Accept ERC-20 tokens instead of ETH

[guidanoli]

Closes #85

[guidanoli]

Rollmelette 0.1.0 has a bug on ERC-20 withdraw vouchers having the wrong destination address. See https://github.com/gligneul/rollmelette/issues/2 for more information on that.

[guidanoli]

Rollmelette v0.1.1 has fixed this bug. A bump is performed by PR #89, which this PR is based on.

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
bug-buster	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 22, 2024 7:41pm

[guidanoli]

Here's an overview of the changes:

Back-end

• No longer accept inputs from the Ether portal
• Start accepting inputs from the ERC-20 portal
• Add Token field to AppBounty and CreateAppBounty structs
• Check if sponsorships use the token established by developer

CLI

• Update sponsor command to use the ERC-20 portal

Tests

• Refactor advance_ether_deposit into advance_erc20_deposit
• Define several dummy ERC-20 token contract addresses
• Add token field to sponsorship inputs and expected states

Front-end

• Update state and input schema
• Add required "Token" field to bounty creation form
• Add auxiliary "Token" field to sponsorship form for extra reference (see screenshot below)
• Display ERC-20 token amount instead of ETH, using symbol and decimals, when available
• Add hover card to ERC-20 token symbol to show the token contract address
• Add "Approve" button to sponsorship form
• Update voucher decoding logic, now only expecting transfer function calls
• Update "add sponsorship" hook to interact with the ERC-20 portal

[guidanoli]

Hovering your cursor over the ERC-20 token symbol will display the token contract address. This is important because anyone can create a fake ERC-20 token contract with the same symbol as a real one. The address is meant to distinguish the two.

Observation: with the hover card component from Mantine, it is possible to select the token address, and copy it. It's not a tooltip, it's an actual React component.

[guidanoli]

I've also taken inspiration from the Rollups Explorer when dealing with ERC-20 tokens. Also, buttons related to transactions show a "loading" animation when user input is requested through a wallet browser extension.

[guidanoli]

Also, the sponsorship form now has a disabled "Token address" field to show the address of the ERC-20 token set by the developer during creation.

[guidanoli]

I've also added this "loading" animation to the "Test" button on the exploit form.