancy guard
• A re-entrant token mock cannot double-spend in tests

Guidelines

• Minimum 95% coverage on touched code, validate reentrancy-equivalent assumptions
• Clear documentation and inline comments
• Timeframe: 96 hours

[Oluwasuyi-Timilehin]

@Oluwasuyi-Timilehin has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hi

I would love to work on this issue and contribute to the project.

I’ve reviewed the details and feel confident that I can investigate and implement a solid solution for this.

If this issue is currently unassigned and open for external contributors, could you please assign it to me? I will get started on a fix right away and submit a Pull Request as soon as it's ready.

Please let me know if there are any specific guidelines or approaches you'd like me to follow for this particular task.

Thanks.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Oluwasuyi-Timilehin to this issue.

[drips-wave]

Congratulations, @Oluwasuyi-Timilehin! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @Oluwasuyi-Timilehin: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊