- Delete buttons now use [x] with border, matching token and site
removal patterns in settings
- Wallet names are click-to-rename (inline input), matching the
home view rename UX
- Per-wallet [delete] links in settings wallet list
- Monochrome styling throughout, no red/danger colors
- Password confirmation modal with warning text
- Cleans up site permissions for deleted addresses
- Switches to first remaining wallet or shows welcome if none left
- Remove all red/danger styling, use standard monochrome colors
- Add wallet picker dropdown instead of relying on selectedWallet
- Fix encryptedSecret field name (was wallet.encrypted)
- Populate dropdown when settings view opens
- Confirmation modal uses standard border styling
The approval ID was changed from sequential integers to crypto.randomUUID()
strings for security, but the popup still called parseInt() on it, which
converted the UUID to NaN. This caused every approval lookup to fail,
preventing the confirmation popup from displaying pending tx/sign requests.
Names fetched from CoinGecko bulk API (100% coverage).
URLs sourced from ethereum-lists GitHub repo + manual curation
for major tokens. Some lesser-known tokens have empty URLs which
can be populated incrementally.
- Update Architecture tree to match actual src/ structure
- Fix settings button to have border and hover state (Clickable Affordance)
- Cap truncateMiddle to remove at most 10 chars (anti-spoofing guard)
- Raise caller floor from 10 to 32 chars for address display
- Fill in default RPC URL (ethereum-rpc.publicnode.com)
- Fix dependencies table intro (four runtime libs, not two)
- Clean up TODO section: remove all completed items
- Add RULES.md: concise audit checklist derived from README policies
- Update Architecture tree to match actual src/ structure
- Fix settings button to have border and hover state (Clickable Affordance)
- Cap truncateMiddle to remove at most 10 chars (anti-spoofing guard)
- Raise caller floor from 10 to 32 chars for address display
- Fill in default RPC URL (ethereum-rpc.publicnode.com)
- Fix dependencies table intro (four runtime libs, not two)
- Clean up TODO section: remove all completed items
- Display full-precision amount (no 4-decimal truncation) in the
transaction detail view, with native quantity (wei/base units) below
- Both amount and native quantity are click-copyable
- Show wallet/address title above from/to when the address is ours
- Update README Display Consistency to document the exception
Reserve vertical space with min-height and placeholders for all
elements populated by async data: per-address USD totals, ETH price
display, token balance containers, and total value sub-line. Prevents
buttons and click targets from moving when price API responds.
Replace stub error handlers with full approval flow for personal_sign,
eth_sign, eth_signTypedData_v4, and eth_signTypedData. Uses toolbar
popup only (no fallback window) and keeps sign approvals pending across
popup close/reopen cycles so the user can respond via the toolbar icon.
Token balances from Blockscout are now filtered before display.
A token only appears if it meets at least one criterion:
- In the known 511-token list (by contract address)
- Explicitly tracked by the user (added via + Token)
- Has >= 1,000 holders on-chain
Also rejects tokens spoofing a known symbol from a different
contract address (same check used for transaction filtering).
This prevents airdropped spam tokens like "OpenClaw" from
appearing in the wallet without the user ever tracking them.
Contract interactions (approve, swap, etc.) now display the method
name and token symbol instead of the meaningless 0 ETH value.
Blockscout provides the method name and whether the target is a
contract — parseTx uses these plus TOKEN_BY_ADDRESS to produce
labels like "Approve USDT" or "Swap LINK".
Added directionLabel field to parsed transactions so renderers
don't need to know about the sent/received/contract distinction.
Also: clicking a transaction on the home screen now opens the
transaction detail view instead of navigating to the address
detail view.
The dust filter was hiding contract interactions (approve, transfer,
etc.) because they have 0 ETH value, which falls below the dust
threshold. Contract calls with 0 ETH are normal — only plain ETH
transfers should be checked against the dust threshold.
Also captures is_contract and method from Blockscout's transaction
response for future use in transaction display.
Previously the approval popup closed immediately after the user
entered their password, giving zero feedback about whether the
transaction was broadcast or confirmed. Now:
1. Background sends the broadcast result back to the popup via
sendResponse callback (txHash or error)
2. Popup shows wait-tx screen on success (with polling timer)
or error-tx screen on failure
3. Wait-tx polls for confirmation and transitions to success-tx
4. Done button closes the approval window
txStatus.init() moved before the approval early-return so the
wait/success/error views are wired up in the approval popup.
Done buttons detect the approval context and call window.close()
instead of navigating to address detail.
Delete src/shared/tokens.js and migrate all consumers to
src/shared/tokenList.js which has 511 tokens (vs ~150) sourced
from CoinGecko with on-chain verified decimals.
- prices.js: getTopTokenPrices now from tokenList
- transactions.js: KNOWN_SYMBOLS now from tokenList (3.4x more
symbols for spoof detection)
- send.js: KNOWN_SYMBOLS for token dropdown filtering
- approval.js: uses pre-built TOKEN_BY_ADDRESS map instead of
constructing its own from TOKENS array
- addToken.js: uses getTopTokens(25) for quick-pick buttons
(only top 25 shown, not all 511)
New module with top Ethereum mainnet ERC-20 tokens sourced from
CoinGecko API (market cap ranking) with decimals verified on-chain
via eth_call to each contract. Addresses are EIP-55 checksummed.
Exports:
- TOKENS: full array ordered by market cap
- TOKEN_BY_ADDRESS: Map of lowercase address -> token info
- KNOWN_SYMBOLS: Map of uppercase symbol -> legitimate address
- getTopTokens(n): return first n tokens
This module is not yet integrated into the existing token.js — it
exists alongside it for now as a data source ready for integration.
The tx approval screen now decodes known ERC-20 function calls
(approve, transfer) and shows them in plain language instead of
raw hex. For the Uniswap approve example, the user now sees:
Action: Token Approval
Approve spending of your USDT
Token: USDT (with full contract address + etherscan link)
Spender: (full address + etherscan link)
Amount: Unlimited
Known tokens from the built-in list show their symbol. Unknown
tokens show the contract address. Max uint256 approvals are
labeled "Unlimited". The raw data is still shown below in a
scrollable area for verification.
Also labels the "To" field as "Contract" since dApp transactions
are always contract calls, and shows the token symbol above the
contract address when recognized.
When sending an ERC-20 token, Blockscout returns the same tx hash
from both the /transactions endpoint (as a 0 ETH contract call) and
the /token-transfers endpoint (as the actual token transfer with
amount and symbol). The old dedup logic kept the 0 ETH version and
skipped the token transfer.
Now token transfers replace normal transactions with the same hash,
since the token transfer has the real amount, symbol, and contract
address.
Creates a centralized transactionDetail.js view module, replacing
the duplicated showTxDetail/copyableHtml/blockieHtml/txDetailAddressHtml
code that was in both addressDetail.js and addressToken.js (~120 lines
removed). Transaction data is stored in state.viewData and persisted,
so the transaction detail view survives popup close/reopen.
Adds viewData to persisted state. Each view that needs data for
restore stores it in state.viewData before rendering. The ctx object
now has showTransactionDetail() alongside all other show methods.
Restorable views expanded to include: transaction (via viewData.tx),
success-tx (via viewData.hash/blockNumber), error-tx (via
viewData.message). txStatus.js split into show (sets data) + render
(reads data) for each screen, enabling restore.
Non-restorable views (send, confirm-tx, wait-tx, add-wallet,
import-key, add-token) fall back to the nearest parent since they
involve active form state or network polling.
The current view, selected wallet, selected address, and selected
token are now saved to extension storage. When the popup reopens,
it restores to the last visited view instead of always returning
to the home screen.
Restorable views: main, address detail, address-token, receive,
settings. Non-restorable views (send, confirm, tx status, forms)
fall back to the nearest parent. Stored indices are validated
against current wallet data to handle stale references.
Also refactors receive view setup into a centralized receive.show()
function, eliminating duplicate QR/address/warning code from
addressDetail.js, addressToken.js, and home.js. Adds settings.show()
to centralize settings field population.
Covers rationale, hard guidelines (always/never), external service
details (RPC, Blockscout, CoinDesk APIs with what data is sent),
encryption model, installation, wallet management, sending/receiving,
web3 site connections, scam protection, settings, and FAQ.
Written for a technical cryptocurrency user who is not a programmer.
Complete rewrite of the Screen Map section documenting all 17 views:
Welcome, Home, AddWallet, ImportKey, AddressDetail, AddressToken,
Send, ConfirmTx, WaitTx, SuccessTx, ErrorTx, Receive,
TransactionDetail, AddToken, Settings, SiteApproval, TxApproval.
Each view documents its elements (with display details like blockies,
color dots, etherscan links, formatting) and all state transitions
with their destination screens and conditions.
After broadcast, the user is taken to a full-screen wait view showing
the amount, recipient, tx hash (copyable + etherscan link), and a
count-up timer. The view polls every 10 seconds for confirmation.
On confirmation: navigates to success screen showing block number,
tx hash, and a Done button that returns to the address view.
On 60-second timeout or error: navigates to error screen with the
failure message, tx hash (if available), and Done button.
Replaces the previous inline confirm-status div that was crammed
onto the confirmation page.
Receive view: address now shows color dot and etherscan link,
matching every other address display in the app.
Send view "From": address now includes etherscan link alongside
the existing color dot.
Send view "What to send" (ERC-20 from token view): shows token
symbol as bold heading, then full contract address below with
color dot, copy-on-click, and etherscan link.
Approval views: tx approval From/To addresses now show color
dots and etherscan links instead of bare text. Site approval
address adds etherscan link. Tx approval value uses 4 decimal
places consistent with all other amount displays.
Home tx list: row padding changed from py-1 to py-2, matching
addressDetail and addressToken transaction lists.
From and To addresses now render with 48px blockie identicons,
color dots, and etherscan links — matching the transaction detail
view pattern. USD estimates for amount, balance, and network fee
are shown in parentheses after the value on the same line, not on
a separate line below.
The confirmation page now shows:
- Transaction type (Native ETH transfer vs ERC-20 token transfer)
- Full ERC-20 token contract address with etherscan link
- Token symbol throughout (not raw contract address)
- Current balance of the token being sent, with USD value
- Estimated network fee in ETH and USD (fetched async)
- USD value for ERC-20 token amounts (not just ETH)
- Insufficient balance errors for ERC-20 tokens
Also implements actual ERC-20 token transfers via the token contract's
transfer() function, rather than only supporting native ETH sends.
Read token from state.selectedToken when set, falling back to the
select element. This ensures the correct token balance is shown even
when the select dropdown is hidden or its value didn't take because
the token was filtered out by renderSendTokenSelect.
When sending from the address-token view, show the token symbol as
plain text instead of a disabled dropdown. ERC-20 tokens include an
etherscan link to the contract address. The dropdown is restored when
navigating back or entering send from other views.
