docs(bundlers): add reentrancy disclosure

src/ERC4626Bundler.sol

@@ -19,6 +19,7 @@ abstract contract ERC4626Bundler is BaseBundler {
     /* ACTIONS */
 
     /// @notice Mints the given amount of `shares` on the given ERC4626 `vault`, on behalf of `receiver`.
+    /// @dev Warning: `vault` can re-enter the bundler flow.
     /// @dev Assumes the given `vault` implements EIP-4626.
     /// @param vault The address of the vault.
     /// @param shares The amount of shares to mint. Pass `type(uint256).max` to mint max.
@@ -44,6 +45,7 @@ abstract contract ERC4626Bundler is BaseBundler {
     }
 
     /// @notice Deposits the given amount of `assets` on the given ERC4626 `vault`, on behalf of `receiver`.
+    /// @dev Warning: `vault` can re-enter the bundler flow.
     /// @dev Assumes the given `vault` implements EIP-4626.
     /// @param vault The address of the vault.
     /// @param assets The amount of assets to deposit. Pass `type(uint256).max` to deposit max.
@@ -71,6 +73,7 @@ abstract contract ERC4626Bundler is BaseBundler {
     /// @notice Withdraws the given amount of `assets` from the given ERC4626 `vault`, transferring assets to
     /// `receiver`.
     /// @notice Warning: should only be called via the bundler's `multicall` function.
+    /// @dev Warning: `vault` can re-enter the bundler flow.
     /// @dev Assumes the given `vault` implements EIP-4626.
     /// @param vault The address of the vault.
     /// @param assets The amount of assets to withdraw. Pass `type(uint256).max` to withdraw max.
@@ -92,6 +95,7 @@ abstract contract ERC4626Bundler is BaseBundler {
 
     /// @notice Redeems the given amount of `shares` from the given ERC4626 `vault`, transferring assets to `receiver`.
     /// @notice Warning: should only be called via the bundler's `multicall` function.
+    /// @dev Warning: `vault` can re-enter the bundler flow.
     /// @dev Assumes the given `vault` implements EIP-4626.
     /// @param vault The address of the vault.
     /// @param shares The amount of shares to burn. Pass `type(uint256).max` to redeem max.

src/Permit2Bundler.sol

@@ -19,6 +19,7 @@ abstract contract Permit2Bundler is BaseBundler {
 
     /// @notice Permits and performs a transfer from the initiator to the recipient via Permit2.
     /// @notice Warning: should only be called via the bundler's `multicall` function.
+    /// @dev Warning: `permit.permitted.token` can re-enter the bundler flow.
     /// @dev Pass `permit.permitted.amount = type(uint256).max` to transfer all.
     /// @param permit The `PermitTransferFrom` struct.
     /// @param signature The signature.

src/PermitBundler.sol

@@ -13,6 +13,7 @@ abstract contract PermitBundler is BaseBundler {
     /// @notice Permits the given `amount` of `asset` from sender to be spent by the bundler via EIP-2612 Permit with
     /// the given `deadline` & EIP-712 signature's `v`, `r` & `s`.
     /// @notice Warning: should only be called via the bundler's `multicall` function.
+    /// @dev Warning: `asset` can re-enter the bundler flow.
     /// @param asset The address of the token to be permitted.
     /// @param amount The amount of `asset` to be permitted.
     /// @param deadline The deadline of the approval.

src/TransferBundler.sol

@@ -19,6 +19,7 @@ abstract contract TransferBundler is BaseBundler {
 
     /// @notice Transfers the minimum between the given `amount` and the bundler's balance of native asset from the
     /// bundler to `recipient`.
+    /// @dev Warning: `recipient` can re-enter the bundler flow.
     /// @dev Pass `amount = type(uint256).max` to transfer all.
     /// @param recipient The address that will receive the native tokens.
     /// @param amount The amount of native tokens to transfer.
@@ -35,6 +36,7 @@ abstract contract TransferBundler is BaseBundler {
 
     /// @notice Transfers the minimum between the given `amount` and the bundler's balance of `asset` from the bundler
     /// to `recipient`.
+    /// @dev Warning: `asset` can re-enter the bundler flow.
     /// @dev Pass `amount = type(uint256).max` to transfer all.
     /// @param asset The address of the ERC20 token to transfer.
     /// @param recipient The address that will receive the tokens.
@@ -52,6 +54,7 @@ abstract contract TransferBundler is BaseBundler {
 
     /// @notice Transfers the given `amount` of `asset` from sender to this contract via ERC20 transferFrom.
     /// @notice Warning: should only be called via the bundler's `multicall` function.
+    /// @dev Warning: `asset` can re-enter the bundler flow.
     /// @dev Pass `amount = type(uint256).max` to transfer all.
     /// @param asset The address of the ERC20 token to transfer.
     /// @param amount The amount of `asset` to transfer from the initiator.

src/UrdBundler.sol

@@ -14,6 +14,7 @@ import {BaseBundler} from "./BaseBundler.sol";
 /// @notice Bundler that allows to claim token rewards on the Universal Rewards Distributor.
 abstract contract UrdBundler is BaseBundler {
     /// @notice Claims `amount` of `reward` on behalf of `account` on the given rewards distributor, using `proof`.
+    /// @dev Warning: `distributor` can re-enter the bundler flow.
     /// @dev Assumes the given distributor implements IUniversalRewardsDistributor.
     /// @param distributor The address of the reward distributor contract.
     /// @param account The address of the owner of the rewards (also the address that will receive the rewards).

src/migration/AaveV2MigrationBundler.sol

@@ -32,6 +32,7 @@ contract AaveV2MigrationBundler is MigrationBundler {
 
     /// @notice Repays `amount` of `asset` on AaveV2, on behalf of the initiator.
     /// @notice Warning: should only be called via the bundler's `multicall` function.
+    /// @dev Warning: `asset` can re-enter the bundler flow.
     /// @dev Pass `amount = type(uint256).max` to repay all.
     /// @param asset The address of the token to repay.
     /// @param amount The amount of `asset` to repay.

src/migration/AaveV3MigrationBundler.sol

@@ -31,6 +31,7 @@ contract AaveV3MigrationBundler is MigrationBundler {
 
     /// @notice Repays `amount` of `asset` on AaveV3, on behalf of the initiator.
     /// @notice Warning: should only be called via the bundler's `multicall` function.
+    /// @dev Warning: `asset` can re-enter the bundler flow.
     /// @dev Pass `amount = type(uint256).max` to repay all.
     /// @param asset The address of the token to repay.
     /// @param amount The amount of `asset` to repay.

src/migration/AaveV3OptimizerMigrationBundler.sol

@@ -31,6 +31,7 @@ contract AaveV3OptimizerMigrationBundler is MigrationBundler {
 
     /// @notice Repays `amount` of `underlying` on the AaveV3 Optimizer, on behalf of the initiator.
     /// @notice Warning: should only be called via the bundler's `multicall` function.
+    /// @dev Warning: `underlying` can re-enter the bundler flow.
     /// @dev Pass `amount = type(uint256).max` to repay all.
     /// @param underlying The address of the underlying asset to repay.
     /// @param amount The amount of `underlying` to repay.

src/migration/CompoundV2MigrationBundler.sol

@@ -41,6 +41,7 @@ contract CompoundV2MigrationBundler is WNativeBundler, MigrationBundler {
 
     /// @notice Repays `amount` of `cToken`'s underlying asset, on behalf of the initiator.
     /// @notice Warning: should only be called via the bundler's `multicall` function.
+    /// @dev Warning: `cToken` can re-enter the bundler flow.
     /// @dev Pass `amount = type(uint256).max` to repay all.
     /// @param cToken The address of the cToken contract
     /// @param amount The amount of `cToken` to repay.
@@ -66,6 +67,7 @@ contract CompoundV2MigrationBundler is WNativeBundler, MigrationBundler {
 
     /// @notice Redeems `amount` of `cToken` from CompoundV2.
     /// @dev Initiator must have previously transferred their cTokens to the bundler.
+    /// @dev Warning: `cToken` can re-enter the bundler flow.
     /// @dev Pass `amount = type(uint256).max` to redeem all.
     /// @param cToken The address of the cToken contract
     /// @param amount The amount of `cToken` to redeem.

src/migration/CompoundV3MigrationBundler.sol

@@ -22,6 +22,7 @@ contract CompoundV3MigrationBundler is MigrationBundler {
 
     /// @notice Repays `amount` on the CompoundV3 `instance`, on behalf of the initiator.
     /// @notice Warning: should only be called via the bundler's `multicall` function.
+    /// @dev Warning: `instance` can re-enter the bundler flow.
     /// @dev Assumes the given `instance` is a CompoundV3 instance.
     /// @dev Pass `amount = type(uint256).max` to repay all.
     /// @param instance The address of the CompoundV3 instance to call.
@@ -44,6 +45,7 @@ contract CompoundV3MigrationBundler is MigrationBundler {
     /// @notice Withdraws `amount` of `asset` from the CompoundV3 `instance`, on behalf of the initiator.
     /// @notice Warning: should only be called via the bundler's `multicall` function.
     /// @dev Initiator must have previously approved the bundler to manage their CompoundV3 position.
+    /// @dev Warning: `instance` can re-enter the bundler flow.
     /// @dev Assumes the given `instance` is a CompoundV3 instance.
     /// @dev Pass `amount = type(uint256).max` to withdraw all.
     /// @param instance The address of the CompoundV3 instance to call.
@@ -65,6 +67,7 @@ contract CompoundV3MigrationBundler is MigrationBundler {
     /// @notice Approves the bundler to act on behalf of the initiator on the CompoundV3 `instance`, given a signed
     /// EIP-712 approval message.
     /// @notice Warning: should only be called via the bundler's `multicall` function.
+    /// @dev Warning: `instance` can re-enter the bundler flow.
     /// @dev Assumes the given `instance` is a CompoundV3 instance.
     /// @param instance The address of the CompoundV3 instance to call.
     /// @param isAllowed Whether the bundler is allowed to manage the initiator's position or not.