Skip to content

Commit d0d7672

Browse files
Initial commit
0 parents  commit d0d7672

21 files changed

Lines changed: 4913 additions & 0 deletions

.editorconfig

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
root = true
2+
3+
[*]
4+
charset = utf-8
5+
end_of_line = lf
6+
indent_style = space
7+
indent_size = 2
8+
insert_final_newline = true
9+
trim_trailing_whitespace = true
10+
11+
[*.md]
12+
trim_trailing_whitespace = false

.env.example

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
# Active network: mainnet | sepolia
2+
VITE_CHAIN=mainnet

.github/workflows/ci.yml

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
name: CI
2+
3+
on:
4+
pull_request:
5+
push:
6+
branches:
7+
- main
8+
9+
permissions:
10+
contents: read
11+
12+
jobs:
13+
build:
14+
runs-on: ubuntu-latest
15+
16+
steps:
17+
- name: Checkout
18+
uses: actions/checkout@v4
19+
20+
- name: Setup Node
21+
uses: actions/setup-node@v4
22+
with:
23+
node-version: 20
24+
cache: npm
25+
26+
- name: Install
27+
run: npm ci
28+
29+
- name: Test
30+
run: npm test
31+
32+
- name: Production dependency audit
33+
run: npm run audit:prod
34+
35+
- name: Build
36+
run: npm run build

.gitignore

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
node_modules/
2+
dist/
3+
coverage/
4+
.wrangler/
5+
6+
.env
7+
.env.*
8+
!.env.example
9+
10+
.DS_Store
11+
*.log
12+
npm-debug.log*
13+
yarn-debug.log*
14+
yarn-error.log*
15+
pnpm-debug.log*

CONTRIBUTING.md

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
# Contributing
2+
3+
Thanks for helping improve ERC20 Multisend Template.
4+
5+
## Local Setup
6+
7+
```bash
8+
npm ci
9+
cp .env.example .env
10+
npm run dev
11+
```
12+
13+
## Checks
14+
15+
Run these before opening a pull request:
16+
17+
```bash
18+
npm test
19+
npm run build
20+
npm run audit:prod
21+
```
22+
23+
## Pull Requests
24+
25+
- Keep changes focused and easy to review.
26+
- Include a short explanation of user-visible behavior changes.
27+
- Do not commit secrets, private keys, `.env` files, build output, or `node_modules`.
28+
- For Permit2, token approval, CSV parsing, or transaction-flow changes, include a manual test note.
29+
30+
## Security-Sensitive Changes
31+
32+
This app handles token approvals and token transfers. Please be conservative with
33+
changes to signing, spender addresses, allowance checks, and calldata generation.

LICENSE

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
MIT License
2+
3+
Copyright (c) 2026 RedDuck Limited
4+
5+
Permission is hereby granted, free of charge, to any person obtaining a copy
6+
of this software and associated documentation files (the "Software"), to deal
7+
in the Software without restriction, including without limitation the rights
8+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9+
copies of the Software, and to permit persons to whom the Software is
10+
furnished to do so, subject to the following conditions:
11+
12+
The above copyright notice and this permission notice shall be included in all
13+
copies or substantial portions of the Software.
14+
15+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21+
SOFTWARE.

README.md

Lines changed: 126 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,126 @@
1+
# ERC20 Multisend Template
2+
3+
A browser-only React + Vite template for sending one ERC20 token to many
4+
recipients with Uniswap Permit2.
5+
6+
The app lets a sender choose any ERC20 token on the configured network, approve
7+
Permit2 once for that token, paste or upload recipient rows, and send the batch
8+
with one Permit2 signature plus one transaction.
9+
10+
## Features
11+
12+
- Any ERC20 token address can be entered in the UI.
13+
- Recipient rows use a strict `address,amount` format with no header row.
14+
- Duplicate recipients are detected before sending.
15+
- Balance, allowance, gas, and block-limit checks run before broadcast.
16+
- No backend, no server-held keys, and no token-specific config.
17+
- Ready for Vercel or Cloudflare Workers static-assets deployment.
18+
19+
## Important Security Note
20+
21+
This template is not audited. It is useful starter code, but you should review
22+
and test it before using valuable tokens. The setup step grants Permit2 a high
23+
allowance for the selected token. Users can revoke that allowance later with a
24+
wallet or allowance management tool.
25+
26+
## How It Works
27+
28+
1. Connect an injected wallet such as MetaMask.
29+
2. Enter an ERC20 token contract address on the selected network.
30+
3. The app reads token metadata, balance, and the wallet's Permit2 allowance.
31+
4. Approve Permit2 once with standard ERC20 `approve`.
32+
5. Paste or upload recipient rows.
33+
6. Sign the Permit2 batch transfer and submit one transaction.
34+
35+
Private keys stay in the wallet. The app runs fully in the browser.
36+
37+
## Recipient Format
38+
39+
Use one recipient per line with two comma-separated values: recipient address,
40+
then token amount.
41+
42+
```csv
43+
0x0000000000000000000000000000000000000000,100
44+
0x1111111111111111111111111111111111111111,250.5
45+
```
46+
47+
Do not include a header row. Every non-empty row is parsed as a recipient row.
48+
49+
## Permit2 Flow
50+
51+
The template uses the canonical Uniswap Permit2 contract:
52+
53+
```text
54+
0x000000000022D473030F116dDEE9F6B43aC78BA3
55+
```
56+
57+
Generic ERC20 tokens cannot be assumed to support EIP-2612 `permit`, so setup
58+
uses a normal ERC20 `approve(Permit2, max)` transaction. The actual multisend
59+
uses Permit2 `permitTransferFrom`: the sender signs typed data for the batch,
60+
then submits one transaction that transfers every row.
61+
62+
## Local Development
63+
64+
```bash
65+
npm ci
66+
cp .env.example .env
67+
npm run dev
68+
```
69+
70+
The default app runs on Ethereum Mainnet. Change `VITE_CHAIN` in `.env` to use
71+
another configured network.
72+
73+
## Configuration
74+
75+
`src/config.js` defines supported networks. The template currently includes:
76+
77+
- `mainnet`
78+
- `sepolia`
79+
80+
To add another EVM network, add a chain entry with:
81+
82+
- `key`
83+
- `chainId`
84+
- `hexChainId`
85+
- `name`
86+
- `native`
87+
- `explorer`
88+
89+
## Checks
90+
91+
```bash
92+
npm test
93+
npm run build
94+
npm run audit:prod
95+
```
96+
97+
`npm run audit:prod` audits production dependencies only. Development tooling
98+
may report transitive audit warnings depending on the npm registry state.
99+
100+
## Deployment
101+
102+
Vercel works with the included `vercel.json`.
103+
104+
For Cloudflare Workers static assets:
105+
106+
```bash
107+
npm run build
108+
npm run deploy
109+
```
110+
111+
Set `VITE_CHAIN` in your hosting provider's environment variables if you do not
112+
want the default `mainnet` setting.
113+
114+
## Repository Hygiene
115+
116+
Do not commit:
117+
118+
- `.env` files
119+
- private keys or API secrets
120+
- `node_modules`
121+
- `dist`
122+
- `.wrangler`
123+
124+
## License
125+
126+
MIT

SECURITY.md

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
# Security Policy
2+
3+
## Reporting a Vulnerability
4+
5+
Please report security issues privately through GitHub Security Advisories when
6+
the repository is hosted on GitHub. If advisories are not enabled yet, contact
7+
the maintainers privately before publishing details.
8+
9+
## Scope
10+
11+
Security-sensitive areas include:
12+
13+
- Permit2 spender and typed-data signing flow.
14+
- ERC20 approval behavior.
15+
- Token and recipient parsing.
16+
- Transaction simulation and gas-limit checks.
17+
- Anything that could redirect funds or approvals.
18+
19+
## Important Notes
20+
21+
This template is not audited. Review and test it carefully before using it with
22+
valuable tokens. The default approval flow grants Permit2 a high allowance for
23+
the selected ERC20 token, which users can revoke later with a wallet or allowance
24+
management tool.

index.html

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
<!doctype html>
2+
<html lang="en">
3+
<head>
4+
<meta charset="UTF-8" />
5+
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
6+
<title>ERC20 Multisend</title>
7+
</head>
8+
<body>
9+
<div id="root"></div>
10+
<script type="module" src="/src/main.jsx"></script>
11+
</body>
12+
</html>

0 commit comments

Comments
 (0)