Crowdsale.buyTokens is now nonReentrant. (#1438)

(cherry picked from commit 6d415c5)

contracts/crowdsale/Crowdsale.sol

@@ -3,6 +3,7 @@ pragma solidity ^0.4.24;
 import "../token/ERC20/IERC20.sol";
 import "../math/SafeMath.sol";
 import "../token/ERC20/SafeERC20.sol";
+import "../utils/ReentrancyGuard.sol";
 
 /**
  * @title Crowdsale
@@ -16,7 +17,7 @@ import "../token/ERC20/SafeERC20.sol";
  * the methods to add functionality. Consider using 'super' where appropriate to concatenate
  * behavior.
  */
-contract Crowdsale {
+contract Crowdsale is ReentrancyGuard {
   using SafeMath for uint256;
   using SafeERC20 for IERC20;
 
@@ -111,9 +112,11 @@ contract Crowdsale {
 
   /**
    * @dev low level token purchase ***DO NOT OVERRIDE***
+   * This function has a non-reentrancy guard, so it shouldn't be called by
+   * another `nonReentrant` function.
    * @param beneficiary Recipient of the token purchase
    */
-  function buyTokens(address beneficiary) public payable {
+  function buyTokens(address beneficiary) public nonReentrant payable {
 
     uint256 weiAmount = msg.value;
     _preValidatePurchase(beneficiary, weiAmount);

contracts/utils/ReentrancyGuard.sol

@@ -19,11 +19,10 @@ contract ReentrancyGuard {
 
   /**
    * @dev Prevents a contract from calling itself, directly or indirectly.
-   * If you mark a function `nonReentrant`, you should also
-   * mark it `external`. Calling one `nonReentrant` function from
-   * another is not supported. Instead, you can implement a
-   * `private` function doing the actual work, and an `external`
-   * wrapper marked as `nonReentrant`.
+   * Calling a `nonReentrant` function from another `nonReentrant`
+   * function is not supported. It is possible to prevent this from happening
+   * by making the `nonReentrant` function external, and make it call a
+   * `private` function that does the actual work.
    */
   modifier nonReentrant() {
     _guardCounter += 1;