approved tokens list

[dimalinux]

I find it too painful to pass --token ... every time to ./swapcli balances. I find myself having to lookup the token address every time and I even forget which tokens I have. I'm going to propose a possible solution, but anyone who thinks they have a better idea please add commentary.

Solution: We have a tokens.yml file in ${DATA_DIR}/${ENV}. I'm picking YAML instead of JSON so users can add comments. In the file is a list of addresses of tokens that an individual user has verified. These tokens are always shown by the balances subcommand to swapcli and an entry is required if a user wants to take an offer for that token. This will prevent users from taking a token that has a deceptive symbol name, say USDT, but isn't at the official USDT address.

Open questions: Would the user always edit this file by hand, or would we have a swapcli subcommand to add an entry? If the file does not exist, we can always create a template version with no entries to help the user.

[noot]

yeah, this relates to #178, we should probably implement a whitelist for tokens

[stubbrn]

Isn't a "hard" whitelist adding too much friction ?

I would suggest that all offers should still be available but with proper warnings when not from verified tokens (as seen for example in the screenshots here: #495)

[dimalinux]

I would suggest that all offers should still be available but with proper warnings when not from verified tokens

Yeah, in the CLI we could add the text (verified) when the token is in the whitelist and allow the user to take the offer even if it is not verified. ... but nudge them towards adding any tokens they want to swap to their own whitelist in the documentation.