test: add reentrancy-equivalent mock token tests to vault

[ChukwuemekaP1]

Summary

This PR adds a malicious mock token and tests to simulate a reentrancy attempt during Vault token transfers. The goal is to ensure the Vault cannot be exploited via external callbacks to corrupt state or double-spend balances.

Changes

• Added malicious mock token in contracts/vault/src/test.rs

• Mock token re-enters CalloraVault::deduct during transfer

• Added tests for:

  • deduct reentrancy attempt
  • batch_deduct reentrancy attempt

• Validated that Vault state remains consistent under attack conditions

Expected Behavior

• Re-entrant calls are safely rejected or reverted
• No double-spending or balance corruption occurs
• Internal state remains deterministic after failed re-entry

Testing

cargo test -p callora-vault

All tests pass and confirm no state corruption under malicious token behavior.

Security Note

This strengthens Vault safety against reentrancy-equivalent attack vectors via external token callbacks.

[drips-wave]

Hey @ChukwuemekaP1! 👋 It looks like this PR isn't linked to any issue.

If this PR is for one of the issues assigned to you as part of a Wave, please link it to ensure your contribution is tracked properly. You can do this by adding a keyword to the PR description (e.g., Closes #123), or by clicking a button below:

Issue	Title
#344	Vault: add reentrancy-equivalent test using a malicious mock token on deduct	Link to this issue

ℹ️ Learn more about linking PRs to issues