Merge remote-tracking branch 'origin/develop' into fix/vault-editor-fixe

packages/web/src/constants/constants.ts

@@ -26,6 +26,8 @@ export const MAX_NFT_TIER = 3;
 export const stagingServiceUrl = "https://hats-backend-dev.herokuapp.com/v1";
 export const prodServiceUrl = "https://hats-backend-prod.herokuapp.com/v1";
 
+export const auditWizardVerifyService = "https://app.auditwizard.io:5000/submissions/finalizeHats";
+
 export const NFTContractDataProxy = {
   ["0xCCaadc293FaAEa229e0ca4A22B0330b65634b483".toLowerCase()]: "0x1d25bf3d0f8997282055a1a242fa2b146e7b4ec5",
   ["0x571f39d351513146248AcafA9D0509319A327C4D".toLowerCase()]: "0xe127be2bc276142039bc16251bb04e15b2b34f25",
@@ -120,4 +122,34 @@ export const HAT_TOKEN_ADDRESS_V1 = "0x436cA314A2e6FfDE52ba789b257b51DaCE778F1a"
 export const HAT_TOKEN_DECIMALS_V1 = "18";
 export const HAT_TOKEN_SYMBOL_V1 = "HAT";
 
-export const disallowedElementsMarkdown = ["script", "iframe", "img", "audio", "video", "object", "embed"];
+export const allowedElementsMarkdown = [
+  "h1",
+  "h2",
+  "h3",
+  "h4",
+  "h5",
+  "h6",
+  "p",
+  "a",
+  "ul",
+  "ol",
+  "li",
+  "strong",
+  "em",
+  "s",
+  "code",
+  "blockquote",
+  "pre",
+  "img",
+  "hr",
+  "br",
+  "table",
+  "thead",
+  "tbody",
+  "tr",
+  "th",
+  "td",
+  "caption",
+  "div",
+  "span",
+];

packages/web/src/languages/en.json

@@ -293,7 +293,7 @@
     "noOptions": "No options",
     "success": "Success",
     "failed": "Failed",
-    "peding": "Pending",
+    "pending": "Pending",
     "finishingVaultCreation": "Finishing vault creation",
     "weAreFinishingTheCreationOfVault": " Thanks for creating a new vault in Hats! \n\n We are finishing the creation of your vault. We need a couple more minutes. \n\n We will notify you via email you when the vault is created.",
     "executeTxOnGnosisForCreatingVault": " Thanks for creating a new vault in Hats! \n\n You just create the proposal for creating the vault in Safe app. Please approve and execute the transaction on the Safe app. \n\n We will notify you via email you when the vault is created.",
@@ -585,6 +585,23 @@
     "ofRewards": "of rewards",
     "maxRewardCap": "Max reward cap",
     "maxRewardCapExplanation": "This is the maximum amount that will be paid for a single submission.",
+    "clearSubmission": "Clear submission",
+    "clearSubmissionExplanation": "Are you sure you want to clear this submission? \n\n This will remove all the information of the submission.",
+    "clearForm": "Clear form",
+    "existingSubmission": "Existing submission",
+    "clearExistingSubmissionAuditWizardExplanation": "Attention, you have started to create a submission, in order to submit a new one from AuditWizard you need to remove the current one. \n\nAre you sure you want to clear this submission? \n This will remove all the information of the submission.",
+    "projectNotAvailable": "Project not available",
+    "projectNotAvailableExplanation": "The project on which you are attempting to submit a vulnerability is no longer available. \n\n If you think this is an error, please contact Hats support.",
+    "understand": "Understand",
+    "thereIsNoPublicSubmission": "There are no public submission for this vault yet.",
+    "gettingSubmissions": "Getting submissions",
+    "seeSubmissionsOnGithub": "See submissions on GitHub",
+    "openGithub": "Open GitHub",
+    "doYouWantToSeeSubmissionsOnGithub": "Do you want to see the submissions on GitHub?",
+    "submissionChanged": "Submission changed",
+    "submissionChangedExplanationAuditWizard": "The submission you are trying to edit has changed. \n\n If you want to edit the submission, please go back to Audit Wizard.",
+    "submissionNotValid": "Submission not valid",
+    "submissionNotValidExplanationAuditWizard": "The submission you are trying to edit is not valid. \n\n Please go back to Audit Wizard and try again.",
     "PGPTool": {
       "title": "PGP tool",
       "unlockPgpTool": "Unlock the PGP tool",
@@ -832,6 +849,8 @@
       "encryptedSubmission": "Encrypted submission",
       "encryptedSubmissionExplanation": "The submission is encrypted and only the committee can decrypt it.",
       "decryptedSubmissionExplanation": "The submission is decrypted and public. This normally happens on Audit Competitions.",
+      "submissionSubmittedViaAuditWizard": "Submission submitted via auditwizard.io",
+      "editSubmission": "Edit submission",
       "terms": {
         "bugBounty": {
           "submissionSection": "<p>Your submission will be sent to the committee who will process your submission.</p> <p>The committee of the vault will respond within 12 hours to acknowledge the receipt of submission via the communication channel you provided.<p/>",

packages/web/src/pages/CommitteeTools/SubmissionsTool/SubmissionDetailsPage/SubmissionDetailsPage.tsx

@@ -3,7 +3,7 @@ import LinkIcon from "@mui/icons-material/InsertLinkOutlined";
 import MDEditor from "@uiw/react-md-editor";
 import { Alert, Button, HatSpinner, WalletButton } from "components";
 import { useKeystore } from "components/Keystore";
-import { IPFS_PREFIX, disallowedElementsMarkdown } from "constants/constants";
+import { IPFS_PREFIX, allowedElementsMarkdown } from "constants/constants";
 import { RoutePaths } from "navigation";
 import { useEffect } from "react";
 import { useTranslation } from "react-i18next";
@@ -84,7 +84,7 @@ export const SubmissionDetailsPage = () => {
                       <SubmissionCard submission={submission} noActions />
 
                       <MDEditor.Markdown
-                        disallowedElements={disallowedElementsMarkdown}
+                        allowedElements={allowedElementsMarkdown}
                         className="submission-content"
                         source={submission?.submissionDataStructure?.content}
                       />

packages/web/src/pages/Honeypots/VaultDetailsPage/Sections/VaultScopeSection/EnvSetupSection/EnvSetupSection.tsx

@@ -1,7 +1,7 @@
 import { IVault } from "@hats-finance/shared";
 import MDEditor from "@uiw/react-md-editor";
 import { Pill } from "components";
-import { disallowedElementsMarkdown } from "constants/constants";
+import { allowedElementsMarkdown } from "constants/constants";
 import { useTranslation } from "react-i18next";
 
 type EnvSetupSectionProps = {
@@ -20,7 +20,7 @@ export const EnvSetupSection = ({ vault }: EnvSetupSectionProps) => {
       </div>
 
       <MDEditor.Markdown
-        disallowedElements={disallowedElementsMarkdown}
+        allowedElements={allowedElementsMarkdown}
         source={vault.description?.scope?.protocolSetupInstructions.instructions}
         style={{ whiteSpace: "normal", fontSize: "var(--xsmall)", background: "transparent", color: "var(--white)" }}
       />

packages/web/src/pages/Honeypots/VaultDetailsPage/Sections/VaultScopeSection/InScopeSection/InScopeSection.tsx

@@ -13,8 +13,8 @@ import TerminalIcon from "@mui/icons-material/Terminal";
 import ContractsIcon from "@mui/icons-material/ViewInAr";
 import ContractsTwoIcon from "@mui/icons-material/ViewWeekOutlined";
 import MDEditor from "@uiw/react-md-editor";
-import { Alert, Button, CopyToClipboard, Pill, WithTooltip } from "components";
-import { disallowedElementsMarkdown } from "constants/constants";
+import { Alert, Button, CopyToClipboard, Loading, Pill, WithTooltip } from "components";
+import { allowedElementsMarkdown } from "constants/constants";
 import { defaultAnchorProps } from "constants/defaultAnchorProps";
 import { useEffect, useState } from "react";
 import { useTranslation } from "react-i18next";
@@ -50,7 +50,7 @@ export const InScopeSection = ({ vault }: InScopeSectionProps) => {
     getRepoContractsList();
   }, [vault.description?.scope?.reposInformation]);
 
-  if (!vault.description) return null;
+  if (!vault.description) return <Loading fixed extraText={`${t("loading")}...`} />;
 
   const contractsCovered = severitiesToContractsCoveredForm(vault.description?.severities);
   const docsLink = vault.description.scope?.docsLink;
@@ -161,7 +161,7 @@ export const InScopeSection = ({ vault }: InScopeSectionProps) => {
 
           <div className="section-content">
             <MDEditor.Markdown
-              disallowedElements={disallowedElementsMarkdown}
+              allowedElements={allowedElementsMarkdown}
               source={vault.description?.scope?.description}
               style={{ whiteSpace: "normal", fontSize: "var(--xsmall)", background: "transparent", color: "var(--white)" }}
             />
@@ -219,7 +219,9 @@ export const InScopeSection = ({ vault }: InScopeSectionProps) => {
           </>
         )
       ) : (
-        <Alert type="info">{t("loadingContractsOnRepo")}</Alert>
+        <Alert type="info" className="mb-4">
+          {t("loadingContractsOnRepo")}
+        </Alert>
       )}
 
       {/* Contracts covered */}

packages/web/src/pages/Honeypots/VaultDetailsPage/Sections/VaultScopeSection/OutOfScopeSection/OutOfScopeSection.tsx

@@ -1,6 +1,6 @@
 import { IVault } from "@hats-finance/shared";
 import MDEditor from "@uiw/react-md-editor";
-import { disallowedElementsMarkdown } from "constants/constants";
+import { allowedElementsMarkdown } from "constants/constants";
 
 type OutOfScopeSectionProps = {
   vault: IVault;
@@ -12,7 +12,7 @@ export const OutOfScopeSection = ({ vault }: OutOfScopeSectionProps) => {
   return (
     <div className="subsection-container">
       <MDEditor.Markdown
-        disallowedElements={disallowedElementsMarkdown}
+        allowedElements={allowedElementsMarkdown}
         source={vault.description.scope.outOfScope}
         style={{ whiteSpace: "normal", fontSize: "var(--xsmall)", background: "transparent", color: "var(--white)" }}
       />

packages/web/src/pages/Honeypots/VaultDetailsPage/Sections/VaultScopeSection/SeverityLevelsSection/SeverityLevelsSection.tsx

@@ -1,7 +1,7 @@
 import { IVault, IVulnerabilitySeverity } from "@hats-finance/shared";
 import MDEditor from "@uiw/react-md-editor";
 import { Pill } from "components";
-import { disallowedElementsMarkdown } from "constants/constants";
+import { allowedElementsMarkdown } from "constants/constants";
 import { getSeveritiesColorsArray } from "hooks/severities/useSeverityRewardInfo";
 import { StyledSeverityLevelsSection } from "./styles";
 
@@ -20,7 +20,7 @@ export const SeverityLevelsSection = ({ vault }: SeverityLevelsSectionProps) =>
         <div className="severity" key={idx}>
           <Pill isSeverity transparent text={severity.name} textColor={severityColors[idx]} />
           <MDEditor.Markdown
-            disallowedElements={disallowedElementsMarkdown}
+            allowedElements={allowedElementsMarkdown}
             className="mt-4 pl-2"
             source={severity.description}
             style={{ whiteSpace: "normal", fontSize: "var(--xsmall)", background: "transparent", color: "var(--white)" }}

packages/web/src/pages/Honeypots/VaultDetailsPage/Sections/VaultSubmissionsSection/PublicSubmissionCard/PublicSubmissionCard.tsx

@@ -0,0 +1,52 @@
+import { IVault, IVulnerabilitySeverity } from "@hats-finance/shared";
+import MDEditor from "@uiw/react-md-editor";
+import { Pill } from "components";
+import { allowedElementsMarkdown } from "constants/constants";
+import { getSeveritiesColorsArray } from "hooks/severities/useSeverityRewardInfo";
+import moment from "moment";
+import { IGithubIssue } from "pages/Honeypots/VaultDetailsPage/types";
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { StyledPublicSubmissionCard } from "./styles";
+
+type PublicSubmissionCardProps = {
+  vault: IVault;
+  submission: IGithubIssue;
+};
+
+function PublicSubmissionCard({ vault, submission }: PublicSubmissionCardProps) {
+  const { t } = useTranslation();
+
+  const [isOpen, setIsOpen] = useState(false);
+
+  const severityColors = getSeveritiesColorsArray(vault);
+  const severityIndex =
+    submission.severity &&
+    vault?.description?.severities.findIndex((sev: IVulnerabilitySeverity) =>
+      sev.name.toLowerCase().includes(submission.severity ?? "")
+    );
+
+  return (
+    <StyledPublicSubmissionCard isOpen={isOpen}>
+      <div className="card-header" onClick={() => setIsOpen((prev) => !prev)}>
+        <div className="severity">
+          <Pill textColor={severityColors[severityIndex ?? 0]} isSeverity text={submission.severity ?? t("noSeverity")} />
+        </div>
+        <p className="date">{moment(submission.createdAt).format("Do MMM YYYY - hh:mma")}</p>
+        <p className="submission-title">{submission.issueData.issueTitle}</p>
+      </div>
+
+      <div className="card-content">
+        <MDEditor.Markdown
+          allowedElements={allowedElementsMarkdown}
+          className="submission-content"
+          source={submission.issueData.issueDescription
+            .replace("\n**Submission hash", "\\\n**Submission hash")
+            .replace("\n**Severity:**", "\\\n**Severity:**")}
+        />
+      </div>
+    </StyledPublicSubmissionCard>
+  );
+}
+
+export default PublicSubmissionCard;

packages/web/src/pages/Honeypots/VaultDetailsPage/Sections/VaultSubmissionsSection/PublicSubmissionCard/styles.ts

@@ -0,0 +1,56 @@
+import styled, { css } from "styled-components";
+import { getSpacing } from "styles";
+
+export const StyledPublicSubmissionCard = styled.div<{ isOpen: boolean }>(
+  ({ isOpen }) => css`
+    position: relative;
+
+    .card-header {
+      position: relative;
+      display: flex;
+      flex-direction: column;
+      gap: ${getSpacing(1.5)};
+      border: 1px solid var(--primary-light);
+      padding: ${getSpacing(3)} ${getSpacing(4)};
+      background: var(--background-2);
+      cursor: pointer;
+      transition: 0.2s;
+
+      &:hover {
+        border-color: var(--primary);
+      }
+
+      .date {
+        position: absolute;
+        top: ${getSpacing(3)};
+        right: ${getSpacing(4)};
+      }
+
+      .submission-title {
+        font-size: var(--small);
+        padding-left: ${getSpacing(1)};
+        font-weight: 700;
+      }
+    }
+
+    .card-content {
+      overflow: hidden;
+      height: 0;
+
+      ${isOpen &&
+      css`
+        height: auto;
+      `}
+
+      .submission-content {
+        white-space: normal;
+        font-size: var(--xsmall);
+        background: var(--background-3);
+        padding: ${getSpacing(3)} ${getSpacing(4)};
+        color: var(--white);
+        border: 1px solid var(--primary-light);
+        border-top: none;
+      }
+    }
+  `
+);

packages/web/src/pages/Honeypots/VaultDetailsPage/Sections/VaultSubmissionsSection/VaultSubmissionsSection.tsx

@@ -0,0 +1,68 @@
+import { IVault } from "@hats-finance/shared";
+import OpenIcon from "@mui/icons-material/OpenInNewOutlined";
+import { Alert, Button, HatSpinner } from "components";
+import useConfirm from "hooks/useConfirm";
+import { useTranslation } from "react-i18next";
+import { useSavedSubmissions, useVaultRepoName } from "../../hooks";
+import PublicSubmissionCard from "./PublicSubmissionCard/PublicSubmissionCard";
+import { StyledSubmissionsSection } from "./styles";
+
+type VaultSubmissionsSectionProps = {
+  vault: IVault;
+  noDeployed?: boolean;
+};
+
+export const VaultSubmissionsSection = ({ vault }: VaultSubmissionsSectionProps) => {
+  const { t } = useTranslation();
+  const confirm = useConfirm();
+
+  const { data: savedSubmissions, isLoading } = useSavedSubmissions(vault);
+  const { data: repoName } = useVaultRepoName(vault);
+
+  const goToGithubIssues = async () => {
+    if (!repoName) return;
+
+    const githubLink = `https://github.com/hats-finance/${repoName}/issues`;
+
+    const wantToGo = await confirm({
+      title: t("openGithub"),
+      titleIcon: <OpenIcon className="mr-2" fontSize="large" />,
+      description: t("doYouWantToSeeSubmissionsOnGithub"),
+      cancelText: t("no"),
+      confirmText: t("yesGo"),
+    });
+
+    if (!wantToGo) return;
+    window.open(githubLink, "_blank");
+  };
+
+  return (
+    <StyledSubmissionsSection>
+      <h2>
+        {t("submissions")}
+
+        {repoName && (
+          <Button className="ml-3" styleType="text" textColor="secondary" onClick={goToGithubIssues}>
+            {t("seeSubmissionsOnGithub")}
+          </Button>
+        )}
+      </h2>
+
+      {savedSubmissions?.length === 0 && (
+        <Alert className="mt-5 mb-5" type="info">
+          {t("thereIsNoPublicSubmission")}
+        </Alert>
+      )}
+
+      {isLoading && <HatSpinner text={`${t("gettingSubmissions")}...`} />}
+
+      {savedSubmissions && savedSubmissions?.length > 0 && (
+        <div className="public-submissions">
+          {savedSubmissions.map((submission) => (
+            <PublicSubmissionCard key={submission._id} vault={vault} submission={submission} />
+          ))}
+        </div>
+      )}
+    </StyledSubmissionsSection>
+  );
+};

packages/web/src/pages/Honeypots/VaultDetailsPage/Sections/VaultSubmissionsSection/styles.ts

@@ -0,0 +1,13 @@
+import styled from "styled-components";
+import { getSpacing } from "styles";
+
+export const StyledSubmissionsSection = styled.div`
+  padding-bottom: ${getSpacing(10)};
+
+  .public-submissions {
+    margin-top: ${getSpacing(3)};
+    display: flex;
+    flex-direction: column;
+    gap: ${getSpacing(3)};
+  }
+`;

packages/web/src/pages/Honeypots/VaultDetailsPage/Sections/index.ts

@@ -1,3 +1,4 @@
 export { VaultRewardsSection } from "./VaultRewardsSection/VaultRewardsSection";
 export { VaultScopeSection } from "./VaultScopeSection/VaultScopeSection";
 export { VaultDepositsSection } from "./VaultDepositsSection/VaultDepositsSection";
+export { VaultSubmissionsSection } from "./VaultSubmissionsSection/VaultSubmissionsSection";