⚠️ PHISHING WARNING: This site is on MetaMask's phishing
blocklist. This transaction may steal your funds. Proceed
@@ -1231,13 +1237,7 @@
⚠️ PHISHING WARNING: This site is on MetaMask's phishing
blocklist. Signing this message may authorize theft of your
@@ -1314,13 +1314,7 @@
Connection Request
⚠️ PHISHING WARNING: This site is on MetaMask's phishing
blocklist. Connecting your wallet may result in loss of
diff --git a/src/popup/views/confirmTx.js b/src/popup/views/confirmTx.js
index 323487d..42d984d 100644
--- a/src/popup/views/confirmTx.js
+++ b/src/popup/views/confirmTx.js
@@ -248,6 +248,7 @@ function show(txInfo) {
$("confirm-recipient-warning").style.visibility = "hidden";
$("confirm-contract-warning").style.visibility = "hidden";
$("confirm-burn-warning").style.visibility = "hidden";
+ $("confirm-etherscan-warning").style.visibility = "hidden";
// Show burn warning via reserved element (in addition to inline warning)
if (isBurnAddress(txInfo.to)) {
@@ -311,6 +312,9 @@ async function checkRecipientHistory(txInfo) {
if (w.type === "new-address") {
$("confirm-recipient-warning").style.visibility = "visible";
}
+ if (w.type === "etherscan-phishing") {
+ $("confirm-etherscan-warning").style.visibility = "visible";
+ }
}
} catch (e) {
log.errorf("recipient history check failed:", e.message);
diff --git a/src/shared/addressWarnings.js b/src/shared/addressWarnings.js
index 986b800..5300b0e 100644
--- a/src/shared/addressWarnings.js
+++ b/src/shared/addressWarnings.js
@@ -62,38 +62,43 @@ function getLocalWarnings(address, options = {}) {
async function getFullWarnings(address, provider, options = {}) {
const warnings = getLocalWarnings(address, options);
+ let isContract = false;
try {
const code = await provider.getCode(address);
if (code && code !== "0x") {
+ isContract = true;
warnings.push({
type: "contract",
message:
"This address is a smart contract, not a regular wallet.",
severity: "warning",
});
- // If it's a contract, skip the tx count check — contracts
- // may legitimately have zero inbound EOA transactions.
- return warnings;
}
} catch (e) {
log.errorf("contract check failed:", e.message);
}
- try {
- const txCount = await provider.getTransactionCount(address);
- if (txCount === 0) {
- warnings.push({
- type: "new-address",
- message:
- "This address has never sent a transaction. Double-check it is correct.",
- severity: "info",
- });
+ // Skip tx count check for contracts — they may legitimately have
+ // zero inbound EOA transactions.
+ if (!isContract) {
+ try {
+ const txCount = await provider.getTransactionCount(address);
+ if (txCount === 0) {
+ warnings.push({
+ type: "new-address",
+ message:
+ "This address has never sent a transaction. Double-check it is correct.",
+ severity: "info",
+ });
+ }
+ } catch (e) {
+ log.errorf("tx count check failed:", e.message);
}
- } catch (e) {
- log.errorf("tx count check failed:", e.message);
}
// Etherscan label check (best-effort async — network failures are silent).
+ // Runs for ALL addresses including contracts, since many dangerous
+ // flagged addresses on Etherscan (drainers, phishing contracts) are contracts.
try {
const etherscanWarning = await checkEtherscanLabel(address);
if (etherscanWarning) {