feat: enhance OFT token detection to block deposits

[dewanshparashar]

Issue that triggered this

User was able to transfer ENA token (which is OFT) via Canonical Arbitrum Bridge - which sent it to canonical arbitrum-bridged token counterpart instead of the custom (Arb)ENA token that was deployed via OFT. This prompted us to make our isLayerZeroToken() method more robust, which is supposed to block such deposits.

In this PR

1. Updated LayerZero / OFT token detection logic (see below)
2. Add tests for detection of Withdraw-only tokens

Description

The previous on-chain OFT detection was unreliable, as it missed tokens like ENA that don't expose the oftVersion() method. This caused user funds to be bridged to incorrect, non-OFT contracts on Arbitrum.

The new solution uses the LayerZero metadata API as the definitive source for identifying OFT tokens. This ensures accurate detection and prevents improper deposits by marking these tokens as withdraw-only (except USDT0 which is a special case as we have an existing integration for it's transfers).

How to test

Try depositing ENA token (0x57e114b691db790c35207b2e685d4a43181e6061) from Ethereum to Arbitrum One - it should be blocked. Withdrawals should be okay.

Closes FS-1277

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
arbitrum-token-bridge	✅ Ready (Inspect)	Visit Preview	Jul 1, 2025 1:02pm

[chrstph-dvx]

Looks like all values are defined, we can narrow down the type here

[chrstph-dvx]

Any reason we use axios over fetch here? We don't seem to leverage any of the utilities of axios