Reentrancy risk on WEDXIndexPortfolio's deposit() and withdraw()

The supplyLendToken and withdrawLendToken functions in the WEDXIndexPortfolio contract don't implement the CEI Pattern and hence are vulnerable to reentrancy attacks when interacting with ERC777 tokens. These tokens can execute custom logic during transfer operations, which can potentially allow a malicious contract to re-enter and manipulate the state of the WEDXIndexPortfolio contract.

Both the supplyLendToken and withdrawLendToken functions interact with external contracts for token transfers and lending operations. Specifically, these functions call into Aave's lending pool to supply or withdraw assets. If an ERC777 token is used, its hooks (tokensToSend and tokensReceived) can be exploited to trigger reentrant calls back into these functions, potentially leading to unexpected behaviors such as multiple withdrawals or supplies in a single transaction, manipulating balances or state in a manner advantageous to the attacker.

If exploited, an attacker could potentially manipulate account balances, duplicate assets, or cause financial loss to users by triggering unintended actions within the contract. This could undermine the integrity of the lending protocol and lead to loss of user funds.

To mitigate this vulnerability, consider the following changes:

1. Use Reentrancy Guards. Implement reentrancy guards in the supplyLendToken and withdrawLendToken functions to prevent reentrant calls.

2. External Call Placement. Review and adjust the order of external calls and state updates in accordance with the checks-effects-interactions pattern to minimize the impact of any reentrant calls.