fix: etherscan label check runs for contracts, UI displays etherscan-phishing warnings

Bug 1: getFullWarnings returned early for contract addresses, skipping checkEtherscanLabel. Restructured to use isContract flag so the Etherscan check runs for all addresses (contracts are often the most dangerous). Bug 2: confirmTx.js only handled 'contract' and 'new-address' warning types, silently discarding 'etherscan-phishing'. Added confirm-etherscan-warning HTML element and handler in the async warnings loop. Style: converted inline style attributes on phishing warning banners (approve-tx, approve-sign, approve-site) to Tailwind utility classes (bg-red-100 text-red-800 border-2 border-red-600 rounded-md).
2026-03-01 05:11:54 -08:00
parent 01839d9c47
commit b8d81a4c8a
3 changed files with 38 additions and 35 deletions
--- a/src/shared/addressWarnings.js
+++ b/src/shared/addressWarnings.js
@@ -62,38 +62,43 @@ function getLocalWarnings(address, options = {}) {
 async function getFullWarnings(address, provider, options = {}) {
    const warnings = getLocalWarnings(address, options);

+    let isContract = false;
    try {
        const code = await provider.getCode(address);
        if (code && code !== "0x") {
+            isContract = true;
            warnings.push({
                type: "contract",
                message:
                    "This address is a smart contract, not a regular wallet.",
                severity: "warning",
            });
-            // If it's a contract, skip the tx count check — contracts
-            // may legitimately have zero inbound EOA transactions.
-            return warnings;
        }
    } catch (e) {
        log.errorf("contract check failed:", e.message);
    }

-    try {
-        const txCount = await provider.getTransactionCount(address);
-        if (txCount === 0) {
-            warnings.push({
-                type: "new-address",
-                message:
-                    "This address has never sent a transaction. Double-check it is correct.",
-                severity: "info",
-            });
+    // Skip tx count check for contracts — they may legitimately have
+    // zero inbound EOA transactions.
+    if (!isContract) {
+        try {
+            const txCount = await provider.getTransactionCount(address);
+            if (txCount === 0) {
+                warnings.push({
+                    type: "new-address",
+                    message:
+                        "This address has never sent a transaction. Double-check it is correct.",
+                    severity: "info",
+                });
+            }
+        } catch (e) {
+            log.errorf("tx count check failed:", e.message);
        }
-    } catch (e) {
-        log.errorf("tx count check failed:", e.message);
    }

    // Etherscan label check (best-effort async — network failures are silent).
+    // Runs for ALL addresses including contracts, since many dangerous
+    // flagged addresses on Etherscan (drainers, phishing contracts) are contracts.
    try {
        const etherscanWarning = await checkEtherscanLabel(address);
        if (etherscanWarning) {