Add ERC20 approval race audit check

[mukejane]

Summary

• Add ERC20ApprovalRaceCheck to model the classic ERC-20 approve front-running race.
• Add vulnerable and safe fixture tokens for the approval-race pattern.
• Add Foundry tests proving the vulnerable fixture and the delta-based mitigation behavior.
• Add a companion Slither heuristic plus Python unit tests for unsafe approve allowance overwrites.
• Document the new check in the README.

Fixes #36

Validation

• python -m unittest discover -s slither/tests -p 'test_*.py' passes: 6 tests.
• python -m py_compile slither/detectors/custom_erc20_approval_race.py slither/tests/test_custom_erc20_approval_race.py passes.
• forge test -vvv --no-match-contract '^(Example|TestERC4626)' passes: 7 tests.
• git diff --check passes.

[abhicris]

Welcome to kcolbchain, @mukejane — glad you're here. 🌱

Here's what happens from this PR:

1. Our automated review looks for obvious issues (tests, secrets, size) within a couple of hours.
2. If it's clean and CI passes, we merge without back-and-forth.
3. If we need changes, we'll leave a specific comment — not a generic nit. Push another commit and we re-review.

While you wait:

• Run the repo's tests locally (see the repo README.md).
• Keep the PR scoped to one concern — bigger PRs land slower.
• Don't commit tokens or .env contents.

What happens after your first merge

• You're listed on https://kcolbchain.com/contributors/ (opt-out anytime via data/contributors-optout.txt).
• At 2+ merged PRs you're a Regular; at 5+ you're a Fellow — Fellows are the pool we invite first for paid research, partner-org gigs, and grant-funded work. Details: https://kcolbchain.com/docs/org-contribution-policy.html
• Looking for what to pick up next? https://kcolbchain.com/invitations/ lists open help-wanted / good-first-issue across every kcolbchain repo.

Thanks for writing the code. We're building this to last.

[mukejane]

Payout address for this bounty, if accepted/merged: Base USDC $addr

[mukejane]

Correction: payout address for this bounty, if accepted/merged: Base USDC 0x255969B3265958Dc0B8db1082843d0e7E82cb62d

[abhicris]

🤖 Audit verdict: safe

PR adds legitimate ERC-20 approval race audit detector with comprehensive tests and examples; no malicious payloads, credential leakage, supply-chain attacks, or critical logic bugs detected.

Audited by the kcolbchain PR pipeline. See pipeline docs.

[Pattermesh]

Closing in favor of the selected winning PR for this issue. Thank you for your contribution!