[bug] ShieldedDelegationAccount: Spend limit only tracks ETH value, E/SRC20s #116
Description
if (S.spendLimit != 0) {
totalValue = _calculateTotalSpend(executionData);
_calculateTotalSpend only sums the value field of each sub-call (ETH). A session key with a 1 ETH spend limit can still drain all ERC-20 tokens. Porto
tracks per-token spend by inspecting transfer/transferFrom calldata and comparing balance deltas.