Token auto-discovery, tx history, balance polling, EIP-6963, UI overhaul

Major changes:
- Fetch token balances and tx history from Blockscout API (configurable)
- Remove manual token discovery (discoverTokens) in favor of Blockscout
- HD address gap scanning on mnemonic import
- Duplicate mnemonic detection on wallet add
- EIP-6963 multi-wallet discovery + selectedAddress updates in inpage
- Two-tier balance refresh: 10s while popup open, 60s background
- Fix $0.00 flash before prices load (return null when no prices)
- No-layout-shift: min-height on total value element
- Aligned balance columns (42ch address width, consistent USD column)
- All errors use flash messages instead of off-screen error divs
- Settings gear in global title bar, add-wallet moved to settings pane
- Settings wells with light grey background, configurable Blockscout URL
- Consistent "< Back" buttons top-left on all views
- Address titles (Address 1.1, 1.2, etc.) on main and detail views
- Send view shows current balance of selected asset
- Clickable affordance policy added to README
- Shortened mnemonic backup warning
- Fix broken background script constant imports

src/popup/views/addToken.js

@@ -1,16 +1,13 @@
-const { $, showError, hideError, showView } = require("./helpers");
+const { $, showView, showFlash } = require("./helpers");
 const { TOKENS } = require("../../shared/tokens");
 const { state, saveState } = require("../../shared/state");
-const {
-    lookupTokenInfo,
-    invalidateBalanceCache,
-    refreshBalances,
-} = require("../../shared/balances");
+const { lookupTokenInfo } = require("../../shared/balances");
+const { isScamAddress } = require("../../shared/scamlist");
+const { log } = require("../../shared/log");
 
 function show() {
     $("add-token-address").value = "";
     $("add-token-info").classList.add("hidden");
-    hideError("add-token-error");
     const list = $("common-token-list");
     list.innerHTML = TOKENS.slice(0, 25)
         .map(
@@ -30,8 +27,7 @@ function init(ctx) {
     $("btn-add-token-confirm").addEventListener("click", async () => {
         const contractAddr = $("add-token-address").value.trim();
         if (!contractAddr || !contractAddr.startsWith("0x")) {
-            showError(
-                "add-token-error",
+            showFlash(
                 "Please enter a valid contract address starting with 0x.",
             );
             return;
@@ -40,18 +36,20 @@ function init(ctx) {
             (t) => t.address.toLowerCase() === contractAddr.toLowerCase(),
         );
         if (already) {
-            showError(
-                "add-token-error",
-                already.symbol + " is already being tracked.",
-            );
+            showFlash(already.symbol + " is already being tracked.");
+            return;
+        }
+        if (isScamAddress(contractAddr)) {
+            showFlash("This address is on a known scam/fraud list.");
             return;
         }
-        hideError("add-token-error");
         const infoEl = $("add-token-info");
         infoEl.textContent = "Looking up token...";
         infoEl.classList.remove("hidden");
+        log.debugf("Looking up token contract", contractAddr);
         try {
             const info = await lookupTokenInfo(contractAddr, state.rpcUrl);
+            log.infof("Adding token", info.symbol, contractAddr);
             state.trackedTokens.push({
                 address: contractAddr,
                 symbol: info.symbol,
@@ -59,19 +57,12 @@ function init(ctx) {
                 name: info.name,
             });
             await saveState();
-            invalidateBalanceCache();
-            await refreshBalances(
-                state.wallets,
-                state.trackedTokens,
-                state.rpcUrl,
-            );
-            await saveState();
+            ctx.doRefreshAndRender();
             ctx.showAddressDetail();
         } catch (e) {
-            showError(
-                "add-token-error",
-                "Could not read token contract. Check the address.",
-            );
+            const detail = e.shortMessage || e.message || String(e);
+            log.errorf("Token lookup failed for", contractAddr, detail);
+            showFlash(detail);
             infoEl.classList.add("hidden");
         }
     });