feat: add Etherscan label scraping and MetaMask phishing domain blocklist

- Add etherscanLabels module: scrapes Etherscan address pages for phishing/scam labels (Fake_Phishing*, Exploiter, scam warnings). Integrated as best-effort async check in addressWarnings. - Add phishingDomains module: fetches MetaMask's eth-phishing-detect blocklist (~231K domains) at runtime, caches in memory, refreshes every 24h. Checks hostnames with subdomain matching and whitelist overrides. - Integrate domain phishing checks into all approval flows: connection requests, transaction approvals, and signature requests show a prominent red warning banner when the requesting site is on the MetaMask blocklist. - Add unit tests for both modules (12 tests for etherscanLabels parsing, 15 tests for phishingDomains matching). Closes #114
2026-03-01 05:03:39 -08:00
parent 9eef2ea602
commit 01839d9c47
8 changed files with 594 additions and 0 deletions
--- a/src/popup/index.html
+++ b/src/popup/index.html
@@ -1149,6 +1149,20 @@
            <!-- ============ TRANSACTION APPROVAL ============ -->
            <div id="view-approve-tx" class="view hidden">
                <h2 class="font-bold mb-2">Transaction Request</h2>
+                <div
+                    id="approve-tx-phishing-warning"
+                    class="mb-3 p-2 text-xs font-bold hidden"
+                    style="
+                        background: #fee2e2;
+                        color: #991b1b;
+                        border: 2px solid #dc2626;
+                        border-radius: 6px;
+                    "
+                >
+                    ⚠️ PHISHING WARNING: This site is on MetaMask's phishing
+                    blocklist. This transaction may steal your funds. Proceed
+                    with extreme caution.
+                </div>
                <p class="mb-2">
                    <span id="approve-tx-hostname" class="font-bold"></span>
                    wants to send a transaction.
@@ -1215,6 +1229,20 @@
            <!-- ============ SIGNATURE APPROVAL ============ -->
            <div id="view-approve-sign" class="view hidden">
                <h2 class="font-bold mb-2">Signature Request</h2>
+                <div
+                    id="approve-sign-phishing-warning"
+                    class="mb-3 p-2 text-xs font-bold hidden"
+                    style="
+                        background: #fee2e2;
+                        color: #991b1b;
+                        border: 2px solid #dc2626;
+                        border-radius: 6px;
+                    "
+                >
+                    ⚠️ PHISHING WARNING: This site is on MetaMask's phishing
+                    blocklist. Signing this message may authorize theft of your
+                    funds. Proceed with extreme caution.
+                </div>
                <p class="mb-2">
                    <span id="approve-sign-hostname" class="font-bold"></span>
                    wants you to sign a message.
@@ -1284,6 +1312,20 @@
            <!-- ============ SITE APPROVAL ============ -->
            <div id="view-approve-site" class="view hidden">
                <h2 class="font-bold mb-2">Connection Request</h2>
+                <div
+                    id="approve-site-phishing-warning"
+                    class="mb-3 p-2 text-xs font-bold hidden"
+                    style="
+                        background: #fee2e2;
+                        color: #991b1b;
+                        border: 2px solid #dc2626;
+                        border-radius: 6px;
+                    "
+                >
+                    ⚠️ PHISHING WARNING: This site is on MetaMask's phishing
+                    blocklist. Connecting your wallet may result in loss of
+                    funds. Proceed with extreme caution.
+                </div>
                <div class="mb-3">
                    <p class="mb-2">
                        <span id="approve-hostname" class="font-bold"></span>