The MetaMask blocklist contains 2 entries with '*.' wildcard prefixes
(e.g. *.coinbase-563513.com). These were stored literally and never
matched because hostnameVariants() doesn't generate '*.' prefixed
strings. Fix: normalizeDomain() strips the '*.' prefix at load time
and during delta computation. The subdomain matching in
hostnameVariants() already handles child domains correctly.
Found during review.
Vendor the MetaMask eth-phishing-detect config.json (231k domains) into
src/data/phishing-domains.json as the baseline blocklist shipped with
the extension.
On 24h refresh, only the delta (new domains not in the vendored snapshot)
is kept in memory. Domain checks hit the in-memory delta first (fresh
scam sites), then binary-search the vendored sorted array.
If the delta is under 256 KiB it is persisted to chrome.storage.local
so it survives service-worker restarts without re-fetching.
Removes the previous approach of downloading and holding the full
blocklist in memory as a Set.
- Add etherscanLabels module: scrapes Etherscan address pages for
phishing/scam labels (Fake_Phishing*, Exploiter, scam warnings).
Integrated as best-effort async check in addressWarnings.
- Add phishingDomains module: fetches MetaMask's eth-phishing-detect
blocklist (~231K domains) at runtime, caches in memory, refreshes
every 24h. Checks hostnames with subdomain matching and whitelist
overrides.
- Integrate domain phishing checks into all approval flows:
connection requests, transaction approvals, and signature requests
show a prominent red warning banner when the requesting site is on
the MetaMask blocklist.
- Add unit tests for both modules (12 tests for etherscanLabels
parsing, 15 tests for phishingDomains matching).
Closes#114
