fix: cross-wallet duplicate address detection on import

Previously each import method (mnemonic, private key, xprv) only checked for duplicates among wallets of the same type. Now all three check the derived address against ALL existing wallet addresses regardless of type, and mnemonic/xprv imports also compare xpubs against existing HD/xprv wallets. Closes #111
Merge pull request 'feat: show red warning when sending to address with zero tx history' (#98 ) from issue-82-zero-tx-warning into main
2026-02-28 16:01:40 -08:00 · 2026-03-01 00:54:15 +01:00 · 2026-03-01 00:53:45 +01:00 · 2026-03-01 00:53:08 +01:00 · 2026-02-28 15:46:58 -08:00 · 2026-02-28 15:37:27 -08:00
3 changed files with 70 additions and 22 deletions
--- a/src/popup/index.html
+++ b/src/popup/index.html
@@ -586,6 +586,19 @@
                    <div id="confirm-fee-amount" class="text-xs"></div>
                </div>
                <div id="confirm-warnings" class="mb-2 hidden"></div>
                <div
                    id="confirm-recipient-warning"
                    class="mb-2"
                    style="visibility: hidden"
                >
                    <div
                        class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
                    >
                        WARNING: The recipient address has ZERO transaction
                        history. This may indicate a fresh or unused address.
                        Double-check the address before sending.
                    </div>
                </div>
                <div
                    id="confirm-errors"
                    class="mb-2 border border-border border-dashed p-2 hidden"
--- a/src/popup/views/addWallet.js
+++ b/src/popup/views/addWallet.js
@@ -97,18 +97,26 @@ async function importMnemonic(ctx) {
    const pw = validatePassword();
    if (!pw) return;
    const { xpub, firstAddress } = hdWalletFromMnemonic(mnemonic);
-    const duplicate = state.wallets.find(
+    const addrDup = state.wallets.find((w) =>
-        (w) =>
+        w.addresses.some(
-            w.type === "hd" &&
+            (a) => a.address.toLowerCase() === firstAddress.toLowerCase(),
-            w.addresses[0] &&
+        ),
            w.addresses[0].address.toLowerCase() === firstAddress.toLowerCase(),
    );
-    if (duplicate) {
+    if (addrDup) {
        showFlash(
-            "This recovery phrase is already added (" + duplicate.name + ").",
+            "An address from this phrase already exists in " +
                addrDup.name +
                ".",
        );
        return;
    }
    const xpubDup = state.wallets.find(
        (w) => (w.type === "hd" || w.type === "xprv") && w.xpub === xpub,
    );
    if (xpubDup) {
        showFlash("This recovery phrase matches " + xpubDup.name + ".");
        return;
    }
    const encrypted = await encryptWithPassword(mnemonic, pw);
    const walletNum = state.wallets.length + 1;
    const wallet = {
@@ -162,16 +170,11 @@ async function importPrivateKey(ctx) {
    }
    const pw = validatePassword();
    if (!pw) return;
-    const duplicate = state.wallets.find(
+    const duplicate = state.wallets.find((w) =>
-        (w) =>
+        w.addresses.some((a) => a.address.toLowerCase() === addr.toLowerCase()),
            w.type === "key" &&
            w.addresses[0] &&
            w.addresses[0].address.toLowerCase() === addr.toLowerCase(),
    );
    if (duplicate) {
-        showFlash(
+        showFlash("This address already exists in " + duplicate.name + ".");
            "This private key is already added (" + duplicate.name + ").",
        );
        return;
    }
    const encrypted = await encryptWithPassword(key, pw);
@@ -208,14 +211,22 @@ async function importXprvKey(ctx) {
        return;
    }
    const { xpub, firstAddress } = result;
-    const duplicate = state.wallets.find(
+    const addrDup = state.wallets.find((w) =>
-        (w) =>
+        w.addresses.some(
-            (w.type === "hd" || w.type === "xprv") &&
+            (a) => a.address.toLowerCase() === firstAddress.toLowerCase(),
-            w.addresses[0] &&
+        ),
            w.addresses[0].address.toLowerCase() === firstAddress.toLowerCase(),
    );
-    if (duplicate) {
+    if (addrDup) {
-        showFlash("This key is already added (" + duplicate.name + ").");
+        showFlash(
            "An address from this key already exists in " + addrDup.name + ".",
        );
        return;
    }
    const xpubDup = state.wallets.find(
        (w) => (w.type === "hd" || w.type === "xprv") && w.xpub === xpub,
    );
    if (xpubDup) {
        showFlash("This key matches " + xpubDup.name + ".");
        return;
    }
    const pw = validatePassword();
--- a/src/popup/views/confirmTx.js
+++ b/src/popup/views/confirmTx.js
@@ -243,7 +243,11 @@ function show(txInfo) {
    state.viewData = { pendingTx: txInfo };
    showView("confirm-tx");
    // Reset recipient warning to hidden (space always reserved, no layout shift)
    $("confirm-recipient-warning").style.visibility = "hidden";
    estimateGas(txInfo);
    checkRecipientHistory(txInfo);
 }
 async function estimateGas(txInfo) {
@@ -286,6 +290,26 @@ async function estimateGas(txInfo) {
    }
 }
 async function checkRecipientHistory(txInfo) {
    const el = $("confirm-recipient-warning");
    try {
        const provider = getProvider(state.rpcUrl);
        // Skip warning for contract addresses — they may legitimately
        // have zero outgoing transactions (getTransactionCount returns
        // the nonce, i.e. sent-tx count only).
        const code = await provider.getCode(txInfo.to);
        if (code && code !== "0x") {
            return;
        }
        const txCount = await provider.getTransactionCount(txInfo.to);
        if (txCount === 0) {
            el.style.visibility = "visible";
        }
    } catch (e) {
        log.errorf("recipient history check failed:", e.message);
    }
 }
 function init(ctx) {
    $("btn-confirm-send").addEventListener("click", async () => {
        const password = $("confirm-tx-password").value;
Author	SHA1	Message	Date
user	cd412209a7	fix: cross-wallet duplicate address detection on import All checks were successful check / check (push) Successful in 22s Details Previously each import method (mnemonic, private key, xprv) only checked for duplicates among wallets of the same type. Now all three check the derived address against ALL existing wallet addresses regardless of type, and mnemonic/xprv imports also compare xpubs against existing HD/xprv wallets. Closes #111	2026-02-28 16:01:40 -08:00
Jeffrey Paul	09c52b2519	Merge pull request 'feat: show red warning when sending to address with zero tx history' (#98 ) from issue-82-zero-tx-warning into main All checks were successful check / check (push) Successful in 8s Details Reviewed-on: #98	2026-03-01 00:54:15 +01:00
Jeffrey Paul	1fb9fade51	Merge branch 'main' into issue-82-zero-tx-warning All checks were successful check / check (push) Successful in 22s Details	2026-03-01 00:53:45 +01:00
Jeffrey Paul	bc04482fb5	Merge pull request 'feat: add xprv wallet import support' (#53 ) from feature/import-xprv into main All checks were successful check / check (push) Successful in 8s Details Reviewed-on: #53	2026-03-01 00:53:08 +01:00
user	045328f3b9	fix: use visibility:hidden/visible instead of CSS transitions for zero-tx warning All checks were successful check / check (push) Successful in 22s Details Remove all CSS transitions, max-height changes, and opacity animations. The warning container always reserves its space with visibility:hidden and switches to visibility:visible when needed. No layout shift ever.	2026-02-28 15:46:58 -08:00
user	576fe3ab15	fix: replace visibility:hidden with smooth collapse for zero-tx warning All checks were successful check / check (push) Successful in 10s Details Instead of permanently reserving space with visibility:hidden, the warning container now uses max-height + opacity transitions. Space is reserved during the async check, then smoothly collapses to 0 if the warning isn't needed. This reclaims ~40px of popup viewport in the common case.	2026-02-28 15:37:27 -08:00
user	8c071ae508	fix: never collapse warning container — always reserve space to prevent layout shift All checks were successful check / check (push) Successful in 10s Details Replace display:none with persistent visibility:hidden so the warning area occupies the same vertical space regardless of API result. This eliminates the layout shift that occurred when the container was collapsed after the recipient history check returned.	2026-02-28 15:26:49 -08:00
user	a3c2b8227a	fix: zero-tx warning layout shift and contract address false positive - Reserve space for the warning upfront using visibility:hidden instead of display:none, preventing layout shift per README policy - Move warning HTML to index.html as a static element rather than injecting dynamically - Skip warning for contract addresses (check getCode first) since getTransactionCount only returns outgoing tx nonce - Collapse reserved space when warning is not needed (address has history, is a contract, or on RPC error)	2026-02-28 15:26:44 -08:00
user	f9f3e7b85a	feat: show red warning when sending to address with zero tx history On the confirm-tx view, asynchronously check the recipient address transaction count via getTransactionCount(). If zero, display a prominent red warning advising the user to double-check the address. Closes #82	2026-02-28 15:26:44 -08:00