fix: remove non reentrant

[hmzakhalid]

Summary by CodeRabbit

Release Notes

• Updates
  • Modified the claimRewards function to no longer return a value.
  • Updated contract build metadata to the latest compiler version.
  • Adjusted internal contract protection mechanisms across multiple functions.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
enclave-enclave-dashboard	Ready	Preview, Comment	May 22, 2026 6:21am

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
crisp	Skipped		May 22, 2026 6:21am
enclave-docs	Skipped		May 22, 2026 6:21am

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR systematically removes reentrancy guard protections (ReentrancyGuard and ReentrancyGuardUpgradeable) from multiple core contracts across the Enclave system. Compiled artifacts are regenerated with updated buildInfoId values, and the claimRewards function ABI is updated to remove its return value.

Changes

Reentrancy Guard Removal

Layer / File(s)	Summary
Artifact metadata and interface signature updates packages/enclave-contracts/artifacts/contracts/interfaces/I*.sol/*json, packages/enclave-contracts/artifacts/contracts/token/EnclaveTicketToken.sol/EnclaveTicketToken.json	Contract artifacts are recompiled with updated buildInfoId values. The IEnclave interface ABI removes the totalClaimed return value from claimRewards(uint256[] e3Ids). All other artifacts reflect only build metadata changes resulting from source code recompilation.
Enclave core contract—remove ReentrancyGuardUpgradeable packages/enclave-contracts/contracts/Enclave.sol	Removes ReentrancyGuardUpgradeable import, inheritance, and initialization call. Removes nonReentrant modifier from seven external entrypoints: request, publishCiphertextOutput, publishPlaintextOutput, claimReward, claimRewards, treasuryClaim, leaving only the function signature and body logic unchanged.
E3RefundManager—remove ReentrancyGuardUpgradeable packages/enclave-contracts/contracts/E3RefundManager.sol	Removes ReentrancyGuardUpgradeable import, inheritance, and initialization. Removes nonReentrant modifier from five external functions: claimRequesterRefund, claimHonestNodeReward, withdrawOrphanedSlashedFunds, claimSlashedFundsOnSuccess, claimSlashedFundsOnSuccessBatch, treasuryClaim, while preserving access control modifiers.
Registry contracts—remove reentrancy guards packages/enclave-contracts/contracts/registry/BondingRegistry.sol, packages/enclave-contracts/contracts/registry/CiphernodeRegistryOwnable.sol	BondingRegistry removes nonReentrant from claimExits, distributeRewards, and withdrawSlashedFunds. CiphernodeRegistryOwnable removes ReentrancyGuardUpgradeable inheritance and initialization, and removes nonReentrant from publishCommittee and finalizeCommittee. In publishCommittee, storage assignments for c.publicKey and publicKeyHashes[e3Id] are moved earlier, immediately after committeeHash is computed and before proof verification.
SlashingManager—remove ReentrancyGuard packages/enclave-contracts/contracts/slashing/SlashingManager.sol	Removes ReentrancyGuard import and inheritance. Removes nonReentrant modifier from proposeSlash and executeSlash external function declarations.
EnclaveTicketToken—remove nonReentrant modifiers packages/enclave-contracts/contracts/token/EnclaveTicketToken.sol	Removes nonReentrant modifier from payout(address to, uint256 amount) and rescueERC20(IERC20 token, address to, uint256 amount) while retaining their access control modifiers (onlyRegistry and onlyOwner respectively).

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• gnosisguild/enclave#1542: Modifies request(...) entrypoint logic and reentrancy-related behavior in Enclave.sol, overlapping with this PR's changes to the same function.
• gnosisguild/enclave#1545: Also removes ReentrancyGuard and nonReentrant from the same set of contracts (Enclave, E3RefundManager, BondingRegistry, CiphernodeRegistryOwnable, SlashingManager, EnclaveTicketToken).
• gnosisguild/enclave#752: Modifies reentrancy protection on request, publishCiphertextOutput, and publishPlaintextOutput in Enclave.sol, with direct conflict to this PR's removal of those guards.

Suggested reviewers

• cedoor
• ctrlc03
• auryn-macmillan

Poem

🐰 Reentrancy guards bid farewell,
Functions dance without the spell,
Trust replaces safety's fence,
Simpler flow, newfound sense. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: removing nonReentrant modifiers across multiple contract files throughout the codebase.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/non-reentrant

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

packages/enclave-contracts/contracts/Enclave.sol (1)

1156-1163: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Preserve claimRewards return value to avoid ABI breakage.

Removing the return value changes externally observable behavior; existing integrators decoding uint256 can break at runtime. Keep the return for backward compatibility.

Suggested compatibility fix

-    function claimRewards(uint256[] calldata e3Ids) external {
+    function claimRewards(
+        uint256[] calldata e3Ids
+    ) external returns (uint256 totalClaimed) {
         uint256 len = e3Ids.length;
-        uint256 totalClaimed;
         for (uint256 i = 0; i < len; i++) {
             totalClaimed += _claimReward(e3Ids[i], msg.sender);
         }
         require(totalClaimed > 0, NothingToClaim());
+        return totalClaimed;
     }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/enclave-contracts/contracts/Enclave.sol` around lines 1156 - 1163,
The claimRewards function removed its uint256 return value causing an ABI break;
restore the original external signature to return uint256 and return
totalClaimed at the end while keeping the existing logic (accumulate
totalClaimed via _claimReward(e3Ids[i], msg.sender) and the require(totalClaimed
> 0, NothingToClaim()) check) so callers continue receiving the claimed amount.

packages/enclave-contracts/contracts/registry/BondingRegistry.sol (1)

444-464: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

bondLicense still has nonReentrant modifier - inconsistent with PR goal.

This function retains the nonReentrant modifier (line 446) while other similar functions (claimExits, distributeRewards, withdrawSlashedFunds) have had it removed. This appears inconsistent with the PR's stated objective of removing reentrancy guards.

If the intent is to keep nonReentrant here due to the external safeTransferFrom call followed by state updates, the same logic should apply to other functions. Otherwise, remove it for consistency.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/enclave-contracts/contracts/registry/BondingRegistry.sol` around
lines 444 - 464, The bondLicense function still has the nonReentrant modifier
which is inconsistent with the PR's removal of reentrancy guards; remove the
nonReentrant modifier from the bondLicense function signature (function
bondLicense(uint256 amount) external ...) so its declaration matches other
functions like claimExits/distributeRewards/withdrawSlashedFunds, and verify
that the safeTransferFrom -> operators[msg.sender].licenseBond state update
sequence in bondLicense remains safe without the modifier (no additional
imports/guards need to be left behind).

🧹 Nitpick comments (1)

packages/enclave-contracts/contracts/token/EnclaveTicketToken.sol (1)

51-58: ⚡ Quick win

Inconsistent: ReentrancyGuard still inherited but only partially used.

The contract still inherits ReentrancyGuard (line 57) and imports it (lines 26-27), but nonReentrant is removed from payout and rescueERC20 while retained on depositFor, depositFrom, and withdrawTo.

If the PR goal is to remove reentrancy guards, this should be done consistently. If some functions genuinely need the guard while others don't, document why.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/enclave-contracts/contracts/token/EnclaveTicketToken.sol` around
lines 51 - 58, The contract EnclaveTicketToken inconsistently retains
ReentrancyGuard inheritance and import while only applying nonReentrant to some
functions (depositFor, depositFrom, withdrawTo) but not to payout and
rescueERC20; either remove the ReentrancyGuard import and the
ERC20Wrapper/ReentrancyGuard inheritance entirely and strip nonReentrant from
the remaining functions, or consistently apply the guard by adding nonReentrant
to payout and rescueERC20 and keep the import and inheritance; make the choice
and update the contract declaration and imports accordingly, and if you
intentionally keep mixed usage, add a short comment next to each function
(depositFor, depositFrom, withdrawTo, payout, rescueERC20) documenting why it
does or does not require nonReentrant.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@packages/enclave-contracts/contracts/Enclave.sol`:
- Around line 1156-1163: The claimRewards function removed its uint256 return
value causing an ABI break; restore the original external signature to return
uint256 and return totalClaimed at the end while keeping the existing logic
(accumulate totalClaimed via _claimReward(e3Ids[i], msg.sender) and the
require(totalClaimed > 0, NothingToClaim()) check) so callers continue receiving
the claimed amount.

In `@packages/enclave-contracts/contracts/registry/BondingRegistry.sol`:
- Around line 444-464: The bondLicense function still has the nonReentrant
modifier which is inconsistent with the PR's removal of reentrancy guards;
remove the nonReentrant modifier from the bondLicense function signature
(function bondLicense(uint256 amount) external ...) so its declaration matches
other functions like claimExits/distributeRewards/withdrawSlashedFunds, and
verify that the safeTransferFrom -> operators[msg.sender].licenseBond state
update sequence in bondLicense remains safe without the modifier (no additional
imports/guards need to be left behind).

---

Nitpick comments:
In `@packages/enclave-contracts/contracts/token/EnclaveTicketToken.sol`:
- Around line 51-58: The contract EnclaveTicketToken inconsistently retains
ReentrancyGuard inheritance and import while only applying nonReentrant to some
functions (depositFor, depositFrom, withdrawTo) but not to payout and
rescueERC20; either remove the ReentrancyGuard import and the
ERC20Wrapper/ReentrancyGuard inheritance entirely and strip nonReentrant from
the remaining functions, or consistently apply the guard by adding nonReentrant
to payout and rescueERC20 and keep the import and inheritance; make the choice
and update the contract declaration and imports accordingly, and if you
intentionally keep mixed usage, add a short comment next to each function
(depositFor, depositFrom, withdrawTo, payout, rescueERC20) documenting why it
does or does not require nonReentrant.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7d5a104c-b68e-4bb2-8575-cbca64c77bb1

📥 Commits

Reviewing files that changed from the base of the PR and between 5c76293 and 3b04763.

📒 Files selected for processing (13)

• packages/enclave-contracts/artifacts/contracts/Enclave.sol/Enclave.json
• packages/enclave-contracts/artifacts/contracts/interfaces/IBondingRegistry.sol/IBondingRegistry.json
• packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json
• packages/enclave-contracts/artifacts/contracts/interfaces/IEnclave.sol/IEnclave.json
• packages/enclave-contracts/artifacts/contracts/interfaces/ISlashingManager.sol/ISlashingManager.json
• packages/enclave-contracts/artifacts/contracts/registry/CiphernodeRegistryOwnable.sol/CiphernodeRegistryOwnable.json
• packages/enclave-contracts/artifacts/contracts/token/EnclaveTicketToken.sol/EnclaveTicketToken.json
• packages/enclave-contracts/contracts/E3RefundManager.sol
• packages/enclave-contracts/contracts/Enclave.sol
• packages/enclave-contracts/contracts/registry/BondingRegistry.sol
• packages/enclave-contracts/contracts/registry/CiphernodeRegistryOwnable.sol
• packages/enclave-contracts/contracts/slashing/SlashingManager.sol
• packages/enclave-contracts/contracts/token/EnclaveTicketToken.sol

[ctrlc03]

utACK