Hotfix/usdt donation on mainnet

[kkatusic]

Summary by CodeRabbit

• New Features

  • Introduced a new JSON file for the USDT smart contract ABI, enabling enhanced interaction with the Ethereum blockchain.
  • Improved transaction handling for USDT transfers on the mainnet.
  • Added a new constant for testing purposes, defining a structured ABI for future contract interactions.

• Bug Fixes

  • Resolved issues with the previous ABI handling for USDT transactions.

• Documentation

  • Updated documentation to reflect the new functionalities and improvements in transaction handling.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
giveth-dapps-v2	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 8, 2024 1:18pm

[coderabbitai]

Walkthrough

The changes introduce a new JSON file, usdtMainnetABI.json, which outlines the Application Binary Interface (ABI) for a smart contract on the Ethereum blockchain, detailing its functions and events. Additionally, modifications to src/lib/helpers.ts incorporate this ABI for handling USDT transactions on the mainnet, improving transaction handling logic and introducing a new constant for testing purposes.

Changes

File	Change Summary
src/artifacts/usdtMainnetABI.json	Added a new JSON file defining the ABI for a smart contract, including function definitions and emitted events.
src/lib/helpers.ts	Updated to import usdtMainnetABI, modified handleErc20Transfer to use it, added a new constant contractAbiTEST.

Poem

In the land of code where rabbits play,
New ABIs hop in, brightening the day.
With functions and events, they dance and sing,
Enhancing our contracts, oh what joy they bring!
So let’s celebrate with a joyful cheer,
For every new change brings us closer, my dear! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (4)

src/artifacts/usdtMainnetABI.json (4)

70-85: USDT-specific functions extend functionality but raise centralization concerns.

The ABI includes USDT-specific functions such as issue, redeem, addBlackList, removeBlackList, and destroyBlackFunds. While these functions provide necessary features for USDT operations, they also introduce centralization risks:

1. The ability to issue and redeem tokens centrally controls the token supply.
2. Blacklisting functions allow for blocking specific addresses, which could be misused.
3. The destroyBlackFunds function allows for the destruction of funds, which is a powerful and potentially controversial capability.

These functions are correctly implemented from a technical standpoint, but their presence highlights the centralized nature of USDT compared to more decentralized cryptocurrencies.

Consider documenting the governance and oversight processes for these powerful functions to ensure transparency and build trust with users.

Also applies to: 400-430, 471-552

---

18-33: Administrative functions provide control but introduce centralization risks.

The ABI includes several administrative functions:

1. deprecate: Allows upgrading the contract to a new address.
2. pause and unpause: Enable freezing and unfreezing of all token transfers.
3. setParams: Allows changing fee parameters.
4. transferOwnership: Enables transferring contract ownership.

While these functions are necessary for contract management and upgrades, they introduce significant centralization risks:

• The ability to pause all transfers could be misused or exploited.
• Changing fee parameters could affect all token holders.
• The single-owner model is a potential single point of failure.

Consider implementing a multi-signature wallet or a time-lock mechanism for these critical functions to reduce centralization risks and increase security. Additionally, implement event logging for all administrative actions to ensure transparency.

Also applies to: 209-220, 299-310, 380-398, 522-536

---

577-730: Events provide good visibility, but could be improved.

The ABI includes a comprehensive set of events that cover both standard ERC20 operations (Transfer, Approval) and USDT-specific actions (Issue, Redeem, AddedBlackList, etc.). This provides good transparency and allows for effective monitoring of the contract's state and actions.

Consider adding indexed parameters to the Issue and Redeem events to make it easier to filter and search for these important events. For example:

-     "inputs":[
-        {
-           "indexed":false,
-           "name":"amount",
-           "type":"uint256"
-        }
-     ],
+     "inputs":[
+        {
+           "indexed":true,
+           "name":"to",
+           "type":"address"
+        },
+        {
+           "indexed":false,
+           "name":"amount",
+           "type":"uint256"
+        }
+     ],

This change would make it easier to track issuance and redemption events for specific addresses.

---

1-731: ABI is comprehensive but highlights centralized control.

The USDT Mainnet ABI is technically well-implemented and provides all necessary functionality for USDT operations on the Ethereum mainnet. It includes:

1. Standard ERC20 functions for basic token operations.
2. USDT-specific functions for issuance, redemption, and blacklisting.
3. Administrative functions for contract management and upgrades.
4. A comprehensive set of events for transparency and monitoring.

However, the ABI reveals a high degree of centralized control over the token, including the ability to pause transfers, destroy funds, and blacklist addresses. While these features may be necessary for regulatory compliance and security, they represent significant deviations from the decentralized ethos of many cryptocurrency projects.

For developers integrating with USDT, be aware of these centralized control mechanisms and their potential impact on your application. Consider implementing safeguards or alternatives in case of unexpected pauses or blacklisting. For the USDT team, consider implementing additional decentralization measures, such as multi-signature controls or decentralized governance, to mitigate centralization risks while maintaining necessary control features.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 19a91df and 428a9a3.

📒 Files selected for processing (2)

• src/artifacts/usdtMainnetABI.json (1 hunks)
• src/lib/helpers.ts (3 hunks)

🧰 Additional context used

🔇 Additional comments (3)

src/artifacts/usdtMainnetABI.json (1)

1-453: Standard ERC20 functions are correctly implemented.

The ABI includes all the required standard ERC20 functions (name, symbol, decimals, totalSupply, balanceOf, transfer, transferFrom, approve, allowance) with correct inputs, outputs, and visibility. This ensures compatibility with standard ERC20 token interfaces and wallets.

src/lib/helpers.ts (2)

22-22: Appropriate Import of usdtMainnetABI

The import statement correctly brings in the usdtMainnetABI from the specified path, which is necessary for handling USDT transactions on the mainnet.

---

396-399: Conversion from BigInt to Number is Safe and Correct

Converting decimals from bigint to number ensures compatibility with functions that expect a number type. Since decimals in ERC20 tokens are typically small integers, this conversion is appropriate.

[MohammadPCh]

Thanks @kkatusic LGTM