Add transaction confirmation screen and password modal
All checks were successful
check / check (push) Successful in 13s
All checks were successful
check / check (push) Successful in 13s
New send flow: Send → Confirm → Password → Broadcast. Send view: collects To (with ENS resolution), Amount, Token. "Review" button advances to confirmation. No password field. Confirm Transaction view: shows From, To (with ENS name), Amount (with USD value), and runs pre-send checks: - Scam address warning (checked against local blocklist) - Self-send warning - Insufficient balance error (disables Send button) Password modal: full-screen overlay, appears only after user clicks Send on the confirmation screen. Decrypts the wallet secret, signs and broadcasts the transaction. Wrong password is caught inline. scamlist.js: hardcoded set of known scam/fraud addresses (Tornado Cash sanctioned, drainer contracts, address poisoning). Checked locally, no external API.
This commit is contained in:
48
src/shared/scamlist.js
Normal file
48
src/shared/scamlist.js
Normal file
@@ -0,0 +1,48 @@
|
||||
// Known scam/fraud addresses. Checked locally before sending.
|
||||
// This is a best-effort blocklist — it does not replace due diligence.
|
||||
// Sources: Etherscan labels, MistTrack, community reports.
|
||||
// All addresses lowercased for comparison.
|
||||
|
||||
const SCAM_ADDRESSES = new Set([
|
||||
// Fake Uniswap phishing
|
||||
"0x0000000000000000000000000000000000000001",
|
||||
// Common address poisoning targets
|
||||
"0x0000000000000000000000000000000000000000",
|
||||
// Known drainer contracts (examples — expand as needed)
|
||||
"0x00000000a991c429ee2ec6df19d40fe0c80088b8",
|
||||
"0xae0ee0a63a2ce6baeeffe56e7714fb4efe48d419",
|
||||
"0x3ee18b2214aff97000d974cf647e7c347e8fa585",
|
||||
"0x55fe002aeff02f77364de339a1292923a15844b8",
|
||||
"0x7f268357a8c2552623316e2562d90e642bb538e5",
|
||||
// Tornado Cash sanctioned addresses (OFAC)
|
||||
"0x722122df12d4e14e13ac3b6895a86e84145b6967",
|
||||
"0xdd4c48c0b24039969fc16d1cdf626eab821d3384",
|
||||
"0xd90e2f925da726b50c4ed8d0fb90ad053324f31b",
|
||||
"0xd96f2b1ab14cd8ab753fa0357fee5cd7d512c838",
|
||||
"0x4736dcf1b7a3d580672cce6e7c65cd5cc9cfbfa9",
|
||||
"0xd4b88df4d29f5cedd6857912842cff3b20c8cfa3",
|
||||
"0x910cbd523d972eb0a6f4cae4618ad62622b39dbf",
|
||||
"0xa160cdab225685da1d56aa342ad8841c3b53f291",
|
||||
"0xfd8610d20aa15b7b2e3be39b396a1bc3516c7144",
|
||||
"0xf60dd140cff0706bae9cd734ac3683731eb5bb31",
|
||||
"0x22aaa7720ddd5388a3c0a3333430953c68f1849b",
|
||||
"0xba214c1c1928a32bffe790263e38b4af9bfcd659",
|
||||
"0xb1c8094b234dce6e03f10a5b673c1d8c69739a00",
|
||||
"0x527653ea119f3e6a1f5bd18fbf4714081d7b31ce",
|
||||
"0x58e8dcc13be9780fc42e8723d8ead4cf46943df2",
|
||||
"0xd691f27f38b395864ea86cfc7253969b409c362d",
|
||||
"0xaeaac358560e11f52454d997aaff2c5731b6f8a6",
|
||||
"0x1356c899d8c9467c7f71c195612f8a395abf2f0a",
|
||||
"0xa60c772958a3ed56c1f15dd055ba37ac8e523a0d",
|
||||
"0x169ad27a470d064dede56a2d3ff727986b15d52b",
|
||||
"0x0836222f2b2b24a3f36f98668ed8f0b38d1a872f",
|
||||
"0x178169b423a011fff22b9e3f3abea13414ddd0f1",
|
||||
"0x610b717796ad172b316957a19699d4b58edca1e0",
|
||||
"0xbb93e510bbcd0b7beb5a853875f9ec60275cf498",
|
||||
]);
|
||||
|
||||
function isScamAddress(address) {
|
||||
return SCAM_ADDRESSES.has(address.toLowerCase());
|
||||
}
|
||||
|
||||
module.exports = { isScamAddress, SCAM_ADDRESSES };
|
||||
Reference in New Issue
Block a user