Not following CEI pattern

The WEDXBasePortfolio smart contract exhibits multiple instances where the Check-Effects-Interactions (CEI) pattern is not properly implemented. This pattern is crucial for preventing reentrancy attacks and ensuring state consistency.

Although the user should only have access to his own portfolio not being able to withdraw any additional funds than the ones he deposited, it is recommended to correct the implementation.

1. Withdraw Function (withdraw): This function interacts with external contracts for token swaps before updating the internal totalAssets state. This sequence could allow reentrancy or manipulation of state through callbacks from called contracts.
2. Brute Force Withdraw Function (withdrawBruteForced): Similar to the withdraw function, assets are transferred before the totalAssets state is updated, which exposes the contract to reentrancy attacks.
3. Portfolio Reset Function (_setPortfolio): The function performs external interactions with potentially untrusted contracts to swap tokens before updating the totalAssets. This could be exploited if the external contracts called are malicious or contain reentrant functions.

If exploited, these vulnerabilities could allow an attacker, potentially even the owner, to manipulate contract balances, extract funds unduly, or influence the contract operations to their benefit.

The risk is low as mentioned earlier, yet, we recommend to fix it.

• Adhere Strictly to the CEI Pattern. Ensure that all state changes occur before external calls or token transfers. This rearrangement of operations will prevent reentrancy and preserve state integrity.
• Implement Reentrancy Guards. Utilize OpenZeppelin's ReentrancyGuard to block reentrant calls across all state-changing public and external functions.