fix: make debug mode toggle work at runtime

The debug/insecure warning banner was only controlled by the compile-time DEBUG constant. The settings easter egg checkbox toggled state.debugMode and the runtime log flag, but neither index.js nor helpers.js checked these runtime values — the banner was created/updated based solely on the compile-time constant. Changes: - Extract banner logic into updateDebugBanner() in helpers.js that checks isDebug() (combines compile-time DEBUG and runtime debugMode) - Banner is dynamically created/removed: appears when debug is enabled, removed when disabled (no stale banners) - index.js init() syncs runtime debug flag from persisted state before first render, then delegates to updateDebugBanner() - settings.js calls updateDebugBanner() after the checkbox change so the banner immediately reflects the new state - Debug mode persists across popup close/reopen via state.debugMode Fixes the bug where the settings debug toggle had no visible effect.
refactor: derive git info inside Docker instead of --build-arg
2026-03-01 15:21:51 -08:00 · 2026-03-01 15:16:16 -08:00 · 2026-03-01 15:16:16 -08:00 · 2026-03-01 15:16:16 -08:00 · 2026-03-01 15:15:44 -08:00 · 2026-03-02 00:15:01 +01:00
45 changed files with 236860 additions and 885 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,4 +1,3 @@
 .git
 node_modules
 .DS_Store
 dist
--- a/2
+++ b/2
@@ -1,7 +1,7 @@
 # node:22-slim (22.x LTS), 2026-02-24
 FROM node@sha256:5373f1906319b3a1f291da5d102f4ce5c77ccbe29eb637f072b6c7b70443fc36
-RUN apt-get update && apt-get install -y --no-install-recommends make && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends make git && rm -rf /var/lib/apt/lists/*
 RUN corepack enable && corepack prepare yarn@1.22.22 --activate
 WORKDIR /app
--- a/107
+++ b/107
@@ -672,3 +672,110 @@ may consider it more useful to permit linking proprietary applications with
 the library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.  But first, please read
 <https://www.gnu.org/licenses/why-not-lgpl.html>.
 ===========================================================================
 THIRD-PARTY FILES
 ===========================================================================
 The following files are not original to this project and are distributed
 under their own licenses. They are NOT covered by the GPL-3.0 license above.
 ---------------------------------------------------------------------------
 File: src/shared/phishingBlocklist.json
 Source: https://github.com/AugurProject/eth-phishing-detect (config.json)
 Copyright: Copyright (c) 2018 kumavis
 License: Don't Be a Dick Public License (DBAD), Version 1.2
 ---------------------------------------------------------------------------
 DON'T BE A DICK PUBLIC LICENSE
 Version 1.2, February 2021
 Copyright (C) 2018 kumavis
 Everyone is permitted to copy and distribute verbatim or modified
 copies of this license document.
 DON'T BE A DICK PUBLIC LICENSE
 TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 1. Do whatever you like with the original work, just don't be a dick.
     Being a dick includes - but is not limited to - the following instances:
     1a. Outright copyright infringement - Don't just copy the original
         work/works and change the name.
     1b. Selling the unmodified original with no work done what-so-ever,
         that's REALLY being a dick.
     1c. Modifying the original work to contain hidden harmful content.
         That would make you a PROPER dick.
 2. If you become rich through modifications, related works/services, or
    supporting the original work, share the love. Only a dick would make
    loads off this work and not buy the original work's creator(s) a pint.
 3. Code is provided with no warranty. Using somebody else's code and
    bitching when it goes wrong makes you a DONKEY dick. Fix the problem
    yourself. A non-dick would submit the fix back or submit a bug report.
 4. If you use code, calling it your own would make you a ROYAL dick.
    Alternatively, even just a comment giving attribution to where you found
    the code would be OK.
 ---------------------------------------------------------------------------
 File: src/shared/scamlist.js (address data from MyEtherWallet ethereum-lists)
 Source: https://github.com/MyEtherWallet/ethereum-lists (addresses-darklist.json)
 Copyright: Copyright (c) 2020 MyEtherWallet
 License: MIT License
 ---------------------------------------------------------------------------
 MIT License
 Copyright (c) 2020 MyEtherWallet
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 ---------------------------------------------------------------------------
 File: src/shared/scamlist.js (address data from EtherScamDB)
 Source: https://github.com/MrLuit/EtherScamDB (scams.yaml)
 Copyright: Copyright (c) 2018 Luit Hollander
 License: MIT License
 ---------------------------------------------------------------------------
 MIT License
 Copyright (c) 2018 Luit Hollander
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/README.md
+++ b/README.md
@@ -15,10 +15,12 @@ Hence, a minimally viable ERC20 browser wallet/signer that works cross-platform.
 Everything you need, nothing you don't. We import as few libraries as possible,
 don't implement any crypto, and don't send user-specific data anywhere but a
 (user-configurable) Ethereum RPC endpoint (which defaults to a public node). The
-extension contacts exactly three external services: the configured RPC node for
+extension contacts three user-configurable services: the configured RPC node for
 blockchain interactions, a public CoinDesk API (no API key) for realtime price
 information, and a Blockscout block-explorer API for transaction history and
-token balances. All three endpoints are user-configurable.
+token balances. It also fetches a community-maintained phishing domain blocklist
 periodically and performs best-effort Etherscan address label lookups during
 transaction confirmation.
 In the extension is a hardcoded list of the top ERC20 contract addresses. You
 can add any ERC20 contract by contract address if you wish, but the hardcoded
@@ -435,16 +437,29 @@ transitions.
 #### TransactionDetail
 - **When**: User tapped a transaction row from AddressDetail or AddressToken.
- **Elements**:
+- **Elements** (grouped into logical blocks using light well containers; field
  labels are self-explanatory so groups have no headings):
    - "Transaction" heading, "Back" button
    - Status: "Success" or "Failed"
    - Time: ISO datetime + relative age in parentheses
    - Amount: value + symbol (bold)
    - From: blockie + color dot + full address (tap to copy) + etherscan link
        - ENS name if available
    - To: blockie + color dot + full address (tap to copy) + etherscan link
        - ENS name if available
    - Transaction hash: full hash (tap to copy) + etherscan link
    - Type: transaction classification — one of: Native ETH Transfer, ERC-20
      Token Transfer, Swap, Token Approval, Contract Call, Contract Creation
    - Status: "Success" or "Failed"
    - From: blockie + color dot + full address (tap to copy) + etherscan link;
      ENS name if available
    - To: blockie + color dot + full address (tap to copy) + etherscan link; ENS
      name if available
    - Time: ISO datetime + relative age in parentheses
    - Block: block number (tap to copy) + etherscan block link
    - Amount: value + symbol (bold)
    - Native quantity: raw integer + unit (shown when available)
    - Token contract: shown for ERC-20 transfers — color dot + full contract
      address (tap to copy) + etherscan token link
    - Decoded details (shown for contract calls): action name, decoded
      parameters, token details, swap steps
    - Network details (shown when on-chain data is available): nonce, gas price,
      gas used, transaction fee (all tap to copy)
    - Raw data (shown when calldata is present): full calldata in monospace
      dashed border
 - **Transitions**:
    - "Back" → **AddressToken** (if `selectedToken` set) or **AddressDetail**
@@ -567,14 +582,25 @@ What the extension does NOT do:
 - No analytics or telemetry services
 - No token list APIs (user adds tokens manually by contract address)
 - No phishing/blocklist APIs
 - No Infura/Alchemy dependency (any JSON-RPC endpoint works)
 - No backend servers operated by the developer
-These three services (RPC endpoint, CoinDesk price API, and Blockscout API) are
+In addition to the three user-configurable services above (RPC endpoint,
-the only external services. All three endpoints are user-configurable. Users who
+CoinDesk price API, and Blockscout API), AutistMask also contacts:
-want maximum privacy can point the RPC and Blockscout URLs at their own
+
-self-hosted instances (price fetching can be disabled in a future version).
+- **Phishing domain blocklist**: A community-maintained phishing domain
  blocklist is vendored into the extension at build time. At runtime, the
  extension fetches the live list once every 24 hours to detect newly added
  domains. Only the delta (domains not already in the vendored list) is kept in
  memory, keeping runtime memory usage small. The delta is persisted to
  localStorage if it is under 256 KiB.
 - **Etherscan address labels**: When confirming a transaction, the extension
  performs a best-effort lookup of the recipient address on Etherscan to check
  for phishing/scam labels. This is a direct page fetch with no API key; the
  user's browser makes the request.
 Users who want maximum privacy can point the RPC and Blockscout URLs at their
 own self-hosted instances (price fetching can be disabled in a future version).
 ### Dependencies
@@ -764,6 +790,21 @@ indexes it as a real token transfer.
  designed as a sharp tool — users who understand the risks can configure the
  wallet to show everything unfiltered, unix-style.
 #### Phishing Domain Protection
 AutistMask protects users from known phishing sites when they connect their
 wallet or approve transactions/signatures. A community-maintained domain
 blocklist is vendored into the extension at build time, providing immediate
 protection without any network requests. At runtime, the extension fetches the
 live list once every 24 hours and keeps only the delta (newly added domains not
 in the vendored list) in memory. This architecture keeps runtime memory usage
 small while ensuring fresh coverage of new phishing domains.
 When a dApp on a blocklisted domain requests a wallet connection, transaction
 approval, or signature, the approval popup displays a prominent red warning
 banner alerting the user. The domain checker matches exact hostnames and all
 parent domains (subdomain matching).
 #### Transaction Decoding
 When a dApp asks the user to approve a transaction, AutistMask attempts to
@@ -846,6 +887,21 @@ Currently supported:
 GPL-3.0. See [LICENSE](LICENSE).
 ### Third-Party Data Files
 This repository includes data files from third-party projects that are not
 covered by the GPL-3.0 license above. These files, their copyright holders, and
 their licenses are:
 | File                                                       | Source                                                                                                                    | Copyright                         | License                                                        |
 | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -------------------------------------------------------------- |
 | `src/shared/phishingBlocklist.json`                        | [eth-phishing-detect](https://github.com/AugurProject/eth-phishing-detect) community-maintained phishing domain blocklist | Copyright (c) 2018 kumavis        | [DBAD (Don't Be a Dick)](https://github.com/philsturgeon/dbad) |
 | `src/shared/scamlist.js` (address data from MyEtherWallet) | [ethereum-lists](https://github.com/MyEtherWallet/ethereum-lists) `addresses-darklist.json`                               | Copyright (c) 2020 MyEtherWallet  | MIT                                                            |
 | `src/shared/scamlist.js` (address data from EtherScamDB)   | [EtherScamDB](https://github.com/MrLuit/EtherScamDB) `scams.yaml`                                                         | Copyright (c) 2018 Luit Hollander | MIT                                                            |
 The full license texts for these third-party files are included in the
 [LICENSE](LICENSE) file.
 ## Author
 [@sneak](https://sneak.berlin)
--- a/build.js
+++ b/build.js
@@ -11,9 +11,51 @@ function ensureDir(dir) {
    fs.mkdirSync(dir, { recursive: true });
 }
 function getBuildInfo() {
    const pkg = JSON.parse(
        fs.readFileSync(path.join(__dirname, "package.json"), "utf8"),
    );
    let commitHash = "unknown";
    try {
        commitHash = execSync("git rev-parse --short HEAD", {
            encoding: "utf8",
        }).trim();
    } catch (_) {
        // not a git repo or git not available
    }
    let commitHashFull = "unknown";
    try {
        commitHashFull = execSync("git rev-parse HEAD", {
            encoding: "utf8",
        }).trim();
    } catch (_) {
        // not a git repo or git not available
    }
    return {
        version: pkg.version,
        license: pkg.license,
        author: pkg.author,
        commitHash,
        commitHashFull,
        buildDate: new Date().toISOString().slice(0, 10),
    };
 }
 async function build() {
    console.log("Building AutistMask extension...");
    const buildInfo = getBuildInfo();
    console.log("Build info:", buildInfo);
    const define = {
        __BUILD_VERSION__: JSON.stringify(buildInfo.version),
        __BUILD_LICENSE__: JSON.stringify(buildInfo.license),
        __BUILD_AUTHOR__: JSON.stringify(buildInfo.author),
        __BUILD_COMMIT__: JSON.stringify(buildInfo.commitHash),
        __BUILD_COMMIT_FULL__: JSON.stringify(buildInfo.commitHashFull),
        __BUILD_DATE__: JSON.stringify(buildInfo.buildDate),
    };
    // compile tailwind CSS
    console.log("Compiling Tailwind CSS...");
    const tailwindInput = path.join(SRC, "popup", "styles", "main.css");
@@ -38,6 +80,7 @@ async function build() {
            platform: "browser",
            target: ["chrome110", "firefox110"],
            minify: true,
            define,
        });
        // bundle background script
@@ -49,6 +92,7 @@ async function build() {
            platform: "browser",
            target: ["chrome110", "firefox110"],
            minify: true,
            define,
        });
        // bundle content script
@@ -60,6 +104,7 @@ async function build() {
            platform: "browser",
            target: ["chrome110", "firefox110"],
            minify: true,
            define,
        });
        // bundle inpage script (injected into page context, separate file)
@@ -71,6 +116,7 @@ async function build() {
            platform: "browser",
            target: ["chrome110", "firefox110"],
            minify: true,
            define,
        });
        // copy popup HTML
--- a/src/background/index.js
+++ b/src/background/index.js
@@ -2,16 +2,25 @@
 // Handles EIP-1193 RPC requests from content scripts and proxies
 // non-sensitive calls to the configured Ethereum JSON-RPC endpoint.
-const {
+const { DEFAULT_RPC_URL } = require("../shared/constants");
-    ETHEREUM_MAINNET_CHAIN_ID,
+const { SUPPORTED_CHAIN_IDS, networkByChainId } = require("../shared/networks");
-    DEFAULT_RPC_URL,
+const { onChainSwitch } = require("../shared/chainSwitch");
 } = require("../shared/constants");
 const { getBytes } = require("ethers");
-const { state, loadState, saveState } = require("../shared/state");
+const {
    state,
    loadState,
    saveState,
    currentNetwork,
 } = require("../shared/state");
 const { refreshBalances, getProvider } = require("../shared/balances");
 const { debugFetch } = require("../shared/log");
 const { decryptWithPassword } = require("../shared/vault");
 const { getSignerForAddress } = require("../shared/wallet");
 const {
    isPhishingDomain,
    updatePhishingList,
    startPeriodicRefresh,
 } = require("../shared/phishingDomains");
 const storageApi =
    typeof browser !== "undefined"
@@ -324,31 +333,43 @@ async function handleRpc(method, params, origin) {
    }
    if (method === "eth_chainId") {
-        return { result: ETHEREUM_MAINNET_CHAIN_ID };
+        return { result: currentNetwork().chainId };
    }
    if (method === "net_version") {
-        return { result: "1" };
+        return { result: currentNetwork().networkVersion };
    }
    if (method === "wallet_switchEthereumChain") {
        const chainId = params?.[0]?.chainId;
-        if (chainId === ETHEREUM_MAINNET_CHAIN_ID) {
+        if (chainId === currentNetwork().chainId) {
            return { result: null };
        }
        if (SUPPORTED_CHAIN_IDS.has(chainId)) {
            const target = networkByChainId(chainId);
            await onChainSwitch(target.id);
            broadcastChainChanged(target.chainId);
            return { result: null };
        }
        return {
            error: {
                code: 4902,
-                message: "AutistMask only supports Ethereum mainnet.",
+                message:
                    "AutistMask supports Ethereum Mainnet and Sepolia Testnet only.",
            },
        };
    }
    if (method === "wallet_addEthereumChain") {
        const chainId = params?.[0]?.chainId;
        if (SUPPORTED_CHAIN_IDS.has(chainId)) {
            return { result: null };
        }
        return {
            error: {
                code: 4902,
-                message: "AutistMask only supports Ethereum mainnet.",
+                message:
                    "AutistMask supports Ethereum Mainnet and Sepolia Testnet only.",
            },
        };
    }
@@ -494,6 +515,27 @@ async function handleRpc(method, params, origin) {
    return { error: { message: "Unsupported method: " + method } };
 }
 // Broadcast chainChanged to all tabs when the network is switched.
 function broadcastChainChanged(chainId) {
    tabsApi.query({}, (tabs) => {
        for (const tab of tabs) {
            tabsApi.sendMessage(
                tab.id,
                {
                    type: "AUTISTMASK_EVENT",
                    eventName: "chainChanged",
                    data: chainId,
                },
                () => {
                    if (runtime.lastError) {
                        // expected for tabs without our content script
                    }
                },
            );
        }
    });
 }
 // Broadcast accountsChanged to all tabs, respecting per-address permissions
 async function broadcastAccountsChanged() {
    // Clear non-remembered approvals on address switch
@@ -571,6 +613,11 @@ async function backgroundRefresh() {
 setInterval(backgroundRefresh, BACKGROUND_REFRESH_INTERVAL);
 // Fetch the phishing domain blocklist delta on startup and refresh every 24h.
 // The vendored blocklist is bundled at build time; this fetches only new entries.
 updatePhishingList();
 startPeriodicRefresh();
 // When approval window is closed without a response, treat as rejection
 if (windowsApi && windowsApi.onRemoved) {
    windowsApi.onRemoved.addListener((windowId) => {
@@ -643,6 +690,8 @@ runtime.onMessage.addListener((msg, sender, sendResponse) => {
                resp.type = "sign";
                resp.signParams = approval.signParams;
            }
            // Flag if the requesting domain is on the phishing blocklist.
            resp.isPhishingDomain = isPhishingDomain(approval.hostname);
            sendResponse(resp);
        } else {
            sendResponse(null);
--- a/src/content/inpage.js
+++ b/src/content/inpage.js
@@ -2,7 +2,10 @@
 // Creates window.ethereum (EIP-1193 provider) and announces via EIP-6963.
 (function () {
-    const CHAIN_ID = "0x1"; // Ethereum mainnet
+    // Defaults to mainnet; updated dynamically via eth_chainId on init and
    // chainChanged events from the extension.
    let currentChainId = "0x1";
    let currentNetworkVersion = "1";
    const listeners = {};
    let nextId = 1;
@@ -28,6 +31,12 @@
        if (event.source !== window) return;
        if (event.data?.type !== "AUTISTMASK_EVENT") return;
        const { eventName, data } = event.data;
        if (eventName === "chainChanged") {
            currentChainId = data;
            currentNetworkVersion = String(parseInt(data, 16));
            provider.chainId = currentChainId;
            provider.networkVersion = currentNetworkVersion;
        }
        emit(eventName, data);
    });
@@ -57,8 +66,8 @@
    const provider = {
        isAutistMask: true,
        isMetaMask: true, // compatibility — many dApps check this
-        chainId: CHAIN_ID,
+        chainId: currentChainId,
-        networkVersion: "1",
+        networkVersion: currentNetworkVersion,
        selectedAddress: null,
        async request(args) {
@@ -75,6 +84,12 @@
                        ? result[0]
                        : null;
            }
            if (args.method === "eth_chainId" && result) {
                currentChainId = result;
                currentNetworkVersion = String(parseInt(result, 16));
                provider.chainId = currentChainId;
                provider.networkVersion = currentNetworkVersion;
            }
            return result;
        },
@@ -189,4 +204,19 @@
    window.addEventListener("eip6963:requestProvider", announceProvider);
    announceProvider();
    // Fetch the current chain ID from the extension on load so the provider
    // reflects the selected network immediately (covers Sepolia etc.).
    sendRequest({ method: "eth_chainId", params: [] })
        .then((chainId) => {
            if (chainId) {
                currentChainId = chainId;
                currentNetworkVersion = String(parseInt(chainId, 16));
                provider.chainId = currentChainId;
                provider.networkVersion = currentNetworkVersion;
            }
        })
        .catch(() => {
            // Best-effort — keep defaults.
        });
 })();
--- a/src/popup/index.html
+++ b/src/popup/index.html
@@ -56,9 +56,37 @@
                    &lt; Back
                </button>
                <h2 class="font-bold mb-2">Add Wallet</h2>
                <!-- Mode selector tabs -->
                <div
                    class="flex border-b border-border mb-3"
                    id="add-wallet-tabs"
                >
                    <button
                        id="tab-mnemonic"
                        class="px-3 py-1.5 cursor-pointer text-xs font-bold border border-border border-b-bg bg-bg -mb-px"
                    >
                        From Phrase
                    </button>
                    <button
                        id="tab-privkey"
                        class="px-3 py-1.5 cursor-pointer text-xs text-muted border border-dashed border-border-light border-b-transparent -mb-px hover:bg-fg hover:text-bg"
                    >
                        From Key
                    </button>
                    <button
                        id="tab-xprv"
                        class="px-3 py-1.5 cursor-pointer text-xs text-muted border border-dashed border-border-light border-b-transparent -mb-px hover:bg-fg hover:text-bg"
                    >
                        From xprv
                    </button>
                </div>
                <!-- Mnemonic form section -->
                <div id="add-wallet-section-mnemonic">
                    <p class="mb-2">
-                    Enter your 12 or 24 word recovery phrase below, or click the
+                        Enter your 12 or 24 word recovery phrase below, or click
-                    button to roll the die for a new one.
+                        the button to roll the die for a new one.
                    </p>
                    <div class="mb-1 flex justify-end">
                        <button
@@ -79,14 +107,54 @@
                    </div>
                    <div
                        id="add-wallet-phrase-warning"
-                    class="text-xs mb-2 border border-border border-dashed p-2 hidden"
+                        class="text-xs mb-2 border border-border border-dashed p-2"
                        style="visibility: hidden"
                    >
-                    Write these words down and keep them safe. Anyone with them
+                        Write these words down and keep them safe. Anyone with
-                    can take your funds; if you lose them, your wallet is gone.
+                        them can take your funds; if you lose them, your wallet
                        is gone.
                    </div>
                </div>
                <!-- Private key form section -->
                <div id="add-wallet-section-privkey" class="hidden">
                    <p class="mb-2">
                        Paste your private key below. This wallet will have a
                        single address.
                    </p>
                    <div class="mb-2">
                        <input
                            type="password"
                            id="import-private-key"
                            class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
                            placeholder="0x..."
                        />
                    </div>
                </div>
                <!-- Extended key (xprv) form section -->
                <div id="add-wallet-section-xprv" class="hidden">
                    <p class="mb-2">
                        Paste your extended private key (xprv) below. This will
                        import the HD wallet and scan for used addresses.
                    </p>
                    <div class="mb-2">
                        <input
                            type="password"
                            id="import-xprv-key"
                            class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
                            placeholder="xprv..."
                        />
                    </div>
                </div>
                <!-- Shared password fields -->
                <div class="mb-2" id="add-wallet-password-section">
                    <label class="block mb-1">Choose a password</label>
-                    <p class="text-xs text-muted mb-1">
+                    <p
                        class="text-xs text-muted mb-1"
                        id="add-wallet-password-hint"
                    >
                        This password encrypts your recovery phrase on this
                        device. You will need it to send funds.
                    </p>
@@ -107,64 +175,6 @@
                <button
                    id="btn-add-wallet-confirm"
                    class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
                >
                    Add
                </button>
                <div class="mt-3 text-xs text-muted">
                    Have a private key instead?
                    <button
                        id="btn-add-wallet-import-key"
                        class="underline cursor-pointer bg-transparent border-none text-fg text-xs font-mono p-0"
                    >
                        Import private key
                    </button>
                </div>
            </div>
            <!-- ============ IMPORT PRIVATE KEY ============ -->
            <div id="view-import-key" class="view hidden">
                <button
                    id="btn-import-key-back"
                    class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer mb-2"
                >
                    &lt; Back
                </button>
                <h2 class="font-bold mb-2">Import Private Key</h2>
                <p class="mb-2">
                    Paste your private key below. This wallet will have a single
                    address.
                </p>
                <div class="mb-2">
                    <input
                        type="password"
                        id="import-private-key"
                        class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
                        placeholder="0x..."
                    />
                </div>
                <div class="mb-2" id="import-key-password-section">
                    <label class="block mb-1">Choose a password</label>
                    <p class="text-xs text-muted mb-1">
                        This password encrypts your private key on this device.
                        You will need it to send funds.
                    </p>
                    <input
                        type="password"
                        id="import-key-password"
                        class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
                    />
                </div>
                <div class="mb-2" id="import-key-password-confirm-section">
                    <label class="block mb-1">Confirm password</label>
                    <input
                        type="password"
                        id="import-key-password-confirm"
                        class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
                    />
                </div>
                <button
                    id="btn-import-key-confirm"
                    class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
                >
                    Import
                </button>
@@ -175,7 +185,7 @@
                <!-- active address headline -->
                <div
                    id="total-value"
-                    class="text-2xl font-bold min-h-[2rem]"
+                    class="text-2xl font-bold min-h-[2rem] text-fg"
                ></div>
                <div
                    id="total-value-sub"
@@ -366,7 +376,8 @@
                </p>
                <div
                    id="export-privkey-flash"
-                    class="text-xs mb-2 hidden"
+                    class="text-xs mb-2 min-h-[1.25rem]"
                    style="visibility: hidden"
                ></div>
                <div id="export-privkey-password-section" class="mb-2">
                    <label class="block mb-1">Password</label>
@@ -570,16 +581,71 @@
                    <div class="text-xs text-muted mb-1">Your balance</div>
                    <div id="confirm-balance" class="text-xs"></div>
                </div>
-                <div id="confirm-fee" class="mb-3 hidden">
+                <div id="confirm-fee" class="mb-3" style="visibility: hidden">
                    <div class="text-xs text-muted mb-1">
                        Estimated network fee
                    </div>
                    <div id="confirm-fee-amount" class="text-xs"></div>
                </div>
-                <div id="confirm-warnings" class="mb-2 hidden"></div>
+                <div
                    id="confirm-warnings"
                    class="mb-2"
                    style="visibility: hidden"
                ></div>
                <div
                    id="confirm-recipient-warning"
                    class="mb-2"
                    style="visibility: hidden"
                >
                    <div
                        class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
                    >
                        WARNING: The recipient address has ZERO transaction
                        history. This may indicate a fresh or unused address.
                        Double-check the address before sending.
                    </div>
                </div>
                <div
                    id="confirm-contract-warning"
                    class="mb-2"
                    style="visibility: hidden"
                >
                    <div
                        class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
                    >
                        WARNING: The recipient is a smart contract. Sending ETH
                        or tokens directly to a contract may result in permanent
                        loss of funds.
                    </div>
                </div>
                <div
                    id="confirm-burn-warning"
                    class="mb-2"
                    style="visibility: hidden"
                >
                    <div
                        class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
                    >
                        WARNING: This is a known null/burn address. Funds sent
                        here are permanently destroyed and cannot be recovered.
                    </div>
                </div>
                <div
                    id="confirm-etherscan-warning"
                    class="mb-2"
                    style="visibility: hidden"
                >
                    <div
                        class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
                    >
                        WARNING: Etherscan has flagged this address as
                        phishing/scam. Do not send funds to this address.
                    </div>
                </div>
                <div
                    id="confirm-errors"
-                    class="mb-2 border border-border border-dashed p-2 hidden"
+                    class="mb-2 border border-border border-dashed p-2"
                    style="visibility: hidden; min-height: 1.25rem"
                ></div>
                <div class="mb-2">
                    <label class="block mb-1 text-xs">Password</label>
@@ -592,6 +658,7 @@
                <div
                    id="confirm-tx-password-error"
                    class="text-xs mb-2 min-h-[1.25rem]"
                    style="visibility: hidden"
                ></div>
                <button
                    id="btn-confirm-send"
@@ -706,7 +773,8 @@
                </button>
                <div
                    id="receive-erc20-warning"
-                    class="text-xs border border-border border-dashed p-2 mt-3 hidden"
+                    class="text-xs border border-border border-dashed p-2 mt-3"
                    style="visibility: hidden"
                ></div>
            </div>
@@ -734,7 +802,8 @@
                </div>
                <div
                    id="add-token-info"
-                    class="text-xs text-muted mb-2 hidden"
+                    class="text-xs text-muted mb-2 min-h-[1.25rem]"
                    style="visibility: hidden"
                ></div>
                <div class="mb-2">
                    <label class="block mb-1 text-xs text-muted"
@@ -792,7 +861,7 @@
                <div class="bg-well p-3 mx-1 mb-3">
                    <h3 class="font-bold mb-1">Display</h3>
                    <label
-                        class="text-xs flex items-center gap-1 cursor-pointer"
+                        class="text-xs flex items-center gap-1 cursor-pointer mb-2"
                    >
                        <input
                            type="checkbox"
@@ -800,6 +869,35 @@
                        />
                        Show tracked tokens with zero balance
                    </label>
                    <div class="text-xs flex items-center gap-1">
                        <label for="settings-theme">Theme:</label>
                        <select
                            id="settings-theme"
                            class="border border-border p-1 bg-bg text-fg text-xs cursor-pointer"
                        >
                            <option value="system">System</option>
                            <option value="light">Light</option>
                            <option value="dark">Dark</option>
                        </select>
                    </div>
                </div>
                <div class="bg-well p-3 mx-1 mb-3">
                    <h3 class="font-bold mb-1">Network</h3>
                    <p class="text-xs text-muted mb-1">
                        Select the Ethereum network. Switching networks will
                        update the RPC and Blockscout endpoints to their
                        defaults.
                    </p>
                    <div class="text-xs flex items-center gap-1">
                        <select
                            id="settings-network"
                            class="border border-border p-1 bg-bg text-fg text-xs cursor-pointer"
                        >
                            <option value="mainnet">Ethereum Mainnet</option>
                            <option value="sepolia">Sepolia Testnet</option>
                        </select>
                    </div>
                </div>
                <div class="bg-well p-3 mx-1 mb-3">
@@ -881,6 +979,12 @@
                        />
                        <span class="text-xs text-muted">gwei</span>
                    </div>
                    <label
                        class="text-xs flex items-center gap-1 cursor-pointer mb-1"
                    >
                        <input type="checkbox" id="settings-utc-timestamps" />
                        UTC Timestamps
                    </label>
                </div>
                <div class="bg-well p-3 mx-1 mb-3">
@@ -898,6 +1002,64 @@
                    </p>
                    <div id="settings-denied-sites"></div>
                </div>
                <div class="bg-well p-3 mx-1 mb-3">
                    <h3 class="font-bold mb-1">About</h3>
                    <p class="text-xs mb-2">
                        <a
                            href="https://git.eeqj.de/sneak/AutistMask"
                            class="underline decoration-dashed"
                            target="_blank"
                            rel="noopener noreferrer"
                            >AutistMask</a
                        >
                        — Minimal Ethereum wallet browser extension.
                    </p>
                    <div class="text-xs">
                        <div class="mb-1">
                            <span class="text-muted">License:</span>
                            <span id="about-license"></span>
                        </div>
                        <div class="mb-1">
                            <span class="text-muted">Author:</span>
                            <span id="about-author"></span>
                        </div>
                        <div class="mb-1">
                            <span class="text-muted">Version:</span>
                            <span
                                id="about-version"
                                class="cursor-pointer select-none"
                            ></span>
                        </div>
                        <div class="mb-1">
                            <span class="text-muted">Release date:</span>
                            <span id="about-release-date"></span>
                        </div>
                        <div>
                            <span class="text-muted">Commit:</span>
                            <a
                                id="about-commit-link"
                                class="underline decoration-dashed"
                                target="_blank"
                                rel="noopener noreferrer"
                            ></a>
                        </div>
                    </div>
                </div>
                <div
                    id="settings-debug-well"
                    class="bg-well p-3 mx-1 mb-3"
                    style="display: none"
                >
                    <h3 class="font-bold mb-1">Debug</h3>
                    <label
                        class="text-xs flex items-center gap-1 cursor-pointer"
                    >
                        <input type="checkbox" id="settings-debug-mode" />
                        Enable debug mode
                    </label>
                </div>
            </div>
            <!-- ============ DELETE WALLET CONFIRM ============ -->
@@ -916,7 +1078,8 @@
                </p>
                <div
                    id="delete-wallet-flash"
-                    class="text-xs text-red-500 mb-2 hidden"
+                    class="text-xs text-red-500 mb-2 min-h-[1.25rem]"
                    style="visibility: hidden"
                ></div>
                <div class="mb-2">
                    <label class="block mb-1">Password</label>
@@ -991,7 +1154,8 @@
                    />
                    <div
                        id="settings-addtoken-info"
-                        class="text-xs text-muted mt-1 hidden"
+                        class="text-xs text-muted mt-1 min-h-[1.25rem]"
                        style="visibility: hidden"
                    ></div>
                    <button
                        id="btn-settings-addtoken-manual"
@@ -1013,39 +1177,84 @@
                <h2 id="tx-detail-heading" class="font-bold mb-2">
                    Transaction
                </h2>
-                <div id="tx-detail-type-section" class="mb-4 hidden">
+
-                    <div class="text-xs text-muted mb-1">Type</div>
+                <!-- ── Identity ── -->
-                    <div id="tx-detail-type" class="text-xs font-bold"></div>
+                <div class="bg-well p-3 mx-1 mb-3">
                    <div class="mb-2">
                        <div class="text-xs text-muted mb-1">
                            Transaction hash
                        </div>
-                <div class="mb-4">
+                        <div
                            id="tx-detail-hash"
                            class="text-xs break-all"
                        ></div>
                    </div>
                    <div id="tx-detail-type-section" class="mb-2 hidden">
                        <div class="text-xs text-muted mb-1">Type</div>
                        <div
                            id="tx-detail-type"
                            class="text-xs font-bold"
                        ></div>
                    </div>
                    <div class="mb-2">
                        <div class="text-xs text-muted mb-1">Status</div>
                        <div id="tx-detail-status" class="text-xs"></div>
                    </div>
-                <div class="mb-4">
+                    <div class="mb-2">
                    <div class="text-xs text-muted mb-1">Time</div>
                    <div id="tx-detail-time" class="text-xs"></div>
                </div>
                <div class="mb-4">
                    <div class="text-xs text-muted mb-1">Amount</div>
                    <div id="tx-detail-value" class="text-xs"></div>
                </div>
                <div class="mb-4 hidden">
                    <div class="text-xs text-muted mb-1">Native quantity</div>
                    <div id="tx-detail-native" class="text-xs"></div>
                </div>
                <div class="mb-4">
                        <div class="text-xs text-muted mb-1">From</div>
-                    <div id="tx-detail-from" class="text-xs break-all"></div>
+                        <div
                            id="tx-detail-from"
                            class="text-xs break-all"
                        ></div>
                    </div>
-                <div class="mb-4">
+                    <div class="mb-2">
                        <div class="text-xs text-muted mb-1">To</div>
                        <div id="tx-detail-to" class="text-xs break-all"></div>
                    </div>
-                <div id="tx-detail-calldata-section" class="mb-4 hidden">
+                </div>
                <!-- ── Timing ── -->
                <div class="bg-well p-3 mx-1 mb-3">
                    <div class="mb-2">
                        <div class="text-xs text-muted mb-1">Time</div>
                        <div id="tx-detail-time" class="text-xs"></div>
                    </div>
                    <div id="tx-detail-block-section" class="mb-2 hidden">
                        <div class="text-xs text-muted mb-1">Block</div>
                        <div id="tx-detail-block" class="text-xs"></div>
                    </div>
                </div>
                <!-- ── Value ── -->
                <div class="bg-well p-3 mx-1 mb-3">
                    <div class="mb-2">
                        <div class="text-xs text-muted mb-1">Amount</div>
                        <div id="tx-detail-value" class="text-xs"></div>
                    </div>
                    <div class="mb-2 hidden">
                        <div class="text-xs text-muted mb-1">
                            Native quantity
                        </div>
                        <div id="tx-detail-native" class="text-xs"></div>
                    </div>
                    <div
-                        id="tx-detail-calldata-well"
+                        id="tx-detail-token-contract-section"
-                        class="mb-3 border border-border border-dashed p-2"
+                        class="mb-2 hidden"
                    >
                        <div class="text-xs text-muted mb-1">
                            Token contract
                        </div>
                        <div
                            id="tx-detail-token-contract"
                            class="text-xs break-all"
                        ></div>
                    </div>
                </div>
                <!-- ── Decoded details ── -->
                <div id="tx-detail-calldata-section" class="hidden">
                    <div class="bg-well p-3 mx-1 mb-3">
                        <div id="tx-detail-calldata-well" class="mb-2">
                            <div class="text-xs text-muted mb-1">Action</div>
                            <div
                                id="tx-detail-calldata-action"
@@ -1057,11 +1266,39 @@
                            ></div>
                        </div>
                    </div>
                <div class="mb-4">
                    <div class="text-xs text-muted mb-1">Transaction hash</div>
                    <div id="tx-detail-hash" class="text-xs break-all"></div>
                </div>
-                <div id="tx-detail-rawdata-section" class="mb-4 hidden">
+
                <!-- ── Network details ── -->
                <div id="tx-detail-network-section" class="hidden">
                    <div class="bg-well p-3 mx-1 mb-3">
                        <div id="tx-detail-nonce-section" class="mb-2 hidden">
                            <div class="text-xs text-muted mb-1">Nonce</div>
                            <div id="tx-detail-nonce" class="text-xs"></div>
                        </div>
                        <div
                            id="tx-detail-gasprice-section"
                            class="mb-2 hidden"
                        >
                            <div class="text-xs text-muted mb-1">Gas price</div>
                            <div id="tx-detail-gasprice" class="text-xs"></div>
                        </div>
                        <div id="tx-detail-gasused-section" class="mb-2 hidden">
                            <div class="text-xs text-muted mb-1">Gas used</div>
                            <div id="tx-detail-gasused" class="text-xs"></div>
                        </div>
                        <div id="tx-detail-fee-section" class="mb-2 hidden">
                            <div class="text-xs text-muted mb-1">
                                Transaction fee
                            </div>
                            <div id="tx-detail-fee" class="text-xs"></div>
                        </div>
                    </div>
                </div>
                <!-- ── Raw data ── -->
                <div id="tx-detail-rawdata-section" class="hidden">
                    <div class="bg-well p-3 mx-1 mb-3">
                        <div class="mb-2">
                            <div class="text-xs text-muted mb-1">Raw data</div>
                            <div
                                id="tx-detail-rawdata"
@@ -1069,10 +1306,20 @@
                            ></div>
                        </div>
                    </div>
                </div>
            </div>
            <!-- ============ TRANSACTION APPROVAL ============ -->
            <div id="view-approve-tx" class="view hidden">
                <h2 class="font-bold mb-2">Transaction Request</h2>
                <div
                    id="approve-tx-phishing-warning"
                    class="mb-3 p-2 text-xs font-bold hidden bg-red-100 text-red-800 border-2 border-red-600 rounded-md"
                >
                    ⚠️ PHISHING WARNING: This site is on a known phishing
                    blocklist. This transaction may steal your funds. Proceed
                    with extreme caution.
                </div>
                <p class="mb-2">
                    <span id="approve-tx-hostname" class="font-bold"></span>
                    wants to send a transaction.
@@ -1117,7 +1364,8 @@
                </div>
                <div
                    id="approve-tx-error"
-                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem] hidden"
+                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem]"
                    style="visibility: hidden"
                ></div>
                <div class="flex justify-between">
                    <button
@@ -1138,6 +1386,14 @@
            <!-- ============ SIGNATURE APPROVAL ============ -->
            <div id="view-approve-sign" class="view hidden">
                <h2 class="font-bold mb-2">Signature Request</h2>
                <div
                    id="approve-sign-phishing-warning"
                    class="mb-3 p-2 text-xs font-bold hidden bg-red-100 text-red-800 border-2 border-red-600 rounded-md"
                >
                    ⚠️ PHISHING WARNING: This site is on a known phishing
                    blocklist. Signing this message may authorize theft of your
                    funds. Proceed with extreme caution.
                </div>
                <p class="mb-2">
                    <span id="approve-sign-hostname" class="font-bold"></span>
                    wants you to sign a message.
@@ -1145,8 +1401,10 @@
                <div
                    id="approve-sign-danger-warning"
-                    class="hidden mb-3 p-2 text-xs font-bold"
+                    class="mb-3 p-2 text-xs font-bold"
                    style="
                        visibility: hidden;
                        min-height: 1.25rem;
                        background: #fee2e2;
                        color: #991b1b;
                        border: 2px solid #dc2626;
@@ -1183,7 +1441,8 @@
                </div>
                <div
                    id="approve-sign-error"
-                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem] hidden"
+                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem]"
                    style="visibility: hidden"
                ></div>
                <div class="flex justify-between">
                    <button
@@ -1204,6 +1463,14 @@
            <!-- ============ SITE APPROVAL ============ -->
            <div id="view-approve-site" class="view hidden">
                <h2 class="font-bold mb-2">Connection Request</h2>
                <div
                    id="approve-site-phishing-warning"
                    class="mb-3 p-2 text-xs font-bold hidden bg-red-100 text-red-800 border-2 border-red-600 rounded-md"
                >
                    ⚠️ PHISHING WARNING: This site is on a known phishing
                    blocklist. Connecting your wallet may result in loss of
                    funds. Proceed with extreme caution.
                </div>
                <div class="mb-3">
                    <p class="mb-2">
                        <span id="approve-hostname" class="font-bold"></span>
--- a/src/popup/index.js
+++ b/src/popup/index.js
@@ -1,16 +1,29 @@
 // AutistMask popup entry point.
 // Loads state, initializes views, triggers first render.
-const { DEBUG } = require("../shared/constants");
+const {
-const { state, saveState, loadState } = require("../shared/state");
+    state,
    saveState,
    loadState,
    currentNetwork,
 } = require("../shared/state");
 const { isDebug, setRuntimeDebug } = require("../shared/log");
 const { refreshPrices } = require("../shared/prices");
 const { refreshBalances } = require("../shared/balances");
-const { $, showView } = require("./views/helpers");
+const {
    $,
    showView,
    updateDebugBanner,
    setRenderMain,
    pushCurrentView,
    goBack,
    clearViewStack,
 } = require("./views/helpers");
 const { applyTheme } = require("./theme");
 const home = require("./views/home");
 const welcome = require("./views/welcome");
 const addWallet = require("./views/addWallet");
 const importKey = require("./views/importKey");
 const addressDetail = require("./views/addressDetail");
 const addressToken = require("./views/addressToken");
 const send = require("./views/send");
@@ -53,16 +66,42 @@ async function doRefreshAndRender() {
 const ctx = {
    renderWalletList,
    doRefreshAndRender,
-    showAddWalletView: () => addWallet.show(),
+    showAddWalletView: () => {
-    showImportKeyView: () => importKey.show(),
+        pushCurrentView();
-    showAddressDetail: () => addressDetail.show(),
+        addWallet.show();
-    showAddressToken: () => addressToken.show(),
+    },
-    showAddTokenView: () => addToken.show(),
+    showAddressDetail: () => {
-    showConfirmTx: (txInfo) => confirmTx.show(txInfo),
+        pushCurrentView();
-    showReceive: () => receive.show(),
+        addressDetail.show();
-    showTransactionDetail: (tx) => transactionDetail.show(tx),
+    },
-    showSettingsView: () => settings.show(),
+    showAddressToken: () => {
-    showSettingsAddTokenView: () => settingsAddToken.show(),
+        pushCurrentView();
        addressToken.show();
    },
    showAddTokenView: () => {
        pushCurrentView();
        addToken.show();
    },
    showConfirmTx: (txInfo) => {
        pushCurrentView();
        confirmTx.show(txInfo);
    },
    showReceive: () => {
        pushCurrentView();
        receive.show();
    },
    showTransactionDetail: (tx) => {
        pushCurrentView();
        transactionDetail.show(tx);
    },
    showSettingsView: () => {
        pushCurrentView();
        settings.show();
    },
    showSettingsAddTokenView: () => {
        pushCurrentView();
        settingsAddToken.show();
    },
 };
 // Views that can be fully re-rendered from persisted state.
@@ -168,16 +207,14 @@ function fallbackView() {
 }
 async function init() {
    if (DEBUG) {
        const banner = document.createElement("div");
        banner.id = "debug-banner";
        banner.textContent = "DEBUG / INSECURE";
        banner.style.cssText =
            "background:#c00;color:#fff;text-align:center;font-size:10px;padding:1px 0;font-family:monospace;position:sticky;top:0;z-index:9999;";
        document.body.prepend(banner);
    }
    await loadState();
    applyTheme(state.theme);
    // Sync runtime debug flag from persisted state before first render
    setRuntimeDebug(state.debugMode);
    // Create the debug/testnet banner if needed (uses runtime debug state)
    updateDebugBanner();
    // Auto-default active address
    if (
@@ -208,16 +245,17 @@ async function init() {
                .getElementById("view-settings")
                .classList.contains("hidden")
        ) {
-            renderWalletList();
+            goBack();
            showView("main");
            return;
        }
        pushCurrentView();
        settings.show();
    });
    setRenderMain(renderWalletList);
    welcome.init(ctx);
    addWallet.init(ctx);
    importKey.init(ctx);
    home.init(ctx);
    addressDetail.init(ctx);
    addressToken.init(ctx);
--- a/src/popup/styles/main.css
+++ b/src/popup/styles/main.css
@@ -10,12 +10,37 @@
    --color-border: #000000;
    --color-border-light: #cccccc;
    --color-hover: #eeeeee;
-    --color-well: #f5f5f5;
+    --color-well: #e8e8e8;
    --color-danger-well: #fef2f2;
    --color-section: #dddddd;
 }
 html.dark {
    --color-bg: #000000;
    --color-fg: #ffffff;
    --color-muted: #aaaaaa;
    --color-border: #ffffff;
    --color-border-light: #444444;
    --color-hover: #222222;
    --color-well: #1a1a1a;
    --color-danger-well: #2a0a0a;
    --color-section: #2a2a2a;
 }
 body {
    width: 396px;
    overflow-x: hidden;
 }
 /* Copy-flash feedback: inverts colors then fades back */
 .copy-flash-active {
    background-color: var(--color-fg) !important;
    color: var(--color-bg) !important;
    transition: none;
 }
 .copy-flash-fade {
    transition:
        background-color 225ms ease-out,
        color 225ms ease-out;
 }
--- a/src/popup/theme.js
+++ b/src/popup/theme.js
@@ -0,0 +1,33 @@
 // Theme management: applies light/dark class to <html> based on preference.
 let mediaQuery = null;
 let mediaHandler = null;
 function applyTheme(theme) {
    // Clean up previous system listener
    if (mediaQuery && mediaHandler) {
        mediaQuery.removeEventListener("change", mediaHandler);
        mediaHandler = null;
    }
    if (theme === "dark") {
        document.documentElement.classList.add("dark");
    } else if (theme === "light") {
        document.documentElement.classList.remove("dark");
    } else {
        // system
        mediaQuery = window.matchMedia("(prefers-color-scheme: dark)");
        const update = () => {
            if (mediaQuery.matches) {
                document.documentElement.classList.add("dark");
            } else {
                document.documentElement.classList.remove("dark");
            }
        };
        mediaHandler = update;
        mediaQuery.addEventListener("change", update);
        update();
    }
 }
 module.exports = { applyTheme };
--- a/src/popup/views/addToken.js
+++ b/src/popup/views/addToken.js
@@ -1,4 +1,4 @@
-const { $, showView, showFlash } = require("./helpers");
+const { $, showFlash, goBack } = require("./helpers");
 const { getTopTokens } = require("../../shared/tokenList");
 const { state, saveState } = require("../../shared/state");
 const { lookupTokenInfo } = require("../../shared/balances");
@@ -7,7 +7,8 @@ const { log } = require("../../shared/log");
 function show() {
    $("add-token-address").value = "";
-    $("add-token-info").classList.add("hidden");
+    $("add-token-info").textContent = "";
    $("add-token-info").style.visibility = "hidden";
    const list = $("common-token-list");
    list.innerHTML = getTopTokens(25)
        .map(
@@ -45,7 +46,7 @@ function init(ctx) {
        }
        const infoEl = $("add-token-info");
        infoEl.textContent = "Looking up token...";
-        infoEl.classList.remove("hidden");
+        infoEl.style.visibility = "visible";
        log.debugf("Looking up token contract", contractAddr);
        try {
            const info = await lookupTokenInfo(contractAddr, state.rpcUrl);
@@ -58,16 +59,24 @@ function init(ctx) {
            });
            await saveState();
            ctx.doRefreshAndRender();
-            ctx.showAddressDetail();
+            // Pop the stack (back to address detail) and re-render it
            // so the newly added token is visible immediately.
            if (state.viewStack.length > 0) {
                state.viewStack.pop();
            }
            require("./addressDetail").show();
        } catch (e) {
            const detail = e.shortMessage || e.message || String(e);
            log.errorf("Token lookup failed for", contractAddr, detail);
            showFlash(detail);
-            infoEl.classList.add("hidden");
+            infoEl.textContent = "";
            infoEl.style.visibility = "hidden";
        }
    });
-    $("btn-add-token-back").addEventListener("click", ctx.showAddressDetail);
+    $("btn-add-token-back").addEventListener("click", () => {
        goBack();
    });
 }
 module.exports = { init, show };
--- a/src/popup/views/addWallet.js
+++ b/src/popup/views/addWallet.js
@@ -1,33 +1,103 @@
-const { $, showView, showFlash } = require("./helpers");
+const { $, showView, showFlash, goBack, clearViewStack } = require("./helpers");
 const {
    generateMnemonic,
    hdWalletFromMnemonic,
    isValidMnemonic,
    addressFromPrivateKey,
    hdWalletFromXprv,
    isValidXprv,
 } = require("../../shared/wallet");
 const { encryptWithPassword } = require("../../shared/vault");
 const { state, saveState } = require("../../shared/state");
 const { scanForAddresses } = require("../../shared/balances");
 /**
 * Check if an address already exists in ANY wallet (hd, xprv, or key).
 * Returns the wallet object if found, or undefined.
 */
 function findWalletByAddress(addr) {
    const lower = addr.toLowerCase();
    return state.wallets.find((w) =>
        w.addresses.some((a) => a.address.toLowerCase() === lower),
    );
 }
 /**
 * Check if an xpub already exists in any HD-type wallet (hd or xprv).
 * Returns the wallet object if found, or undefined.
 */
 function findWalletByXpub(xpub) {
    return state.wallets.find((w) => w.xpub && w.xpub === xpub);
 }
 let currentMode = "mnemonic";
 const MODES = ["mnemonic", "privkey", "xprv"];
 const PASSWORD_HINTS = {
    mnemonic:
        "This password encrypts your recovery phrase on this device. You will need it to send funds.",
    privkey:
        "This password encrypts your private key on this device. You will need it to send funds.",
    xprv: "This password encrypts your key on this device. You will need it to send funds.",
 };
 function switchMode(mode) {
    currentMode = mode;
    for (const m of MODES) {
        $("add-wallet-section-" + m).classList.toggle("hidden", m !== mode);
        const tab = $("tab-" + m);
        const isActive = m === mode;
        // Active: bold, solid border on top/sides, no bottom border (connects to content)
        tab.classList.toggle("font-bold", isActive);
        tab.classList.toggle("border-solid", isActive);
        tab.classList.toggle("border-border", isActive);
        tab.classList.toggle("border-b-bg", isActive);
        tab.classList.toggle("bg-bg", isActive);
        // Inactive: muted text, dashed border on top/sides, transparent bottom, hover invert
        tab.classList.toggle("text-muted", !isActive);
        tab.classList.toggle("border-dashed", !isActive);
        tab.classList.toggle("border-border-light", !isActive);
        tab.classList.toggle("border-b-transparent", !isActive);
        tab.classList.toggle("hover:bg-fg", !isActive);
        tab.classList.toggle("hover:text-bg", !isActive);
    }
    $("add-wallet-password-hint").textContent = PASSWORD_HINTS[mode];
 }
 function show() {
    $("wallet-mnemonic").value = "";
    $("import-private-key").value = "";
    $("import-xprv-key").value = "";
    $("add-wallet-password").value = "";
    $("add-wallet-password-confirm").value = "";
-    $("add-wallet-phrase-warning").classList.add("hidden");
+    $("add-wallet-phrase-warning").style.visibility = "hidden";
    switchMode("mnemonic");
    showView("add-wallet");
 }
-function init(ctx) {
+function validatePassword() {
-    $("btn-generate-phrase").addEventListener("click", () => {
+    const pw = $("add-wallet-password").value;
-        $("wallet-mnemonic").value = generateMnemonic();
+    const pw2 = $("add-wallet-password-confirm").value;
-        $("add-wallet-phrase-warning").classList.remove("hidden");
+    if (!pw) {
-    });
+        showFlash("Please choose a password.");
        return null;
    }
    if (pw.length < 12) {
        showFlash("Password must be at least 12 characters.");
        return null;
    }
    if (pw !== pw2) {
        showFlash("Passwords do not match.");
        return null;
    }
    return pw;
 }
-    $("btn-add-wallet-confirm").addEventListener("click", async () => {
+async function importMnemonic(ctx) {
    const mnemonic = $("wallet-mnemonic").value.trim();
    if (!mnemonic) {
-            showFlash(
+        showFlash("Enter a recovery phrase or press the die to generate one.");
                "Enter a recovery phrase or press the die to generate one.",
            );
        return;
    }
    const words = mnemonic.split(/\s+/);
@@ -43,36 +113,21 @@ function init(ctx) {
        showFlash("Invalid recovery phrase. Check for typos.");
        return;
    }
-        const pw = $("add-wallet-password").value;
+    const pw = validatePassword();
-        const pw2 = $("add-wallet-password-confirm").value;
+    if (!pw) return;
        if (!pw) {
            showFlash("Please choose a password.");
            return;
        }
        if (pw.length < 12) {
            showFlash("Password must be at least 12 characters.");
            return;
        }
        if (pw !== pw2) {
            showFlash("Passwords do not match.");
            return;
        }
    const { xpub, firstAddress } = hdWalletFromMnemonic(mnemonic);
-        const duplicate = state.wallets.find(
+    const xpubDup = findWalletByXpub(xpub);
-            (w) =>
+    if (xpubDup) {
                w.type === "hd" &&
                w.addresses[0] &&
                w.addresses[0].address.toLowerCase() ===
                    firstAddress.toLowerCase(),
        );
        if (duplicate) {
        showFlash(
-                "This recovery phrase is already added (" +
+            "This recovery phrase is already added (" + xpubDup.name + ").",
                    duplicate.name +
                    ").",
        );
        return;
    }
    const addrDup = findWalletByAddress(firstAddress);
    if (addrDup) {
        showFlash("Address already exists in wallet (" + addrDup.name + ").");
        return;
    }
    const encrypted = await encryptWithPassword(mnemonic, pw);
    const walletNum = state.wallets.length + 1;
    const wallet = {
@@ -88,6 +143,7 @@ function init(ctx) {
    state.wallets.push(wallet);
    state.hasWallet = true;
    await saveState();
    clearViewStack();
    ctx.renderWalletList();
    showView("main");
@@ -109,21 +165,143 @@ function init(ctx) {
    }
    ctx.doRefreshAndRender();
-    });
+}
-    $("btn-add-wallet-back").addEventListener("click", () => {
+async function importPrivateKey(ctx) {
-        if (!state.hasWallet) {
+    const key = $("import-private-key").value.trim();
-            showView("welcome");
+    if (!key) {
-        } else {
+        showFlash("Please enter your private key.");
        return;
    }
    let addr;
    try {
        addr = addressFromPrivateKey(key);
    } catch (e) {
        showFlash("Invalid private key.");
        return;
    }
    const pw = validatePassword();
    if (!pw) return;
    const duplicate = findWalletByAddress(addr);
    if (duplicate) {
        showFlash(
            "This address already exists in wallet (" + duplicate.name + ").",
        );
        return;
    }
    const encrypted = await encryptWithPassword(key, pw);
    const walletNum = state.wallets.length + 1;
    state.wallets.push({
        type: "key",
        name: "Wallet " + walletNum,
        encryptedSecret: encrypted,
        addresses: [{ address: addr, balance: "0.0000", tokenBalances: [] }],
    });
    state.hasWallet = true;
    await saveState();
    clearViewStack();
    ctx.renderWalletList();
    showView("main");
    ctx.doRefreshAndRender();
 }
 async function importXprvKey(ctx) {
    const xprv = $("import-xprv-key").value.trim();
    if (!xprv) {
        showFlash("Please enter your extended private key.");
        return;
    }
    if (!isValidXprv(xprv)) {
        showFlash("Invalid extended private key.");
        return;
    }
    let result;
    try {
        result = hdWalletFromXprv(xprv);
    } catch (e) {
        showFlash("Invalid extended private key.");
        return;
    }
    const { xpub, firstAddress } = result;
    const xpubDup = findWalletByXpub(xpub);
    if (xpubDup) {
        showFlash("This key is already added (" + xpubDup.name + ").");
        return;
    }
    const addrDup = findWalletByAddress(firstAddress);
    if (addrDup) {
        showFlash("Address already exists in wallet (" + addrDup.name + ").");
        return;
    }
    const pw = validatePassword();
    if (!pw) return;
    const encrypted = await encryptWithPassword(xprv, pw);
    const walletNum = state.wallets.length + 1;
    const wallet = {
        type: "xprv",
        name: "Wallet " + walletNum,
        xpub: xpub,
        encryptedSecret: encrypted,
        nextIndex: 1,
        addresses: [
            { address: firstAddress, balance: "0.0000", tokenBalances: [] },
        ],
    };
    state.wallets.push(wallet);
    state.hasWallet = true;
    await saveState();
    clearViewStack();
    ctx.renderWalletList();
    showView("main");
    // Scan for used HD addresses beyond index 0.
    showFlash("Scanning for addresses...", 30000);
    const scan = await scanForAddresses(xpub, state.rpcUrl);
    if (scan.addresses.length > 1) {
        wallet.addresses = scan.addresses.map((a) => ({
            address: a.address,
            balance: "0.0000",
            tokenBalances: [],
        }));
        wallet.nextIndex = scan.nextIndex;
        await saveState();
        ctx.renderWalletList();
        showFlash("Found " + scan.addresses.length + " addresses.");
    } else {
        showFlash("Ready.", 1000);
    }
    ctx.doRefreshAndRender();
 }
 function init(ctx) {
    // Tab click handlers
    $("tab-mnemonic").addEventListener("click", () => switchMode("mnemonic"));
    $("tab-privkey").addEventListener("click", () => switchMode("privkey"));
    $("tab-xprv").addEventListener("click", () => switchMode("xprv"));
    // Generate mnemonic
    $("btn-generate-phrase").addEventListener("click", () => {
        $("wallet-mnemonic").value = generateMnemonic();
        $("add-wallet-phrase-warning").style.visibility = "visible";
    });
    // Import / confirm
    $("btn-add-wallet-confirm").addEventListener("click", async () => {
        if (currentMode === "mnemonic") {
            await importMnemonic(ctx);
        } else if (currentMode === "privkey") {
            await importPrivateKey(ctx);
        } else if (currentMode === "xprv") {
            await importXprvKey(ctx);
        }
    });
-    $("btn-add-wallet-import-key").addEventListener(
+    // Back button
-        "click",
+    $("btn-add-wallet-back").addEventListener("click", () => {
-        ctx.showImportKeyView,
+        goBack();
-    );
+    });
 }
 module.exports = { init, show };
--- a/src/popup/views/addressDetail.js
+++ b/src/popup/views/addressDetail.js
@@ -2,11 +2,16 @@ const {
    $,
    showView,
    showFlash,
    flashCopyFeedback,
    balanceLinesForAddress,
    addressDotHtml,
    addressTitle,
    escapeHtml,
    truncateMiddle,
    renderAddressHtml,
    attachCopyHandlers,
    goBack,
    pushCurrentView,
 } = require("./helpers");
 const { state, currentAddress, saveState } = require("../../shared/state");
 const { formatUsd, getAddressValueUsd } = require("../../shared/prices");
@@ -27,17 +32,6 @@ const { getSignerForAddress } = require("../../shared/wallet");
 let ctx;
 const EXT_ICON =
    `<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
    `<svg viewBox="0 0 12 12" fill="none" stroke="currentColor" stroke-width="1.5">` +
    `<path d="M4.5 1.5H2a.5.5 0 00-.5.5v8a.5.5 0 00.5.5h8a.5.5 0 00.5-.5V7.5"/>` +
    `<path d="M7 1.5h3.5V5M7 5.5L10.5 1.5"/>` +
    `</svg></span>`;
 function etherscanAddressLink(address) {
    return `https://etherscan.io/address/${address}`;
 }
 function show() {
    state.selectedToken = null;
    const wallet = state.wallets[state.selectedWallet];
@@ -55,22 +49,18 @@ function show() {
    img.style.imageRendering = "pixelated";
    img.style.borderRadius = "50%";
    blockieEl.appendChild(img);
-    $("address-dot").innerHTML = addressDotHtml(addr.address);
+    const addrTitle = addressTitle(addr.address, state.wallets);
-    $("address-full").dataset.full = addr.address;
+    $("address-line").innerHTML = renderAddressHtml(addr.address, {
-    $("address-full").textContent = addr.address;
+        title: addrTitle,
-    const addrLink = etherscanAddressLink(addr.address);
+        ensName: addr.ensName,
-    $("address-etherscan-link").innerHTML =
+    });
-        `<a href="${addrLink}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
+    $("address-line").dataset.full = addr.address;
    attachCopyHandlers($("address-line"));
    const usdTotal = formatUsd(getAddressValueUsd(addr));
    $("address-usd-total").innerHTML = usdTotal || "&nbsp;";
    const ensEl = $("address-ens");
-    if (addr.ensName) {
+    // ENS is now shown inside renderAddressHtml, hide the separate element
        ensEl.innerHTML =
            addressDotHtml(addr.address) + escapeHtml(addr.ensName);
        ensEl.classList.remove("hidden");
    } else {
    ensEl.classList.add("hidden");
    }
    $("address-balances").innerHTML = balanceLinesForAddress(
        addr,
        state.trackedTokens,
@@ -94,18 +84,39 @@ function show() {
 function isoDate(timestamp) {
    const d = new Date(timestamp * 1000);
    const pad = (n) => String(n).padStart(2, "0");
    if (state.utcTimestamps) {
        return (
            d.getUTCFullYear() +
            "-" +
            pad(d.getUTCMonth() + 1) +
            "-" +
            pad(d.getUTCDate()) +
            "T" +
            pad(d.getUTCHours()) +
            ":" +
            pad(d.getUTCMinutes()) +
            ":" +
            pad(d.getUTCSeconds()) +
            "Z"
        );
    }
    const offsetMin = -d.getTimezoneOffset();
    const sign = offsetMin >= 0 ? "+" : "-";
    const absOff = Math.abs(offsetMin);
    const tzStr = sign + pad(Math.floor(absOff / 60)) + ":" + pad(absOff % 60);
    return (
        d.getFullYear() +
        "-" +
        pad(d.getMonth() + 1) +
        "-" +
        pad(d.getDate()) +
-        " " +
+        "T" +
        pad(d.getHours()) +
        ":" +
        pad(d.getMinutes()) +
        ":" +
-        pad(d.getSeconds())
+        pad(d.getSeconds()) +
        tzStr
    );
 }
@@ -236,17 +247,9 @@ function renderTransactions(txs) {
 function init(_ctx) {
    ctx = _ctx;
    $("address-full").addEventListener("click", () => {
        const addr = $("address-full").dataset.full;
        if (addr) {
            navigator.clipboard.writeText(addr);
            showFlash("Copied!");
        }
    });
    $("btn-address-back").addEventListener("click", () => {
-        ctx.renderWalletList();
+        goBack();
        showView("main");
    });
    $("btn-send").addEventListener("click", () => {
@@ -264,6 +267,7 @@ function init(_ctx) {
        $("send-token-static").classList.add("hidden");
        updateSendBalance();
        resetSendValidation();
        pushCurrentView();
        showView("send");
    });
@@ -293,6 +297,7 @@ function init(_ctx) {
    $("btn-export-privkey").addEventListener("click", () => {
        moreDropdown.classList.add("hidden");
        moreBtn.classList.remove("bg-fg", "text-bg");
        pushCurrentView();
        const wallet = state.wallets[state.selectedWallet];
        const addr = wallet.addresses[state.selectedAddress];
        const blockieEl = $("export-privkey-jazzicon");
@@ -306,12 +311,12 @@ function init(_ctx) {
        blockieEl.appendChild(bImg);
        $("export-privkey-title").textContent =
            wallet.name + " \u2014 Address " + (state.selectedAddress + 1);
-        $("export-privkey-dot").innerHTML = addressDotHtml(addr.address);
+        const exportAddrContainer = $("export-privkey-dot").parentElement;
-        $("export-privkey-address").textContent = addr.address;
+        exportAddrContainer.innerHTML = renderAddressHtml(addr.address);
-        $("export-privkey-address").dataset.full = addr.address;
+        attachCopyHandlers(exportAddrContainer);
        $("export-privkey-password").value = "";
        $("export-privkey-flash").classList.add("hidden");
        $("export-privkey-flash").textContent = "";
        $("export-privkey-flash").style.visibility = "hidden";
        $("export-privkey-password-section").classList.remove("hidden");
        $("export-privkey-result").classList.add("hidden");
        $("export-privkey-value").textContent = "";
@@ -322,7 +327,7 @@ function init(_ctx) {
        const password = $("export-privkey-password").value;
        if (!password) {
            $("export-privkey-flash").textContent = "Password is required.";
-            $("export-privkey-flash").classList.remove("hidden");
+            $("export-privkey-flash").style.visibility = "visible";
            return;
        }
        const btn = $("btn-export-privkey-confirm");
@@ -343,10 +348,10 @@ function init(_ctx) {
            $("export-privkey-password-section").classList.add("hidden");
            $("export-privkey-value").textContent = privateKey;
            $("export-privkey-result").classList.remove("hidden");
-            $("export-privkey-flash").classList.add("hidden");
+            $("export-privkey-flash").style.visibility = "hidden";
        } catch {
            $("export-privkey-flash").textContent = "Wrong password.";
-            $("export-privkey-flash").classList.remove("hidden");
+            $("export-privkey-flash").style.visibility = "visible";
        } finally {
            btn.disabled = false;
            btn.classList.remove("text-muted");
@@ -358,21 +363,14 @@ function init(_ctx) {
        if (key) {
            navigator.clipboard.writeText(key);
            showFlash("Copied!");
-        }
+            flashCopyFeedback($("export-privkey-value"));
    });
    $("export-privkey-address").addEventListener("click", () => {
        const full = $("export-privkey-address").dataset.full;
        if (full) {
            navigator.clipboard.writeText(full);
            showFlash("Copied!");
        }
    });
    $("btn-export-privkey-back").addEventListener("click", () => {
        $("export-privkey-value").textContent = "";
        $("export-privkey-password").value = "";
-        show();
+        goBack();
    });
 }
--- a/src/popup/views/addressToken.js
+++ b/src/popup/views/addressToken.js
@@ -5,11 +5,16 @@ const {
    $,
    showView,
    showFlash,
    flashCopyFeedback,
    addressDotHtml,
    addressTitle,
    escapeHtml,
    truncateMiddle,
    balanceLine,
    renderAddressHtml,
    attachCopyHandlers,
    goBack,
    pushCurrentView,
 } = require("./helpers");
 const { state, currentAddress, saveState } = require("../../shared/state");
 const { TOKEN_BY_ADDRESS, resolveSymbol } = require("../../shared/tokenList");
@@ -33,32 +38,42 @@ const makeBlockie = require("ethereum-blockies-base64");
 let ctx;
 const EXT_ICON =
    `<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
    `<svg viewBox="0 0 12 12" fill="none" stroke="currentColor" stroke-width="1.5">` +
    `<path d="M4.5 1.5H2a.5.5 0 00-.5.5v8a.5.5 0 00.5.5h8a.5.5 0 00.5-.5V7.5"/>` +
    `<path d="M7 1.5h3.5V5M7 5.5L10.5 1.5"/>` +
    `</svg></span>`;
 function etherscanAddressLink(address) {
    return `https://etherscan.io/address/${address}`;
 }
 function isoDate(timestamp) {
    const d = new Date(timestamp * 1000);
    const pad = (n) => String(n).padStart(2, "0");
    if (state.utcTimestamps) {
        return (
            d.getUTCFullYear() +
            "-" +
            pad(d.getUTCMonth() + 1) +
            "-" +
            pad(d.getUTCDate()) +
            "T" +
            pad(d.getUTCHours()) +
            ":" +
            pad(d.getUTCMinutes()) +
            ":" +
            pad(d.getUTCSeconds()) +
            "Z"
        );
    }
    const offsetMin = -d.getTimezoneOffset();
    const sign = offsetMin >= 0 ? "+" : "-";
    const absOff = Math.abs(offsetMin);
    const tzStr = sign + pad(Math.floor(absOff / 60)) + ":" + pad(absOff % 60);
    return (
        d.getFullYear() +
        "-" +
        pad(d.getMonth() + 1) +
        "-" +
        pad(d.getDate()) +
-        " " +
+        "T" +
        pad(d.getHours()) +
        ":" +
        pad(d.getMinutes()) +
        ":" +
-        pad(d.getSeconds())
+        pad(d.getSeconds()) +
        tzStr
    );
 }
@@ -126,15 +141,16 @@ function show() {
    blockieEl.appendChild(img);
    // Address line
-    $("address-token-dot").innerHTML = addressDotHtml(addr.address);
+    const addrTitle = addressTitle(addr.address, state.wallets);
-    $("address-token-full").dataset.full = addr.address;
+    $("address-token-line").innerHTML = renderAddressHtml(addr.address, {
-    $("address-token-full").textContent = addr.address;
+        title: addrTitle,
-    const addrLink = etherscanAddressLink(addr.address);
+        ensName: addr.ensName,
-    $("address-token-etherscan-link").innerHTML =
+    });
-        `<a href="${addrLink}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
+    $("address-token-line").dataset.full = addr.address;
    attachCopyHandlers($("address-token-line"));
    // USD total for this token only
-    const usdVal = price ? amount * price : 0;
+    const usdVal = price ? amount * price : null;
    const usdStr = formatUsd(usdVal);
    $("address-token-usd-total").innerHTML = usdStr || "&nbsp;";
@@ -171,15 +187,9 @@ function show() {
                    ? knownToken.decimals
                    : null;
        const tokenHolders = tb && tb.holders != null ? tb.holders : null;
        const dot = addressDotHtml(tokenId);
        const tokenLink = `https://etherscan.io/token/${escapeHtml(tokenId)}`;
        const projectUrl = knownToken && knownToken.url ? knownToken.url : null;
        let infoHtml = `<div class="font-bold mb-2">Contract Address</div>`;
-        infoHtml +=
+        infoHtml += `<div class="mb-2">${renderAddressHtml(tokenId)}</div>`;
            `<div class="flex items-center mb-2">${dot}` +
            `<span class="break-all underline decoration-dashed cursor-pointer" id="address-token-contract-copy" data-copy="${escapeHtml(tokenId)}">${escapeHtml(tokenId)}</span>` +
            `<a href="${tokenLink}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>` +
            `</div>`;
        if (tokenName)
            infoHtml += `<div class="mb-1"><span class="text-muted">Name:</span> ${tokenName}</div>`;
        if (tokenSymbol)
@@ -191,6 +201,7 @@ function show() {
        if (projectUrl)
            infoHtml += `<div class="mb-1"><span class="text-muted">Website:</span> <a href="${escapeHtml(projectUrl)}" target="_blank" rel="noopener" class="underline decoration-dashed">${escapeHtml(projectUrl)}</a></div>`;
        contractInfo.innerHTML = infoHtml;
        attachCopyHandlers(contractInfo);
        contractInfo.classList.remove("hidden");
    } else {
        contractInfo.innerHTML = "";
@@ -312,24 +323,17 @@ function renderTransactions(txs) {
 function init(_ctx) {
    ctx = _ctx;
    $("address-token-full").addEventListener("click", () => {
        const addr = $("address-token-full").dataset.full;
        if (addr) {
            navigator.clipboard.writeText(addr);
            showFlash("Copied!");
        }
    });
    $("address-token-contract-info").addEventListener("click", (e) => {
        const copyEl = e.target.closest("[data-copy]");
        if (copyEl) {
            navigator.clipboard.writeText(copyEl.dataset.copy);
            showFlash("Copied!");
            flashCopyFeedback(copyEl);
        }
    });
    $("btn-address-token-back").addEventListener("click", () => {
-        ctx.showAddressDetail();
+        goBack();
    });
    $("btn-address-token-send").addEventListener("click", () => {
@@ -356,27 +360,14 @@ function init(_ctx) {
        $("send-token").classList.add("hidden");
        let staticHtml = `<div class="font-bold">${escapeHtml(currentSymbol)}</div>`;
        if (tokenId !== "ETH") {
-            const dot = addressDotHtml(tokenId);
+            staticHtml += `<div class="text-xs">${renderAddressHtml(tokenId)}</div>`;
            const link = `https://etherscan.io/token/${tokenId}`;
            const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
            staticHtml +=
                `<div class="flex items-center text-xs">${dot}` +
                `<span class="break-all underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(tokenId)}">${escapeHtml(tokenId)}</span>` +
                extLink +
                `</div>`;
        }
        $("send-token-static").innerHTML = staticHtml;
        $("send-token-static").classList.remove("hidden");
-        // Attach copy handler for the contract address
+        attachCopyHandlers($("send-token-static"));
        const copyEl = $("send-token-static").querySelector("[data-copy]");
        if (copyEl) {
            copyEl.addEventListener("click", () => {
                navigator.clipboard.writeText(copyEl.dataset.copy);
                showFlash("Copied!");
            });
        }
        updateSendBalance();
        resetSendValidation();
        pushCurrentView();
        showView("send");
    });
--- a/src/popup/views/approval.js
+++ b/src/popup/views/approval.js
@@ -1,44 +1,28 @@
 const {
    $,
    addressDotHtml,
    addressTitle,
    escapeHtml,
    showView,
    showError,
    hideError,
    renderAddressHtml,
    attachCopyHandlers,
 } = require("./helpers");
-const { state, saveState } = require("../../shared/state");
+const { state, saveState, currentNetwork } = require("../../shared/state");
 const { formatEther, formatUnits, Interface, toUtf8String } = require("ethers");
 const { getPrice, formatUsd } = require("../../shared/prices");
 const { ERC20_ABI } = require("../../shared/constants");
 const { TOKEN_BY_ADDRESS } = require("../../shared/tokenList");
 const txStatus = require("./txStatus");
 const uniswap = require("../../shared/uniswap");
 const runtime =
    typeof browser !== "undefined" ? browser.runtime : chrome.runtime;
 const EXT_ICON =
    `<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
    `<svg viewBox="0 0 12 12" fill="none" stroke="currentColor" stroke-width="1.5">` +
    `<path d="M4.5 1.5H2a.5.5 0 00-.5.5v8a.5.5 0 00.5.5h8a.5.5 0 00.5-.5V7.5"/>` +
    `<path d="M7 1.5h3.5V5M7 5.5L10.5 1.5"/>` +
    `</svg></span>`;
 const erc20Iface = new Interface(ERC20_ABI);
 function approvalAddressHtml(address) {
    const dot = addressDotHtml(address);
    const link = `https://etherscan.io/address/${address}`;
    const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
    const title = addressTitle(address, state.wallets);
-    let html = "";
+    return renderAddressHtml(address, { title });
    if (title) {
        html += `<div class="flex items-center font-bold">${dot}${escapeHtml(title)}</div>`;
        html += `<div class="break-all">${escapeHtml(address)}${extLink}</div>`;
    } else {
        html += `<div class="flex items-center">${dot}<span class="break-all">${escapeHtml(address)}</span>${extLink}</div>`;
    }
    return html;
 }
 function formatTxValue(val) {
@@ -53,10 +37,6 @@ function tokenLabel(address) {
    return t ? t.symbol : null;
 }
 function etherscanTokenLink(address) {
    return `https://etherscan.io/token/${address}`;
 }
 // Try to decode calldata using known ABIs.
 // Returns { name, description, details } or null.
 function decodeCalldata(data, toAddress) {
@@ -155,7 +135,24 @@ function decodeCalldata(data, toAddress) {
    return null;
 }
 function showPhishingWarning(elementId, isPhishing) {
    const el = $(elementId);
    if (!el) return;
    // The background script performs the authoritative phishing domain check
    // and passes the result via the isPhishingDomain flag.
    if (isPhishing) {
        el.classList.remove("hidden");
    } else {
        el.classList.add("hidden");
    }
 }
 function showTxApproval(details) {
    showPhishingWarning(
        "approve-tx-phishing-warning",
        details.isPhishingDomain,
    );
    const toAddr = details.txParams.to;
    const token = toAddr ? TOKEN_BY_ADDRESS.get(toAddr.toLowerCase()) : null;
    const ethValue = formatEther(details.txParams.value || "0");
@@ -218,17 +215,19 @@ function showTxApproval(details) {
            toHtml += `<div class="font-bold mb-1">${escapeHtml(symbol)}</div>`;
        }
        toHtml += approvalAddressHtml(toAddr);
        if (symbol) {
            const link = etherscanTokenLink(toAddr);
            toHtml = toHtml.replace("</div>", "") + ""; // approvalAddressHtml already has etherscan link
        }
        $("approve-tx-to").innerHTML = toHtml;
    } else {
        $("approve-tx-to").innerHTML = escapeHtml("(contract creation)");
    }
    const ethValueFormatted = formatTxValue(
        formatEther(details.txParams.value || "0"),
    );
    const ethPrice = getPrice("ETH");
    const ethUsd = ethPrice ? parseFloat(ethValueFormatted) * ethPrice : null;
    const usdStr = formatUsd(ethUsd);
    $("approve-tx-value").textContent =
-        formatTxValue(formatEther(details.txParams.value || "0")) + " ETH";
+        ethValueFormatted + " ETH" + (usdStr ? " (" + usdStr + ")" : "");
    // Decode calldata (reuse decoded from above)
    const decodedEl = $("approve-tx-decoded");
@@ -243,12 +242,9 @@ function showTxApproval(details) {
            detailsHtml += `<div class="text-muted">${escapeHtml(d.label)}</div>`;
            if (d.address) {
                if (d.isToken) {
                    const tLink = etherscanTokenLink(d.address);
                    detailsHtml += `<div class="font-bold">${escapeHtml(tokenLabel(d.address) || "Unknown token")}</div>`;
                    detailsHtml += approvalAddressHtml(d.address);
                } else {
                    detailsHtml += approvalAddressHtml(d.address);
                }
                detailsHtml += approvalAddressHtml(d.address);
            } else {
                detailsHtml += `<div class="font-bold">${escapeHtml(d.value)}</div>`;
            }
@@ -269,9 +265,10 @@ function showTxApproval(details) {
    }
    $("approve-tx-password").value = "";
-    $("approve-tx-error").classList.add("hidden");
+    hideError("approve-tx-error");
    showView("approve-tx");
    attachCopyHandlers("view-approve-tx");
 }
 function decodeHexMessage(hex) {
@@ -323,6 +320,11 @@ function formatTypedDataHtml(jsonStr) {
 }
 function showSignApproval(details) {
    showPhishingWarning(
        "approve-sign-phishing-warning",
        details.isPhishingDomain,
    );
    const sp = details.signParams;
    $("approve-sign-hostname").textContent = details.hostname;
@@ -351,10 +353,10 @@ function showSignApproval(details) {
    if (warningEl) {
        if (sp.dangerWarning) {
            warningEl.textContent = sp.dangerWarning;
-            warningEl.classList.remove("hidden");
+            warningEl.style.visibility = "visible";
        } else {
            warningEl.textContent = "";
-            warningEl.classList.add("hidden");
+            warningEl.style.visibility = "hidden";
        }
    }
@@ -364,6 +366,7 @@ function showSignApproval(details) {
    $("btn-approve-sign").classList.remove("text-muted");
    showView("approve-sign");
    attachCopyHandlers("view-approve-sign");
 }
 function show(id) {
@@ -382,10 +385,16 @@ function show(id) {
            showSignApproval(details);
            return;
        }
        // Site connection approval
        showPhishingWarning(
            "approve-site-phishing-warning",
            details.isPhishingDomain,
        );
        $("approve-hostname").textContent = details.hostname;
        $("approve-address").innerHTML = approvalAddressHtml(
            state.activeAddress,
        );
        attachCopyHandlers("view-approve-site");
        $("approve-remember").checked = state.rememberSiteChoice;
    });
 }
--- a/src/popup/views/confirmTx.js
+++ b/src/popup/views/confirmTx.js
@@ -15,28 +15,27 @@ const {
    hideError,
    showView,
    showFlash,
    flashCopyFeedback,
    addressTitle,
    addressDotHtml,
    escapeHtml,
    renderAddressHtml,
    attachCopyHandlers,
    goBack,
 } = require("./helpers");
-const { state } = require("../../shared/state");
+const { state, currentNetwork } = require("../../shared/state");
 const { getSignerForAddress } = require("../../shared/wallet");
 const { decryptWithPassword } = require("../../shared/vault");
 const { formatUsd, getPrice } = require("../../shared/prices");
 const { getProvider } = require("../../shared/balances");
-const { isScamAddress } = require("../../shared/scamlist");
+const {
-const { ERC20_ABI } = require("../../shared/constants");
+    getLocalWarnings,
    getFullWarnings,
 } = require("../../shared/addressWarnings");
 const { ERC20_ABI, isBurnAddress } = require("../../shared/constants");
 const { log } = require("../../shared/log");
 const makeBlockie = require("ethereum-blockies-base64");
 const txStatus = require("./txStatus");
 const EXT_ICON =
    `<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
    `<svg viewBox="0 0 12 12" fill="none" stroke="currentColor" stroke-width="1.5">` +
    `<path d="M4.5 1.5H2a.5.5 0 00-.5.5v8a.5.5 0 00.5.5h8a.5.5 0 00.5-.5V7.5"/>` +
    `<path d="M7 1.5h3.5V5M7 5.5L10.5 1.5"/>` +
    `</svg></span>`;
 let pendingTx = null;
 function restore() {
@@ -46,14 +45,6 @@ function restore() {
    }
 }
 function etherscanTokenLink(address) {
    return `https://etherscan.io/token/${address}`;
 }
 function etherscanAddressLink(address) {
    return `https://etherscan.io/address/${address}`;
 }
 function blockieHtml(address) {
    const src = makeBlockie(address);
    return `<img src="${src}" width="48" height="48" style="image-rendering:pixelated;border-radius:50%;display:inline-block">`;
@@ -61,22 +52,10 @@ function blockieHtml(address) {
 function confirmAddressHtml(address, ensName, title) {
    const blockie = blockieHtml(address);
-    const dot = addressDotHtml(address);
+    return (
-    const link = etherscanAddressLink(address);
+        `<div class="mb-1">${blockie}</div>` +
-    const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
+        renderAddressHtml(address, { title, ensName })
-    let html = `<div class="mb-1">${blockie}</div>`;
+    );
    if (title) {
        html += `<div class="flex items-center font-bold">${dot}${escapeHtml(title)}</div>`;
    }
    if (ensName) {
        html += `<div class="flex items-center font-bold">${title ? "" : dot}${escapeHtml(ensName)}</div>`;
    }
    html +=
        `<div class="flex items-center">${title || ensName ? "" : dot}` +
        `<span class="break-all">${escapeHtml(address)}</span>` +
        extLink +
        `</div>`;
    return html;
 }
 function valueWithUsd(text, usdAmount) {
@@ -103,22 +82,12 @@ function show(txInfo) {
    // Token contract section (ERC-20 only)
    const tokenSection = $("confirm-token-section");
    if (isErc20) {
-        const dot = addressDotHtml(txInfo.token);
+        $("confirm-token-contract").innerHTML = renderAddressHtml(
-        const link = etherscanTokenLink(txInfo.token);
+            txInfo.token,
-        $("confirm-token-contract").innerHTML =
+            {},
-            `<div class="flex items-center">${dot}` +
+        );
            `<span class="break-all underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(txInfo.token)}">${escapeHtml(txInfo.token)}</span>` +
            `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>` +
            `</div>`;
        tokenSection.classList.remove("hidden");
-        // Attach click-to-copy on the contract address
+        attachCopyHandlers(tokenSection);
        const copyEl = tokenSection.querySelector("[data-copy]");
        if (copyEl) {
            copyEl.onclick = () => {
                navigator.clipboard.writeText(copyEl.dataset.copy);
                showFlash("Copied!");
            };
        }
    } else {
        tokenSection.classList.add("hidden");
    }
@@ -165,28 +134,23 @@ function show(txInfo) {
        $("confirm-balance").textContent = valueWithUsd(bal + " ETH", balUsd);
    }
-    // Check for warnings
+    // Check for warnings (synchronous local checks)
-    const warnings = [];
+    const localWarnings = getLocalWarnings(txInfo.to, {
-    if (isScamAddress(txInfo.to)) {
+        fromAddress: txInfo.from,
-        warnings.push(
+    });
            "This address is on a known scam/fraud list. Do not send funds to this address.",
        );
    }
    if (txInfo.to.toLowerCase() === txInfo.from.toLowerCase()) {
        warnings.push("You are sending to your own address.");
    }
    const warningsEl = $("confirm-warnings");
-    if (warnings.length > 0) {
+    if (localWarnings.length > 0) {
-        warningsEl.innerHTML = warnings
+        warningsEl.innerHTML = localWarnings
            .map(
                (w) =>
-                    `<div class="border border-border border-dashed p-2 mb-1 text-xs font-bold">WARNING: ${w}</div>`,
+                    `<div class="border border-border border-dashed p-2 mb-1 text-xs font-bold">WARNING: ${w.message}</div>`,
            )
            .join("");
-        warningsEl.classList.remove("hidden");
+        warningsEl.style.visibility = "visible";
    } else {
-        warningsEl.classList.add("hidden");
+        warningsEl.innerHTML = "";
        warningsEl.style.visibility = "hidden";
    }
    // Check for errors
@@ -224,11 +188,12 @@ function show(txInfo) {
        errorsEl.innerHTML = errors
            .map((e) => `<div class="text-xs">${e}</div>`)
            .join("");
-        errorsEl.classList.remove("hidden");
+        errorsEl.style.visibility = "visible";
        sendBtn.disabled = true;
        sendBtn.classList.add("text-muted");
    } else {
-        errorsEl.classList.add("hidden");
+        errorsEl.innerHTML = "";
        errorsEl.style.visibility = "hidden";
        sendBtn.disabled = false;
        sendBtn.classList.remove("text-muted");
    }
@@ -238,12 +203,25 @@ function show(txInfo) {
    hideError("confirm-tx-password-error");
    // Gas estimate — show placeholder then fetch async
-    $("confirm-fee").classList.remove("hidden");
+    $("confirm-fee").style.visibility = "visible";
    $("confirm-fee-amount").textContent = "Estimating...";
    state.viewData = { pendingTx: txInfo };
    showView("confirm-tx");
    attachCopyHandlers("view-confirm-tx");
    // Reset async warnings to hidden (space always reserved, no layout shift)
    $("confirm-recipient-warning").style.visibility = "hidden";
    $("confirm-contract-warning").style.visibility = "hidden";
    $("confirm-burn-warning").style.visibility = "hidden";
    $("confirm-etherscan-warning").style.visibility = "hidden";
    // Show burn warning via reserved element (in addition to inline warning)
    if (isBurnAddress(txInfo.to)) {
        $("confirm-burn-warning").style.visibility = "visible";
    }
    estimateGas(txInfo);
    checkRecipientHistory(txInfo);
 }
 async function estimateGas(txInfo) {
@@ -286,6 +264,28 @@ async function estimateGas(txInfo) {
    }
 }
 async function checkRecipientHistory(txInfo) {
    try {
        const provider = getProvider(state.rpcUrl);
        const asyncWarnings = await getFullWarnings(txInfo.to, provider, {
            fromAddress: txInfo.from,
        });
        for (const w of asyncWarnings) {
            if (w.type === "contract") {
                $("confirm-contract-warning").style.visibility = "visible";
            }
            if (w.type === "new-address") {
                $("confirm-recipient-warning").style.visibility = "visible";
            }
            if (w.type === "etherscan-phishing") {
                $("confirm-etherscan-warning").style.visibility = "visible";
            }
        }
    } catch (e) {
        log.errorf("recipient history check failed:", e.message);
    }
 }
 function init(ctx) {
    $("btn-confirm-send").addEventListener("click", async () => {
        const password = $("confirm-tx-password").value;
@@ -356,7 +356,7 @@ function init(ctx) {
    });
    $("btn-confirm-back").addEventListener("click", () => {
-        showView("send");
+        goBack();
    });
 }
--- a/src/popup/views/deleteWallet.js
+++ b/src/popup/views/deleteWallet.js
@@ -1,4 +1,4 @@
-const { $, showView, showFlash } = require("./helpers");
+const { $, showView, showFlash, goBack, clearViewStack } = require("./helpers");
 const { state, saveState } = require("../../shared/state");
 const { decryptWithPassword } = require("../../shared/vault");
@@ -12,7 +12,7 @@ function show(walletIdx) {
        wallet.name || "Wallet " + (walletIdx + 1);
    $("delete-wallet-password").value = "";
    $("delete-wallet-flash").textContent = "";
-    $("delete-wallet-flash").classList.add("hidden");
+    $("delete-wallet-flash").style.visibility = "hidden";
    showView("delete-wallet-confirm");
 }
@@ -21,7 +21,7 @@ function init(_ctx) {
    $("btn-delete-wallet-back").addEventListener("click", () => {
        deleteWalletIndex = null;
-        ctx.showSettingsView();
+        goBack();
    });
    $("btn-delete-wallet-confirm").addEventListener("click", async () => {
@@ -29,14 +29,14 @@ function init(_ctx) {
        if (!pw) {
            $("delete-wallet-flash").textContent =
                "Please enter your password.";
-            $("delete-wallet-flash").classList.remove("hidden");
+            $("delete-wallet-flash").style.visibility = "visible";
            return;
        }
        if (deleteWalletIndex === null) {
            $("delete-wallet-flash").textContent =
                "No wallet selected for deletion.";
-            $("delete-wallet-flash").classList.remove("hidden");
+            $("delete-wallet-flash").style.visibility = "visible";
            return;
        }
@@ -52,7 +52,7 @@ function init(_ctx) {
            await decryptWithPassword(wallet.encryptedSecret, pw);
        } catch (_e) {
            $("delete-wallet-flash").textContent = "Wrong password.";
-            $("delete-wallet-flash").classList.remove("hidden");
+            $("delete-wallet-flash").style.visibility = "visible";
            btn.disabled = false;
            btn.classList.remove("text-muted");
            return;
@@ -77,6 +77,7 @@ function init(_ctx) {
            state.selectedWallet = null;
            state.selectedAddress = null;
            state.activeAddress = null;
            clearViewStack();
            await saveState();
            showView("welcome");
        } else {
@@ -86,8 +87,14 @@ function init(_ctx) {
            state.activeAddress =
                state.wallets[0].addresses[0]?.address || null;
            await saveState();
            // Reset stack to [main] so Settings back goes home.
            // Use require() lazily to avoid circular dependency
            // (settings.js requires deleteWallet.js).
            clearViewStack();
            state.viewStack.push("main");
            ctx.renderWalletList();
-            ctx.showSettingsView();
+            const settings = require("./settings");
            settings.show();
            showFlash("Wallet deleted.");
        }
    });
--- a/src/popup/views/helpers.js
+++ b/src/popup/views/helpers.js
@@ -1,19 +1,19 @@
 // Shared DOM helpers used by all views.
 const { DEBUG } = require("../../shared/constants");
 const { isDebug } = require("../../shared/log");
 const {
    formatUsd,
    getPrice,
    getAddressValueUsd,
 } = require("../../shared/prices");
-const { state, saveState } = require("../../shared/state");
+const { state, saveState, currentNetwork } = require("../../shared/state");
 // When views are added, removed, or transitions between them change,
 // update the view-navigation documentation in README.md to match.
 const VIEWS = [
    "welcome",
    "add-wallet",
    "import-key",
    "main",
    "address",
    "address-token",
@@ -41,11 +41,13 @@ function $(id) {
 function showError(id, msg) {
    const el = $(id);
    el.textContent = msg;
-    el.classList.remove("hidden");
+    el.style.visibility = "visible";
 }
 function hideError(id) {
-    $(id).classList.add("hidden");
+    const el = $(id);
    el.textContent = "";
    el.style.visibility = "hidden";
 }
 function showView(name) {
@@ -58,12 +60,75 @@ function showView(name) {
    clearFlash();
    state.currentView = name;
    saveState();
-    if (DEBUG) {
+    updateDebugBanner(name);
-        const banner = document.getElementById("debug-banner");
+}
-        if (banner) {
+
-            banner.textContent = "DEBUG / INSECURE (" + name + ")";
+// Create or update the debug/insecure warning banner.
 // Called on every view switch and after the settings debug toggle changes.
 // The banner is shown when the compile-time DEBUG constant is true OR when
 // the user has enabled runtime debug mode via the settings easter egg, OR
 // when the active network is a testnet.
 function updateDebugBanner(viewName) {
    const debug = isDebug();
    const net = currentNetwork();
    const show = debug || net.isTestnet;
    let banner = document.getElementById("debug-banner");
    if (show) {
        if (!banner) {
            banner = document.createElement("div");
            banner.id = "debug-banner";
            banner.style.cssText =
                "background:#c00;color:#fff;text-align:center;font-size:10px;padding:1px 0;font-family:monospace;position:sticky;top:0;z-index:9999;";
            document.body.prepend(banner);
        }
        const suffix = viewName ? " (" + viewName + ")" : "";
        if (debug && net.isTestnet) {
            banner.textContent = "DEBUG / INSECURE [TESTNET]" + suffix;
        } else if (net.isTestnet) {
            banner.textContent = "[TESTNET]" + suffix;
        } else {
            banner.textContent = "DEBUG / INSECURE" + suffix;
        }
    } else if (banner) {
        banner.remove();
    }
 }
 // Callback to re-render the main/home view when navigating back to it.
 // Set once by index.js via setRenderMain().
 let _renderMain = null;
 function setRenderMain(fn) {
    _renderMain = fn;
 }
 // Push the current view onto the navigation stack so goBack() can
 // return to it.  Call this before any forward navigation.
 function pushCurrentView() {
    if (state.currentView) {
        state.viewStack.push(state.currentView);
    }
 }
 // Pop the navigation stack and show the previous view.  If the stack
 // is empty, fall back to the main (home) view.
 function goBack() {
    let target;
    if (state.viewStack.length > 0) {
        target = state.viewStack.pop();
    } else {
        target = "main";
    }
    if (target === "main" && _renderMain) {
        _renderMain();
    }
    showView(target);
 }
 // Clear the entire navigation stack (used when resetting to root,
 // e.g. after adding or deleting a wallet).
 function clearViewStack() {
    state.viewStack = [];
 }
 let flashTimer = null;
@@ -207,38 +272,47 @@ function addressTitle(address, wallets) {
 // Render an address with color dot, optional ENS name, optional title,
 // and optional truncation. Title and ENS are shown as bold labels above
 // the full address.
 // Delegates to renderAddressHtml for consistent output.
 function formatAddressHtml(address, ensName, maxLen, title) {
-    const dot = addressDotHtml(address);
+    return renderAddressHtml(address, { title, ensName, maxLen });
    const displayAddr = maxLen ? truncateMiddle(address, maxLen) : address;
    if (title || ensName) {
        let html = "";
        if (title) {
            html += `<div class="flex items-center font-bold">${dot}${escapeHtml(title)}</div>`;
        }
        if (ensName) {
            html += `<div class="flex items-center font-bold">${title ? "" : dot}${escapeHtml(ensName)}</div>`;
        }
        html += `<div class="break-all">${escapeHtml(displayAddr)}</div>`;
        return html;
    }
    return `<div class="flex items-center">${dot}<span class="break-all">${escapeHtml(displayAddr)}</span></div>`;
 }
 function isoDate(timestamp) {
    const d = new Date(timestamp * 1000);
    const pad = (n) => String(n).padStart(2, "0");
    if (state.utcTimestamps) {
        return (
            d.getUTCFullYear() +
            "-" +
            pad(d.getUTCMonth() + 1) +
            "-" +
            pad(d.getUTCDate()) +
            "T" +
            pad(d.getUTCHours()) +
            ":" +
            pad(d.getUTCMinutes()) +
            ":" +
            pad(d.getUTCSeconds()) +
            "Z"
        );
    }
    const offsetMin = -d.getTimezoneOffset();
    const sign = offsetMin >= 0 ? "+" : "-";
    const absOff = Math.abs(offsetMin);
    const tzStr = sign + pad(Math.floor(absOff / 60)) + ":" + pad(absOff % 60);
    return (
        d.getFullYear() +
        "-" +
        pad(d.getMonth() + 1) +
        "-" +
        pad(d.getDate()) +
-        " " +
+        "T" +
        pad(d.getHours()) +
        ":" +
        pad(d.getMinutes()) +
        ":" +
-        pad(d.getSeconds())
+        pad(d.getSeconds()) +
        tzStr
    );
 }
@@ -259,12 +333,116 @@ function timeAgo(timestamp) {
    return years + " year" + (years !== 1 ? "s" : "") + " ago";
 }
 // Shared external-link icon SVG used across all views.
 const EXT_ICON =
    `<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
    `<svg viewBox="0 0 12 12" fill="none" stroke="currentColor" stroke-width="1.5">` +
    `<path d="M4.5 1.5H2a.5.5 0 00-.5.5v8a.5.5 0 00.5.5h8a.5.5 0 00.5-.5V7.5"/>` +
    `<path d="M7 1.5h3.5V5M7 5.5L10.5 1.5"/>` +
    `</svg></span>`;
 function etherscanAddressUrl(address) {
    return `${currentNetwork().explorerUrl}/address/${address}`;
 }
 function etherscanLinkHtml(url) {
    return (
        `<a href="${url}" target="_blank" rel="noopener" ` +
        `class="inline-flex items-center">${EXT_ICON}</a>`
    );
 }
 // Render a copyable text span with dashed underline affordance.
 // The caller must attach click handlers via attachCopyHandlers() or
 // manually wire up [data-copy] elements after inserting the HTML.
 function copyableHtml(text, extraClass) {
    const cls =
        "underline decoration-dashed cursor-pointer" +
        (extraClass ? " " + extraClass : "");
    return `<span class="${cls}" data-copy="${escapeHtml(text)}">${escapeHtml(text)}</span>`;
 }
 // Attach click-to-copy handlers to all [data-copy] elements within
 // a container.  Safe to call multiple times on the same container.
 function attachCopyHandlers(container) {
    const root =
        typeof container === "string"
            ? document.getElementById(container)
            : container;
    if (!root) return;
    root.querySelectorAll("[data-copy]").forEach((el) => {
        el.onclick = () => {
            navigator.clipboard.writeText(el.dataset.copy);
            showFlash("Copied!");
            flashCopyFeedback(el);
        };
    });
 }
 // Unified address rendering.
 //
 // Produces consistent HTML for any Ethereum address:
 //   • Color dot
 //   • Optional title (e.g. "Wallet 1 — Address 2") shown bold above address
 //   • Optional ENS name shown bold above address
 //   • Full address (or truncated via maxLen) with dashed-underline click-to-copy
 //   • Etherscan external link icon
 //
 // Options object:
 //   title    — wallet title string (from addressTitle)
 //   ensName  — ENS name string
 //   maxLen   — if set, truncate address display (min 32 chars enforced)
 //   noLink   — if true, omit etherscan link
 //
 // After inserting the returned HTML into the DOM, call
 // attachCopyHandlers() on the parent to wire up click-to-copy.
 function renderAddressHtml(address, opts) {
    const { title, ensName, maxLen, noLink } = opts || {};
    const dot = addressDotHtml(address);
    const displayAddr = maxLen ? truncateMiddle(address, maxLen) : address;
    const link = etherscanAddressUrl(address);
    const extLink = noLink ? "" : etherscanLinkHtml(link);
    let html = "";
    if (title) {
        html += `<div class="flex items-center font-bold">${dot}${escapeHtml(title)}</div>`;
    }
    if (ensName) {
        html += `<div class="flex items-center font-bold">${title ? "" : dot}${escapeHtml(ensName)}</div>`;
    }
    if (title || ensName) {
        html += `<div class="flex items-center">${copyableHtml(displayAddr, "break-all")}${extLink}</div>`;
    } else {
        html += `<div class="flex items-center">${dot}${copyableHtml(displayAddr, "break-all")}${extLink}</div>`;
    }
    return html;
 }
 function flashCopyFeedback(el) {
    if (!el) return;
    el.classList.remove("copy-flash-fade");
    el.classList.add("copy-flash-active");
    setTimeout(() => {
        el.classList.remove("copy-flash-active");
        el.classList.add("copy-flash-fade");
        setTimeout(() => {
            el.classList.remove("copy-flash-fade");
        }, 275);
    }, 75);
 }
 module.exports = {
    $,
    showError,
    hideError,
    showView,
    updateDebugBanner,
    setRenderMain,
    pushCurrentView,
    goBack,
    clearViewStack,
    showFlash,
    flashCopyFeedback,
    balanceLine,
    balanceLinesForAddress,
    addressColor,
@@ -272,6 +450,12 @@ module.exports = {
    escapeHtml,
    addressTitle,
    formatAddressHtml,
    renderAddressHtml,
    copyableHtml,
    attachCopyHandlers,
    etherscanAddressUrl,
    etherscanLinkHtml,
    EXT_ICON,
    truncateMiddle,
    isoDate,
    timeAgo,
--- a/src/popup/views/home.js
+++ b/src/popup/views/home.js
@@ -2,6 +2,7 @@ const {
    $,
    showView,
    showFlash,
    flashCopyFeedback,
    balanceLinesForAddress,
    isoDate,
    timeAgo,
@@ -9,6 +10,9 @@ const {
    addressTitle,
    escapeHtml,
    truncateMiddle,
    renderAddressHtml,
    attachCopyHandlers,
    pushCurrentView,
 } = require("./helpers");
 const { state, saveState, currentAddress } = require("../../shared/state");
 const {
@@ -68,27 +72,12 @@ function renderTotalValue() {
    }
 }
 const EXT_ICON =
    `<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
    `<svg viewBox="0 0 12 12" fill="none" stroke="currentColor" stroke-width="1.5">` +
    `<path d="M4.5 1.5H2a.5.5 0 00-.5.5v8a.5.5 0 00.5.5h8a.5.5 0 00.5-.5V7.5"/>` +
    `<path d="M7 1.5h3.5V5M7 5.5L10.5 1.5"/>` +
    `</svg></span>`;
 function renderActiveAddress() {
    const el = $("active-address-display");
    if (!el) return;
    if (state.activeAddress) {
-        const addr = state.activeAddress;
+        el.innerHTML = renderAddressHtml(state.activeAddress);
-        const dot = addressDotHtml(addr);
+        attachCopyHandlers(el);
        const link = `https://etherscan.io/address/${addr}`;
        el.innerHTML =
            `<span class="underline decoration-dashed cursor-pointer" id="active-addr-copy">${dot}${escapeHtml(addr)}</span>` +
            `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
        $("active-addr-copy").addEventListener("click", () => {
            navigator.clipboard.writeText(addr);
            showFlash("Copied!");
        });
    } else {
        el.textContent = "";
    }
@@ -239,7 +228,7 @@ function render(ctx) {
        html += `<div>`;
        html += `<div class="flex justify-between items-center bg-section py-1 px-2" style="margin:0 -0.5rem">`;
        html += `<span class="font-bold cursor-pointer wallet-name underline decoration-dashed" data-wallet="${wi}">${wallet.name}</span>`;
-        if (wallet.type === "hd") {
+        if (wallet.type === "hd" || wallet.type === "xprv") {
            html += `<button class="btn-add-address border border-border px-1 hover:bg-fg hover:text-bg cursor-pointer text-xs" data-wallet="${wi}" title="Add another address to this wallet">+</button>`;
        }
        html += `</div>`;
@@ -393,6 +382,7 @@ function init(ctx) {
        renderSendTokenSelect(addr);
        updateSendBalance();
        resetSendValidation();
        pushCurrentView();
        showView("send");
    });
--- a/src/popup/views/importKey.js
+++ b/src/popup/views/importKey.js
@@ -1,69 +0,0 @@
 const { $, showView, showFlash } = require("./helpers");
 const { addressFromPrivateKey } = require("../../shared/wallet");
 const { encryptWithPassword } = require("../../shared/vault");
 const { state, saveState } = require("../../shared/state");
 function show() {
    $("import-private-key").value = "";
    $("import-key-password").value = "";
    $("import-key-password-confirm").value = "";
    showView("import-key");
 }
 function init(ctx) {
    $("btn-import-key-confirm").addEventListener("click", async () => {
        const key = $("import-private-key").value.trim();
        if (!key) {
            showFlash("Please enter your private key.");
            return;
        }
        let addr;
        try {
            addr = addressFromPrivateKey(key);
        } catch (e) {
            showFlash("Invalid private key.");
            return;
        }
        const pw = $("import-key-password").value;
        const pw2 = $("import-key-password-confirm").value;
        if (!pw) {
            showFlash("Please choose a password.");
            return;
        }
        if (pw.length < 12) {
            showFlash("Password must be at least 12 characters.");
            return;
        }
        if (pw !== pw2) {
            showFlash("Passwords do not match.");
            return;
        }
        const encrypted = await encryptWithPassword(key, pw);
        const walletNum = state.wallets.length + 1;
        state.wallets.push({
            type: "key",
            name: "Wallet " + walletNum,
            encryptedSecret: encrypted,
            addresses: [
                { address: addr, balance: "0.0000", tokenBalances: [] },
            ],
        });
        state.hasWallet = true;
        await saveState();
        ctx.renderWalletList();
        showView("main");
        ctx.doRefreshAndRender();
    });
    $("btn-import-key-back").addEventListener("click", () => {
        if (!state.hasWallet) {
            showView("welcome");
        } else {
            ctx.renderWalletList();
            showView("main");
        }
    });
 }
 module.exports = { init, show };
--- a/src/popup/views/receive.js
+++ b/src/popup/views/receive.js
@@ -2,19 +2,15 @@ const {
    $,
    showView,
    showFlash,
    flashCopyFeedback,
    formatAddressHtml,
    addressTitle,
    attachCopyHandlers,
    goBack,
 } = require("./helpers");
-const { state, currentAddress } = require("../../shared/state");
+const { state, currentAddress, currentNetwork } = require("../../shared/state");
 const QRCode = require("qrcode");
 const EXT_ICON =
    `<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
    `<svg viewBox="0 0 12 12" fill="none" stroke="currentColor" stroke-width="1.5">` +
    `<path d="M4.5 1.5H2a.5.5 0 00-.5.5v8a.5.5 0 00.5.5h8a.5.5 0 00.5-.5V7.5"/>` +
    `<path d="M7 1.5h3.5V5M7 5.5L10.5 1.5"/>` +
    `</svg></span>`;
 function show() {
    const addr = currentAddress();
    const address = addr ? addr.address : "";
@@ -24,10 +20,8 @@ function show() {
        ? formatAddressHtml(address, ensName, null, title)
        : "";
    $("receive-address-block").dataset.full = address;
-    const link = address ? `https://etherscan.io/address/${address}` : "";
+    // Etherscan link is now included in formatAddressHtml via renderAddressHtml
-    $("receive-etherscan-link").innerHTML = link
+    $("receive-etherscan-link").innerHTML = "";
        ? `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`
        : "";
    if (address) {
        QRCode.toCanvas($("receive-qr"), address, {
            width: 200,
@@ -51,37 +45,30 @@ function show() {
        warningEl.textContent =
            "This is an ERC-20 token. Only send " +
            symbol +
-            " on the Ethereum network to this address. Sending tokens on other networks will result in permanent loss.";
+            " on " +
-        warningEl.classList.remove("hidden");
+            currentNetwork().name +
            " to this address. Sending tokens on other networks will result in permanent loss.";
        warningEl.style.visibility = "visible";
    } else {
-        warningEl.classList.add("hidden");
+        warningEl.textContent = "";
        warningEl.style.visibility = "hidden";
    }
    showView("receive");
    attachCopyHandlers("view-receive");
 }
 function init(ctx) {
    $("receive-address-block").addEventListener("click", () => {
        const addr = $("receive-address-block").dataset.full;
        if (addr) {
            navigator.clipboard.writeText(addr);
            showFlash("Copied!");
        }
    });
    $("btn-receive-copy").addEventListener("click", () => {
        const addr = $("receive-address-block").dataset.full;
        if (addr) {
            navigator.clipboard.writeText(addr);
            showFlash("Copied!");
            flashCopyFeedback($("receive-address-block"));
        }
    });
    $("btn-receive-back").addEventListener("click", () => {
-        if (state.selectedToken) {
+        goBack();
            ctx.showAddressToken();
        } else {
            ctx.showAddressDetail();
        }
    });
 }
--- a/src/popup/views/send.js
+++ b/src/popup/views/send.js
@@ -3,9 +3,11 @@
 const {
    $,
    showFlash,
    addressDotHtml,
    addressTitle,
    escapeHtml,
    renderAddressHtml,
    attachCopyHandlers,
    goBack,
 } = require("./helpers");
 const { state, currentAddress } = require("../../shared/state");
 let ctx;
@@ -113,13 +115,6 @@ function updateToValidation() {
    }
 }
 const EXT_ICON =
    `<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
    `<svg viewBox="0 0 12 12" fill="none" stroke="currentColor" stroke-width="1.5">` +
    `<path d="M4.5 1.5H2a.5.5 0 00-.5.5v8a.5.5 0 00.5.5h8a.5.5 0 00.5-.5V7.5"/>` +
    `<path d="M7 1.5h3.5V5M7 5.5L10.5 1.5"/>` +
    `</svg></span>`;
 function isSpoofedToken(t) {
    const upper = (t.symbol || "").toUpperCase();
    if (!KNOWN_SYMBOLS.has(upper)) return false;
@@ -148,24 +143,12 @@ function renderSendTokenSelect(addr) {
 function updateSendBalance() {
    const addr = currentAddress();
    if (!addr) return;
    const dot = addressDotHtml(addr.address);
    const link = `https://etherscan.io/address/${addr.address}`;
    const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
    const title = addressTitle(addr.address, state.wallets);
-    let fromHtml = "";
+    $("send-from").innerHTML = renderAddressHtml(addr.address, {
-    if (title) {
+        title,
-        fromHtml += `<div class="flex items-center font-bold">${dot}${escapeHtml(title)}</div>`;
+        ensName: addr.ensName,
-        if (addr.ensName) {
+    });
-            fromHtml += `<div>${escapeHtml(addr.ensName)}</div>`;
+    attachCopyHandlers($("send-from"));
        }
        fromHtml += `<div class="break-all">${escapeHtml(addr.address)}${extLink}</div>`;
    } else if (addr.ensName) {
        fromHtml += `<div class="flex items-center font-bold">${dot}${escapeHtml(addr.ensName)}</div>`;
        fromHtml += `<div class="break-all">${escapeHtml(addr.address)}${extLink}</div>`;
    } else {
        fromHtml += `<div class="flex items-center">${dot}<span class="break-all">${escapeHtml(addr.address)}</span>${extLink}</div>`;
    }
    $("send-from").innerHTML = fromHtml;
    const token = state.selectedToken || $("send-token").value;
    if (token === "ETH") {
        $("send-balance").textContent =
@@ -268,11 +251,7 @@ function init(_ctx) {
    $("btn-send-back").addEventListener("click", () => {
        $("send-token").classList.remove("hidden");
        $("send-token-static").classList.add("hidden");
-        if (state.selectedToken) {
+        goBack();
            ctx.showAddressToken();
        } else {
            ctx.showAddressDetail();
        }
    });
 }
--- a/src/popup/views/settings.js
+++ b/src/popup/views/settings.js
@@ -1,12 +1,34 @@
-const { $, showView, showFlash, escapeHtml } = require("./helpers");
+const {
-const { state, saveState } = require("../../shared/state");
+    $,
-const { ETHEREUM_MAINNET_CHAIN_ID } = require("../../shared/constants");
+    showView,
-const { log, debugFetch } = require("../../shared/log");
+    updateDebugBanner,
    showFlash,
    escapeHtml,
    flashCopyFeedback,
    goBack,
    pushCurrentView,
 } = require("./helpers");
 const { applyTheme } = require("../theme");
 const { state, saveState, currentNetwork } = require("../../shared/state");
 const { NETWORKS, SUPPORTED_CHAIN_IDS } = require("../../shared/networks");
 const { onChainSwitch } = require("../../shared/chainSwitch");
 const { log, debugFetch, setRuntimeDebug } = require("../../shared/log");
 const deleteWallet = require("./deleteWallet");
 const {
    BUILD_VERSION,
    BUILD_LICENSE,
    BUILD_AUTHOR,
    BUILD_COMMIT,
    BUILD_DATE,
    GITEA_COMMIT_URL,
 } = require("../../shared/buildInfo");
 const runtime =
    typeof browser !== "undefined" ? browser.runtime : chrome.runtime;
 let versionClickCount = 0;
 let versionClickTimer = null;
 function renderSiteList(containerId, siteMap, stateKey) {
    const container = $(containerId);
    const hostnames = [...new Set(Object.values(siteMap).flat())];
@@ -84,6 +106,7 @@ function renderWalletListSettings() {
    container.querySelectorAll(".btn-delete-wallet").forEach((btn) => {
        btn.addEventListener("click", () => {
            const idx = parseInt(btn.dataset.idx, 10);
            pushCurrentView();
            deleteWallet.show(idx);
        });
    });
@@ -124,10 +147,36 @@ function renderWalletListSettings() {
 function show() {
    $("settings-rpc").value = state.rpcUrl;
    $("settings-blockscout").value = state.blockscoutUrl;
    const networkSelect = $("settings-network");
    if (networkSelect) {
        networkSelect.value = state.networkId;
    }
    renderTrackedTokens();
    renderSiteLists();
    renderWalletListSettings();
    // Populate About well
    $("about-license").textContent = BUILD_LICENSE;
    // Show only the name part of the author field (strip email)
    const authorName = BUILD_AUTHOR.replace(/\s*<[^>]+>/, "");
    $("about-author").textContent = authorName;
    $("about-version").textContent = BUILD_VERSION;
    $("about-release-date").textContent = BUILD_DATE;
    $("about-commit-link").textContent = BUILD_COMMIT;
    $("about-commit-link").href = GITEA_COMMIT_URL;
    // Reset version click counter each time settings opens
    versionClickCount = 0;
    // Show debug well if debug mode is already enabled
    const debugWell = $("settings-debug-well");
    if (state.debugMode) {
        debugWell.style.display = "";
    } else {
        debugWell.style.display = "none";
    }
    $("settings-debug-mode").checked = state.debugMode;
    showView("settings");
 }
@@ -167,9 +216,12 @@ function init(ctx) {
                showFlash("Endpoint returned error: " + json.error.message);
                return;
            }
-            if (json.result !== ETHEREUM_MAINNET_CHAIN_ID) {
+            const net = currentNetwork();
            if (json.result !== net.chainId) {
                showFlash(
-                    "Wrong network (expected mainnet, got chain " +
+                    "Wrong network (expected " +
                        net.name +
                        ", got chain " +
                        json.result +
                        ").",
                );
@@ -208,12 +260,30 @@ function init(ctx) {
        showFlash("Saved.");
    });
    const networkSelect = $("settings-network");
    if (networkSelect) {
        networkSelect.addEventListener("change", async () => {
            const newId = networkSelect.value;
            const net = await onChainSwitch(newId);
            $("settings-rpc").value = state.rpcUrl;
            $("settings-blockscout").value = state.blockscoutUrl;
            showFlash("Switched to " + net.name + ".");
        });
    }
    $("settings-show-zero-balances").checked = state.showZeroBalanceTokens;
    $("settings-show-zero-balances").addEventListener("change", async () => {
        state.showZeroBalanceTokens = $("settings-show-zero-balances").checked;
        await saveState();
    });
    $("settings-theme").value = state.theme;
    $("settings-theme").addEventListener("change", async () => {
        state.theme = $("settings-theme").value;
        await saveState();
        applyTheme(state.theme);
    });
    $("settings-hide-low-holders").checked = state.hideLowHolderTokens;
    $("settings-hide-low-holders").addEventListener("change", async () => {
        state.hideLowHolderTokens = $("settings-hide-low-holders").checked;
@@ -241,6 +311,12 @@ function init(ctx) {
        }
    });
    $("settings-utc-timestamps").checked = state.utcTimestamps;
    $("settings-utc-timestamps").addEventListener("change", async () => {
        state.utcTimestamps = $("settings-utc-timestamps").checked;
        await saveState();
    });
    $("btn-main-add-wallet").addEventListener("click", ctx.showAddWalletView);
    $("btn-settings-add-token").addEventListener(
@@ -248,9 +324,68 @@ function init(ctx) {
        ctx.showSettingsAddTokenView,
    );
    // Bright saturated colors for easter egg flashes (clicks 6–10)
    const easterEggColors = [
        "#ff0055", // hot pink
        "#00cc44", // vivid green
        "#3366ff", // electric blue
        "#ff9900", // bright orange
        "#aa00ff", // vivid purple
    ];
    // Easter egg: click version 10 times to reveal the debug well.
    // Each click does a copy-flash animation. After 5 clicks, each
    // additional click flashes a different bright saturated color.
    $("about-version").addEventListener("click", () => {
        versionClickCount++;
        clearTimeout(versionClickTimer);
        // Reset counter if user stops clicking for 3 seconds
        versionClickTimer = setTimeout(() => {
            versionClickCount = 0;
        }, 3000);
        const el = $("about-version");
        if (versionClickCount > 5) {
            // Colored flash for clicks 6–10
            const colorIdx = versionClickCount - 6;
            const color = easterEggColors[colorIdx % easterEggColors.length];
            el.classList.remove("copy-flash-fade");
            el.style.backgroundColor = color;
            el.style.color = "#ffffff";
            setTimeout(() => {
                el.style.backgroundColor = "";
                el.style.color = "";
                el.classList.add("copy-flash-fade");
                setTimeout(() => {
                    el.classList.remove("copy-flash-fade");
                }, 275);
            }, 75);
        } else {
            // Standard copy-flash for clicks 1–5
            flashCopyFeedback(el);
        }
        if (versionClickCount >= 10) {
            versionClickCount = 0;
            clearTimeout(versionClickTimer);
            $("settings-debug-well").style.display = "";
        }
    });
    // Debug mode toggle — update runtime flag, persist, and re-render banner
    $("settings-debug-mode").addEventListener("change", async () => {
        state.debugMode = $("settings-debug-mode").checked;
        setRuntimeDebug(state.debugMode);
        await saveState();
        updateDebugBanner(state.currentView);
    });
    // Sync runtime debug flag on init
    setRuntimeDebug(state.debugMode);
    $("btn-settings-back").addEventListener("click", () => {
-        ctx.renderWalletList();
+        goBack();
        showView("main");
    });
 }
--- a/src/popup/views/settingsAddToken.js
+++ b/src/popup/views/settingsAddToken.js
@@ -1,4 +1,4 @@
-const { $, showView, showFlash } = require("./helpers");
+const { $, showView, showFlash, goBack } = require("./helpers");
 const { getTopTokens } = require("../../shared/tokenList");
 const { state, saveState } = require("../../shared/state");
 const { lookupTokenInfo } = require("../../shared/balances");
@@ -73,7 +73,8 @@ function renderDropdown() {
 function show() {
    $("settings-addtoken-address").value = "";
-    $("settings-addtoken-info").classList.add("hidden");
+    $("settings-addtoken-info").textContent = "";
    $("settings-addtoken-info").style.visibility = "hidden";
    renderTop10();
    renderDropdown();
    showView("settings-addtoken");
@@ -83,7 +84,7 @@ function init(_ctx) {
    ctx = _ctx;
    $("btn-settings-addtoken-back").addEventListener("click", () => {
-        ctx.showSettingsView();
+        goBack();
    });
    $("btn-settings-addtoken-select").addEventListener("click", async () => {
@@ -129,7 +130,7 @@ function init(_ctx) {
        }
        const infoEl = $("settings-addtoken-info");
        infoEl.textContent = "Looking up token...";
-        infoEl.classList.remove("hidden");
+        infoEl.style.visibility = "visible";
        log.debugf("Looking up token contract", addr);
        try {
            const info = await lookupTokenInfo(addr, state.rpcUrl);
@@ -143,7 +144,8 @@ function init(_ctx) {
            await saveState();
            showFlash("Added " + info.symbol);
            $("settings-addtoken-address").value = "";
-            infoEl.classList.add("hidden");
+            infoEl.textContent = "";
            infoEl.style.visibility = "hidden";
            renderTop10();
            renderDropdown();
            ctx.doRefreshAndRender();
@@ -151,7 +153,8 @@ function init(_ctx) {
            const detail = e.shortMessage || e.message || String(e);
            log.errorf("Token lookup failed for", addr, detail);
            showFlash(detail);
-            infoEl.classList.add("hidden");
+            infoEl.textContent = "";
            infoEl.style.visibility = "hidden";
        }
    });
 }
--- a/src/popup/views/transactionDetail.js
+++ b/src/popup/views/transactionDetail.js
@@ -5,31 +5,42 @@ const {
    $,
    showView,
    showFlash,
-    addressDotHtml,
+    flashCopyFeedback,
    addressTitle,
    escapeHtml,
    isoDate,
    timeAgo,
    renderAddressHtml,
    attachCopyHandlers,
    copyableHtml,
    etherscanLinkHtml,
    goBack,
 } = require("./helpers");
-const { state } = require("../../shared/state");
+const { state, currentNetwork } = require("../../shared/state");
 const { formatEther, formatUnits } = require("ethers");
 const makeBlockie = require("ethereum-blockies-base64");
 const { log, debugFetch } = require("../../shared/log");
 const { decodeCalldata } = require("./approval");
 const EXT_ICON =
    `<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
    `<svg viewBox="0 0 12 12" fill="none" stroke="currentColor" stroke-width="1.5">` +
    `<path d="M4.5 1.5H2a.5.5 0 00-.5.5v8a.5.5 0 00.5.5h8a.5.5 0 00.5-.5V7.5"/>` +
    `<path d="M7 1.5h3.5V5M7 5.5L10.5 1.5"/>` +
    `</svg></span>`;
 let ctx;
-function copyableHtml(text, extraClass) {
+/**
-    const cls =
+ * Determine a human-readable transaction type string from tx fields.
-        "underline decoration-dashed cursor-pointer" +
+ */
-        (extraClass ? " " + extraClass : "");
+function getTransactionType(tx) {
-    return `<span class="${cls}" data-copy="${escapeHtml(text)}">${escapeHtml(text)}</span>`;
+    if (!tx.to) return "Contract Creation";
    if (tx.direction === "contract") {
        if (tx.directionLabel === "Swap") return "Swap";
        if (
            tx.method === "approve" ||
            tx.directionLabel === "Approve" ||
            tx.method === "setApprovalForAll"
        )
            return "Token Approval";
        return "Contract Call";
    }
    if (tx.symbol && tx.symbol !== "ETH") return "ERC-20 Token Transfer";
    return "Native ETH Transfer";
 }
 function blockieHtml(address) {
@@ -37,44 +48,16 @@ function blockieHtml(address) {
    return `<img src="${src}" width="48" height="48" style="image-rendering:pixelated;border-radius:50%;display:inline-block">`;
 }
-function etherscanLinkHtml(url) {
+function txAddressHtml(address, ensName, title) {
    const blockie = blockieHtml(address);
    return (
-        `<a href="${url}" target="_blank" rel="noopener" ` +
+        `<div class="mb-1">${blockie}</div>` +
-        `class="inline-flex items-center"` +
+        renderAddressHtml(address, { title, ensName })
        `>${EXT_ICON}</a>`
    );
 }
 function txAddressHtml(address, ensName, title) {
    const blockie = blockieHtml(address);
    const dot = addressDotHtml(address);
    const link = `https://etherscan.io/address/${address}`;
    const extLink = etherscanLinkHtml(link);
    let html = `<div class="mb-1">${blockie}</div>`;
    if (title) {
        html += `<div class="font-bold">${escapeHtml(title)}</div>`;
    }
    if (ensName) {
        html +=
            `<div class="flex items-center">${dot}` +
            copyableHtml(ensName, "") +
            `</div>` +
            `<div class="flex items-center">${dot}` +
            copyableHtml(address, "break-all") +
            extLink +
            `</div>`;
    } else {
        html +=
            `<div class="flex items-center">${dot}` +
            copyableHtml(address, "break-all") +
            extLink +
            `</div>`;
    }
    return html;
 }
 function txHashHtml(hash) {
-    const link = `https://etherscan.io/tx/${hash}`;
+    const link = `${currentNetwork().explorerUrl}/tx/${hash}`;
    const extLink = etherscanLinkHtml(link);
    return copyableHtml(hash, "break-all") + extLink;
 }
@@ -98,6 +81,7 @@ function show(tx) {
            direction: tx.direction || null,
            isContractCall: tx.isContractCall || false,
            method: tx.method || null,
            contractAddress: tx.contractAddress || null,
        },
    };
    render();
@@ -134,47 +118,162 @@ function render() {
        nativeEl.parentElement.classList.add("hidden");
    }
-    // Show type label for contract interactions (Swap, Execute, etc.)
+    // Always show transaction type as the first field
    const typeSection = $("tx-detail-type-section");
    const typeEl = $("tx-detail-type");
    const headingEl = $("tx-detail-heading");
-    if (tx.direction === "contract" && tx.directionLabel) {
+    if (typeSection && typeEl) {
-        if (typeSection) {
+        typeEl.textContent = getTransactionType(tx);
            typeEl.textContent = tx.directionLabel;
        typeSection.classList.remove("hidden");
    }
    } else {
        if (typeSection) typeSection.classList.add("hidden");
    }
    if (headingEl) headingEl.textContent = "Transaction";
-    // Hide calldata and raw data sections; re-fetch if this is a contract call
+    // Token contract address (for ERC-20 transfers)
    const tokenContractSection = $("tx-detail-token-contract-section");
    const tokenContractEl = $("tx-detail-token-contract");
    if (tokenContractSection && tokenContractEl) {
        if (tx.contractAddress) {
            const dot = addressDotHtml(tx.contractAddress);
            const link = `${currentNetwork().explorerUrl}/token/${tx.contractAddress}`;
            tokenContractEl.innerHTML =
                `<div class="flex items-center">${dot}` +
                copyableHtml(tx.contractAddress, "break-all") +
                etherscanLinkHtml(link) +
                `</div>`;
            tokenContractSection.classList.remove("hidden");
        } else {
            tokenContractSection.classList.add("hidden");
        }
    }
    // Hide calldata and raw data sections; always fetch full tx details
    const calldataSection = $("tx-detail-calldata-section");
    if (calldataSection) calldataSection.classList.add("hidden");
    const rawDataSection = $("tx-detail-rawdata-section");
    if (rawDataSection) rawDataSection.classList.add("hidden");
-    if (tx.isContractCall || tx.direction === "contract") {
+    // Hide on-chain detail sections until populated
-        loadCalldata(tx.hash, tx.to);
+    for (const id of [
        "tx-detail-block-section",
        "tx-detail-nonce-section",
        "tx-detail-fee-section",
        "tx-detail-gasprice-section",
        "tx-detail-gasused-section",
        "tx-detail-network-section",
    ]) {
        const el = $(id);
        if (el) el.classList.add("hidden");
    }
-    $("tx-detail-time").textContent =
+    loadFullTxDetails(tx.hash, tx.to, tx.isContractCall);
-        isoDate(tx.timestamp) + " (" + timeAgo(tx.timestamp) + ")";
+
    const isoStr = isoDate(tx.timestamp);
    $("tx-detail-time").innerHTML =
        copyableHtml(isoStr) + " (" + escapeHtml(timeAgo(tx.timestamp)) + ")";
    $("tx-detail-status").textContent = tx.isError ? "Failed" : "Success";
    showView("transaction");
    attachCopyHandlers("view-transaction");
 }
-    document
+function showDetailField(sectionId, contentId, value) {
-        .getElementById("view-transaction")
+    const section = $(sectionId);
-        .querySelectorAll("[data-copy]")
+    const el = $(contentId);
-        .forEach((el) => {
+    if (!section || !el) return;
    el.innerHTML = copyableHtml(value, "");
    section.classList.remove("hidden");
 }
 function populateOnChainDetails(txData) {
    // Block number
    if (txData.block_number != null) {
        const blockLink = `${currentNetwork().explorerUrl}/block/${txData.block_number}`;
        const blockSection = $("tx-detail-block-section");
        const blockEl = $("tx-detail-block");
        if (blockSection && blockEl) {
            blockEl.innerHTML =
                copyableHtml(String(txData.block_number), "") +
                etherscanLinkHtml(blockLink);
            blockSection.classList.remove("hidden");
        }
    }
    // Nonce
    if (txData.nonce != null) {
        showDetailField(
            "tx-detail-nonce-section",
            "tx-detail-nonce",
            String(txData.nonce),
        );
    }
    // Transaction fee
    const feeWei = txData.fee?.value || txData.tx_fee;
    if (feeWei) {
        const feeEth = formatEther(String(feeWei));
        showDetailField(
            "tx-detail-fee-section",
            "tx-detail-fee",
            feeEth + " ETH",
        );
    }
    // Gas price
    const gasPrice = txData.gas_price;
    if (gasPrice) {
        const gwei = formatUnits(String(gasPrice), "gwei");
        showDetailField(
            "tx-detail-gasprice-section",
            "tx-detail-gasprice",
            gwei + " Gwei",
        );
    }
    // Gas used
    const gasUsed = txData.gas_used;
    if (gasUsed) {
        showDetailField(
            "tx-detail-gasused-section",
            "tx-detail-gasused",
            String(gasUsed),
        );
    }
    // Show the network details wrapper if any child section is visible
    const networkWrapper = $("tx-detail-network-section");
    if (networkWrapper) {
        const hasVisible = [
            "tx-detail-nonce-section",
            "tx-detail-fee-section",
            "tx-detail-gasprice-section",
            "tx-detail-gasused-section",
        ].some((id) => {
            const el = $(id);
            return el && !el.classList.contains("hidden");
        });
        if (hasVisible) networkWrapper.classList.remove("hidden");
    }
    // Bind copy handlers for newly added elements
    for (const id of [
        "tx-detail-block-section",
        "tx-detail-nonce-section",
        "tx-detail-fee-section",
        "tx-detail-gasprice-section",
        "tx-detail-gasused-section",
    ]) {
        const section = $(id);
        if (!section) continue;
        section.querySelectorAll("[data-copy]").forEach((el) => {
            el.onclick = () => {
                navigator.clipboard.writeText(el.dataset.copy);
                showFlash("Copied!");
                flashCopyFeedback(el);
            };
        });
    }
 }
-async function loadCalldata(txHash, toAddress) {
+async function loadFullTxDetails(txHash, toAddress, isContractCall) {
    const section = $("tx-detail-calldata-section");
    const actionEl = $("tx-detail-calldata-action");
    const detailsEl = $("tx-detail-calldata-details");
@@ -189,6 +288,10 @@ async function loadCalldata(txHash, toAddress) {
        );
        if (!resp.ok) return;
        const txData = await resp.json();
        // Populate on-chain detail fields (block, nonce, gas, fee)
        populateOnChainDetails(txData);
        const inputData = txData.raw_input || txData.input || null;
        if (!inputData || inputData === "0x") return;
@@ -204,19 +307,14 @@ async function loadCalldata(txHash, toAddress) {
                detailsHtml += `<div class="mb-2">`;
                detailsHtml += `<div class="text-muted">${escapeHtml(d.label)}</div>`;
                if (d.address && d.isToken) {
-                    // Token entry: show symbol on its own line, then dot + address + Etherscan link
+                    // Token entry: show symbol on its own line, then address via shared renderer
                    const dot = addressDotHtml(d.address);
                    const tokenSymbol = d.value.match(/^(\S+)\s*\(/)?.[1];
                    if (tokenSymbol) {
                        detailsHtml += `<div class="font-bold">${escapeHtml(tokenSymbol)}</div>`;
                    }
-                    const etherscanUrl = `https://etherscan.io/token/${d.address}`;
+                    detailsHtml += renderAddressHtml(d.address);
                    detailsHtml += `<div class="flex items-center">${dot}${copyableHtml(d.address, "break-all")}${etherscanLinkHtml(etherscanUrl)}</div>`;
                } else if (d.address) {
-                    // Protocol/contract entry: show name + Etherscan link
+                    detailsHtml += renderAddressHtml(d.address);
                    const dot = addressDotHtml(d.address);
                    const etherscanUrl = `https://etherscan.io/address/${d.address}`;
                    detailsHtml += `<div class="flex items-center">${dot}${copyableHtml(d.value, "break-all")}${etherscanLinkHtml(etherscanUrl)}</div>`;
                } else {
                    detailsHtml += `<div class="font-bold">${escapeHtml(d.value)}</div>`;
                }
@@ -243,12 +341,7 @@ async function loadCalldata(txHash, toAddress) {
        // Bind copy handlers for new elements (including raw data now outside section)
        const copyTargets = [section, rawSection].filter(Boolean);
        for (const container of copyTargets) {
-            container.querySelectorAll("[data-copy]").forEach((el) => {
+            attachCopyHandlers(container);
                el.onclick = () => {
                    navigator.clipboard.writeText(el.dataset.copy);
                    showFlash("Copied!");
                };
            });
        }
    } catch (e) {
        log.errorf("loadCalldata failed:", e.message);
@@ -258,11 +351,7 @@ async function loadCalldata(txHash, toAddress) {
 function init(_ctx) {
    ctx = _ctx;
    $("btn-tx-back").addEventListener("click", () => {
-        if (state.selectedToken) {
+        goBack();
            ctx.showAddressToken();
        } else {
            ctx.showAddressDetail();
        }
    });
 }
--- a/src/popup/views/txStatus.js
+++ b/src/popup/views/txStatus.js
@@ -3,23 +3,19 @@
 const {
    $,
    showView,
    showFlash,
    addressDotHtml,
    addressTitle,
    escapeHtml,
    renderAddressHtml,
    attachCopyHandlers,
    copyableHtml,
    etherscanLinkHtml,
    clearViewStack,
 } = require("./helpers");
 const { TOKEN_BY_ADDRESS } = require("../../shared/tokenList");
-const { state, saveState } = require("../../shared/state");
+const { state, saveState, currentNetwork } = require("../../shared/state");
 const { getProvider } = require("../../shared/balances");
 const { log } = require("../../shared/log");
 const EXT_ICON =
    `<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
    `<svg viewBox="0 0 12 12" fill="none" stroke="currentColor" stroke-width="1.5">` +
    `<path d="M4.5 1.5H2a.5.5 0 00-.5.5v8a.5.5 0 00.5.5h8a.5.5 0 00.5-.5V7.5"/>` +
    `<path d="M7 1.5h3.5V5M7 5.5L10.5 1.5"/>` +
    `</svg></span>`;
 let ctx;
 let elapsedTimer = null;
 let pollTimer = null;
@@ -36,39 +32,19 @@ function clearTimers() {
 }
 function toAddressHtml(address) {
    const dot = addressDotHtml(address);
    const link = `https://etherscan.io/address/${address}`;
    const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
    const title = addressTitle(address, state.wallets);
-    if (title) {
+    return renderAddressHtml(address, { title });
        return (
            `<div class="flex items-center font-bold">${dot}${escapeHtml(title)}</div>` +
            `<div class="break-all underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(address)}">${escapeHtml(address)}</div>` +
            extLink
        );
    }
    return `<div class="flex items-center">${dot}<span class="break-all underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(address)}">${escapeHtml(address)}</span>${extLink}</div>`;
 }
 function txHashHtml(hash) {
-    const link = `https://etherscan.io/tx/${hash}`;
+    const link = `${currentNetwork().explorerUrl}/tx/${hash}`;
-    const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
+    return copyableHtml(hash, "break-all") + etherscanLinkHtml(link);
    return (
        `<span class="underline decoration-dashed cursor-pointer break-all" data-copy="${escapeHtml(hash)}">${escapeHtml(hash)}</span>` +
        extLink
    );
 }
-function attachCopyHandlers(viewId) {
+function blockNumberHtml(blockNumber) {
-    document
+    const num = String(blockNumber);
-        .getElementById(viewId)
+    const link = `${currentNetwork().explorerUrl}/block/${num}`;
-        .querySelectorAll("[data-copy]")
+    return copyableHtml(num) + etherscanLinkHtml(link);
        .forEach((el) => {
            el.onclick = () => {
                navigator.clipboard.writeText(el.dataset.copy);
                showFlash("Copied!");
            };
        });
 }
 function showWait(txInfo, txHash) {
@@ -135,7 +111,7 @@ function tokenLabel(address) {
 }
 function etherscanTokenLink(address) {
-    return `https://etherscan.io/token/${address}`;
+    return `${currentNetwork().explorerUrl}/token/${address}`;
 }
 function decodedDetailsHtml(decoded) {
@@ -189,7 +165,7 @@ function renderSuccess() {
        $("success-tx-to").innerHTML = toAddressHtml(d.to);
    }
-    $("success-tx-block").textContent = String(d.blockNumber);
+    $("success-tx-block").innerHTML = blockNumberHtml(d.blockNumber);
    $("success-tx-hash").innerHTML = txHashHtml(d.hash);
    // Show decoded calldata details if present
@@ -246,10 +222,16 @@ function navigateBack() {
        window.close();
        return;
    }
    // After a completed transaction, reset the navigation stack
    // and go directly to the address view (token or detail).
    // Use require() lazily to call show() without the ctx push wrapper.
    clearViewStack();
    state.viewStack.push("main");
    if (state.selectedToken) {
-        ctx.showAddressToken();
+        state.viewStack.push("address");
        require("./addressToken").show();
    } else {
-        ctx.showAddressDetail();
+        require("./addressDetail").show();
    }
 }
--- a/src/shared/addressWarnings.js
+++ b/src/shared/addressWarnings.js
@@ -0,0 +1,114 @@
 // Address warning module.
 // Provides local and async (RPC-based) warning checks for Ethereum addresses.
 // Returns arrays of {type, message, severity} objects.
 const { isScamAddress } = require("./scamlist");
 const { isBurnAddress } = require("./constants");
 const { checkEtherscanLabel } = require("./etherscanLabels");
 const { log } = require("./log");
 /**
 * Check an address against local-only lists (scam, burn, self-send).
 * Synchronous — no network calls.
 *
 * @param {string} address - The target address to check.
 * @param {object} [options] - Optional context.
 * @param {string} [options.fromAddress] - Sender address (for self-send check).
 * @returns {Array<{type: string, message: string, severity: string}>}
 */
 function getLocalWarnings(address, options = {}) {
    const warnings = [];
    const addr = address.toLowerCase();
    if (isScamAddress(addr)) {
        warnings.push({
            type: "scam",
            message:
                "This address is on a known scam/fraud list. Do not send funds to this address.",
            severity: "critical",
        });
    }
    if (isBurnAddress(addr)) {
        warnings.push({
            type: "burn",
            message:
                "This is a known null/burn address. Funds sent here are permanently destroyed and cannot be recovered.",
            severity: "critical",
        });
    }
    if (options.fromAddress && addr === options.fromAddress.toLowerCase()) {
        warnings.push({
            type: "self-send",
            message: "You are sending to your own address.",
            severity: "warning",
        });
    }
    return warnings;
 }
 /**
 * Check an address against local lists AND via RPC queries.
 * Async — performs network calls to check contract status and tx history.
 *
 * @param {string} address - The target address to check.
 * @param {object} provider - An ethers.js provider instance.
 * @param {object} [options] - Optional context.
 * @param {string} [options.fromAddress] - Sender address (for self-send check).
 * @returns {Promise<Array<{type: string, message: string, severity: string}>>}
 */
 async function getFullWarnings(address, provider, options = {}) {
    const warnings = getLocalWarnings(address, options);
    let isContract = false;
    try {
        const code = await provider.getCode(address);
        if (code && code !== "0x") {
            isContract = true;
            warnings.push({
                type: "contract",
                message:
                    "This address is a smart contract, not a regular wallet.",
                severity: "warning",
            });
        }
    } catch (e) {
        log.errorf("contract check failed:", e.message);
    }
    // Skip tx count check for contracts — they may legitimately have
    // zero inbound EOA transactions.
    if (!isContract) {
        try {
            const txCount = await provider.getTransactionCount(address);
            if (txCount === 0) {
                warnings.push({
                    type: "new-address",
                    message:
                        "This address has never sent a transaction. Double-check it is correct.",
                    severity: "info",
                });
            }
        } catch (e) {
            log.errorf("tx count check failed:", e.message);
        }
    }
    // Etherscan label check (best-effort async — network failures are silent).
    // Runs for ALL addresses including contracts, since many dangerous
    // flagged addresses on Etherscan (drainers, phishing contracts) are contracts.
    try {
        const etherscanWarning = await checkEtherscanLabel(address);
        if (etherscanWarning) {
            warnings.push(etherscanWarning);
        }
    } catch (e) {
        log.errorf("etherscan label check failed:", e.message);
    }
    return warnings;
 }
 module.exports = { getLocalWarnings, getFullWarnings };
--- a/src/shared/balances.js
+++ b/src/shared/balances.js
@@ -15,10 +15,15 @@ const { KNOWN_SYMBOLS, TOKEN_BY_ADDRESS } = require("./tokenList");
 // Use a static network to skip auto-detection (which can fail and cause
 // "could not coalesce error" on some RPC endpoints like Cloudflare).
-const mainnet = Network.from("mainnet");
+// Accepts an optional networkName ("mainnet" or "sepolia") for the static
-
+// network hint so ethers picks the right chain parameters.  When omitted,
-function getProvider(rpcUrl) {
+// reads the currently selected network from extension state.
-    return new JsonRpcProvider(rpcUrl, mainnet, { staticNetwork: mainnet });
+function getProvider(rpcUrl, networkName) {
    // Lazy require to avoid circular dependency issues at module scope.
    const { currentNetwork } = require("./state");
    const name = networkName || currentNetwork().id;
    const net = Network.from(name);
    return new JsonRpcProvider(rpcUrl, net, { staticNetwork: net });
 }
 function formatBalance(wei) {
--- a/src/shared/buildInfo.js
+++ b/src/shared/buildInfo.js
@@ -0,0 +1,35 @@
 // Build-time constants injected by esbuild define in build.js.
 // These globals are replaced at bundle time with string literals.
 /* global __BUILD_VERSION__, __BUILD_LICENSE__, __BUILD_AUTHOR__,
          __BUILD_COMMIT__, __BUILD_COMMIT_FULL__, __BUILD_DATE__ */
 const BUILD_VERSION =
    typeof __BUILD_VERSION__ !== "undefined" ? __BUILD_VERSION__ : "dev";
 const BUILD_LICENSE =
    typeof __BUILD_LICENSE__ !== "undefined" ? __BUILD_LICENSE__ : "GPL-3.0";
 const BUILD_AUTHOR =
    typeof __BUILD_AUTHOR__ !== "undefined"
        ? __BUILD_AUTHOR__
        : "sneak <sneak@sneak.berlin>";
 const BUILD_COMMIT =
    typeof __BUILD_COMMIT__ !== "undefined" ? __BUILD_COMMIT__ : "unknown";
 const BUILD_COMMIT_FULL =
    typeof __BUILD_COMMIT_FULL__ !== "undefined"
        ? __BUILD_COMMIT_FULL__
        : "unknown";
 const BUILD_DATE =
    typeof __BUILD_DATE__ !== "undefined" ? __BUILD_DATE__ : "unknown";
 const GITEA_COMMIT_URL =
    "https://git.eeqj.de/sneak/AutistMask/commit/" + BUILD_COMMIT_FULL;
 module.exports = {
    BUILD_VERSION,
    BUILD_LICENSE,
    BUILD_AUTHOR,
    BUILD_COMMIT,
    BUILD_COMMIT_FULL,
    BUILD_DATE,
    GITEA_COMMIT_URL,
 };
--- a/src/shared/chainSwitch.js
+++ b/src/shared/chainSwitch.js
@@ -0,0 +1,57 @@
 // Consolidated chain-switch handler.
 //
 // Every state change required when the active network changes is
 // performed here so that callers (settings UI, background
 // wallet_switchEthereumChain, future chain additions) all go
 // through a single code path.
 //
 // Adding a new chain (e.g. ETC) requires only a new entry in
 // networks.js — no per-caller wiring is needed.
 const { networkById } = require("./networks");
 const { clearPrices } = require("./prices");
 // Switch the active chain and reset all chain-specific cached state.
 // Returns the network configuration object for the new chain.
 async function onChainSwitch(newNetworkId) {
    const { state, saveState } = require("./state");
    const net = networkById(newNetworkId);
    // --- core identity ---
    state.networkId = net.id;
    state.rpcUrl = net.defaultRpcUrl;
    state.blockscoutUrl = net.defaultBlockscoutUrl;
    // --- price cache ---
    // Prices are chain-specific (testnet tokens are worthless,
    // ETC has different pricing, etc.).
    clearPrices();
    // --- balance / refresh state ---
    // Reset last-refresh timestamp so the next polling cycle
    // triggers an immediate balance refresh on the new chain.
    state.lastBalanceRefresh = 0;
    // Clear per-address balances and token balances so stale data
    // from the previous chain is never displayed while the first
    // refresh on the new chain is in flight.
    for (const wallet of state.wallets) {
        for (const addr of wallet.addresses) {
            addr.balance = "0";
            addr.tokenBalances = [];
        }
    }
    // --- chain-specific caches ---
    // Token holder counts and fraud contract lists are
    // chain-specific and must not carry over.
    state.tokenHolderCache = {};
    state.fraudContracts = [];
    await saveState();
    return net;
 }
 module.exports = { onChainSwitch };
--- a/src/shared/constants.js
+++ b/src/shared/constants.js
@@ -3,6 +3,7 @@ const DEBUG_MNEMONIC =
    "cube evolve unfold result inch risk jealous skill hotel bulb night wreck";
 const ETHEREUM_MAINNET_CHAIN_ID = "0x1";
 const ETHEREUM_SEPOLIA_CHAIN_ID = "0xaa36a7";
 const DEFAULT_RPC_URL = "https://ethereum-rpc.publicnode.com";
@@ -20,12 +21,28 @@ const ERC20_ABI = [
    "function approve(address spender, uint256 amount) returns (bool)",
 ];
 // Known null/burn addresses that permanently destroy funds.
 const BURN_ADDRESSES = new Set([
    "0x0000000000000000000000000000000000000000",
    "0x0000000000000000000000000000000000000001",
    "0x000000000000000000000000000000000000dead",
    "0xdead000000000000000000000000000000000000",
    "0x00000000000000000000000000000000deadbeef",
 ]);
 function isBurnAddress(address) {
    return BURN_ADDRESSES.has(address.toLowerCase());
 }
 module.exports = {
    DEBUG,
    DEBUG_MNEMONIC,
    ETHEREUM_MAINNET_CHAIN_ID,
    ETHEREUM_SEPOLIA_CHAIN_ID,
    DEFAULT_RPC_URL,
    DEFAULT_BLOCKSCOUT_URL,
    BIP44_ETH_PATH,
    ERC20_ABI,
    BURN_ADDRESSES,
    isBurnAddress,
 };
--- a/src/shared/etherscanLabels.js
+++ b/src/shared/etherscanLabels.js
@@ -0,0 +1,107 @@
 // Etherscan address label lookup via page scraping.
 // Extension users make the requests directly to Etherscan — no proxy needed.
 // This is a best-effort enrichment: network failures return null silently.
 // Patterns in the page title that indicate a flagged address.
 // Title format: "Fake_Phishing184810 | Address: 0x... | Etherscan"
 const PHISHING_LABEL_PATTERNS = [/^Fake_Phishing/i, /^Phish:/i, /^Exploiter/i];
 // Patterns in the page body that indicate a scam/phishing warning.
 const SCAM_BODY_PATTERNS = [
    /used in a\s+(?:\w+\s+)?phishing scam/i,
    /used in a\s+(?:\w+\s+)?scam/i,
    /wallet\s+drainer/i,
 ];
 /**
 * Parse the Etherscan address page HTML to extract label info.
 * Exported for unit testing (no fetch needed).
 *
 * @param {string} html - Raw HTML of the Etherscan address page.
 * @returns {{ label: string|null, isPhishing: boolean, warning: string|null }}
 */
 function parseEtherscanPage(html) {
    // Extract <title> content
    const titleMatch = html.match(/<title[^>]*>([^<]+)<\/title>/i);
    let label = null;
    let isPhishing = false;
    let warning = null;
    if (titleMatch) {
        const title = titleMatch[1].trim();
        // Title: "LABEL | Address: 0x... | Etherscan" or "Address: 0x... | Etherscan"
        const labelMatch = title.match(/^(.+?)\s*\|\s*Address:/);
        if (labelMatch) {
            const candidate = labelMatch[1].trim();
            // Only treat as a label if it's not just "Address" (unlabeled addresses)
            if (candidate.toLowerCase() !== "address") {
                label = candidate;
            }
        }
    }
    // Check label against phishing patterns
    if (label) {
        for (const pat of PHISHING_LABEL_PATTERNS) {
            if (pat.test(label)) {
                isPhishing = true;
                warning = `Etherscan labels this address as "${label}" (Phish/Hack).`;
                break;
            }
        }
    }
    // Check page body for scam warning banners
    if (!isPhishing) {
        for (const pat of SCAM_BODY_PATTERNS) {
            if (pat.test(html)) {
                isPhishing = true;
                warning = label
                    ? `Etherscan labels this address as "${label}" and reports it was used in a scam.`
                    : "Etherscan reports this address was flagged for phishing/scam activity.";
                break;
            }
        }
    }
    return { label, isPhishing, warning };
 }
 /**
 * Fetch an address page from Etherscan and check for scam/phishing labels.
 * Returns a warning object if the address is flagged, or null.
 * Network failures return null silently (best-effort check).
 *
 * Uses the current network's explorer URL so the lookup works on both
 * mainnet (etherscan.io) and Sepolia (sepolia.etherscan.io).
 *
 * @param {string} address - Ethereum address to check.
 * @returns {Promise<{type: string, message: string, severity: string}|null>}
 */
 async function checkEtherscanLabel(address) {
    try {
        // Lazy require to avoid pulling in chrome.storage at module scope
        // (which breaks unit tests that only exercise parseEtherscanPage).
        const { currentNetwork } = require("./state");
        const etherscanBase = currentNetwork().explorerUrl + "/address/";
        const resp = await fetch(etherscanBase + address, {
            headers: { Accept: "text/html" },
        });
        if (!resp.ok) return null;
        const html = await resp.text();
        const result = parseEtherscanPage(html);
        if (result.isPhishing) {
            return {
                type: "etherscan-phishing",
                message: result.warning,
                severity: "critical",
            };
        }
        return null;
    } catch {
        // Network errors are expected — Etherscan may rate-limit or block.
        return null;
    }
 }
 module.exports = { parseEtherscanPage, checkEtherscanLabel };
--- a/src/shared/log.js
+++ b/src/shared/log.js
@@ -1,12 +1,27 @@
 // Leveled logger. Outputs to console with [AutistMask] prefix.
-// Level is DEBUG when the DEBUG constant is true, INFO otherwise.
+// Level is DEBUG when the compile-time DEBUG constant is true or the runtime
 // debugMode state flag is enabled.  The runtime flag is checked lazily so it
 // responds immediately when toggled in settings.
 const { DEBUG } = require("./constants");
 const LEVELS = { debug: 0, info: 1, warn: 2, error: 3 };
-const threshold = DEBUG ? LEVELS.debug : LEVELS.info;
+
 // Runtime debug mode flag — set by settings.js when the user toggles debug
 // mode via the easter egg.  Kept here as a simple mutable reference so it can
 // be updated without circular dependency issues with state.js.
 let _runtimeDebug = false;
 function setRuntimeDebug(enabled) {
    _runtimeDebug = enabled;
 }
 function isDebug() {
    return DEBUG || _runtimeDebug;
 }
 function emit(level, method, args) {
    const threshold = isDebug() ? LEVELS.debug : LEVELS.info;
    if (LEVELS[level] >= threshold) {
        console[method]("[AutistMask]", ...args);
    }
@@ -37,4 +52,4 @@ async function debugFetch(url, opts) {
    return resp;
 }
-module.exports = { log, debugFetch };
+module.exports = { log, debugFetch, setRuntimeDebug, isDebug };
--- a/src/shared/networks.js
+++ b/src/shared/networks.js
@@ -0,0 +1,57 @@
 // Network definitions for supported Ethereum networks.
 // Each network specifies its chain ID, default RPC and Blockscout endpoints,
 // and the block explorer base URL used for address/tx/token/block links.
 const NETWORKS = {
    mainnet: {
        id: "mainnet",
        name: "Ethereum Mainnet",
        chainId: "0x1",
        networkVersion: "1",
        nativeCurrency: "ETH",
        defaultRpcUrl: "https://ethereum-rpc.publicnode.com",
        defaultBlockscoutUrl: "https://eth.blockscout.com/api/v2",
        explorerUrl: "https://etherscan.io",
        isTestnet: false,
    },
    sepolia: {
        id: "sepolia",
        name: "Sepolia Testnet",
        chainId: "0xaa36a7",
        networkVersion: "11155111",
        nativeCurrency: "SepoliaETH",
        defaultRpcUrl: "https://ethereum-sepolia-rpc.publicnode.com",
        defaultBlockscoutUrl: "https://eth-sepolia.blockscout.com/api/v2",
        explorerUrl: "https://sepolia.etherscan.io",
        isTestnet: true,
    },
 };
 const SUPPORTED_CHAIN_IDS = new Set(
    Object.values(NETWORKS).map((n) => n.chainId),
 );
 function networkById(id) {
    return NETWORKS[id] || NETWORKS.mainnet;
 }
 function networkByChainId(chainId) {
    for (const net of Object.values(NETWORKS)) {
        if (net.chainId === chainId) return net;
    }
    return null;
 }
 // Build a block explorer link for the given path type and value.
 // type: "address" | "tx" | "token" | "block"
 function explorerLink(network, type, value) {
    return `${network.explorerUrl}/${type}/${value}`;
 }
 module.exports = {
    NETWORKS,
    SUPPORTED_CHAIN_IDS,
    networkById,
    networkByChainId,
    explorerLink,
 };
--- a/src/shared/phishingBlocklist.json
+++ b/src/shared/phishingBlocklist.json
--- a/src/shared/phishingDomains.js
+++ b/src/shared/phishingDomains.js
@@ -0,0 +1,215 @@
 // Domain-based phishing detection using a vendored blocklist with delta updates.
 //
 // A community-maintained phishing domain blocklist is vendored in
 // phishingBlocklist.json and bundled at build time. At runtime, we fetch
 // the live list periodically and keep only the delta (new entries not in
 // the vendored list) in memory. This keeps runtime memory usage small.
 //
 // The domain-checker checks the in-memory delta first (fresh/recent scam
 // sites), then falls back to the vendored list.
 //
 // If the delta is under 256 KiB it is persisted to localStorage so it
 // survives extension/service-worker restarts.
 const vendoredConfig = require("./phishingBlocklist.json");
 const BLOCKLIST_URL =
    "https://raw.githubusercontent.com/MetaMask/eth-phishing-detect/main/src/config.json";
 const CACHE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
 const REFRESH_INTERVAL_MS = 24 * 60 * 60 * 1000; // 24 hours
 const DELTA_STORAGE_KEY = "phishing-delta";
 const MAX_DELTA_BYTES = 256 * 1024; // 256 KiB
 // Vendored set — built once from the bundled JSON.
 const vendoredBlacklist = new Set(
    (vendoredConfig.blacklist || []).map((d) => d.toLowerCase()),
 );
 // Delta set — only entries from live list that are NOT in vendored.
 let deltaBlacklist = new Set();
 let lastFetchTime = 0;
 let fetchPromise = null;
 let refreshTimer = null;
 /**
 * Load delta entries from localStorage on startup.
 * Called once during module initialization in the background script.
 */
 function loadDeltaFromStorage() {
    try {
        const raw = localStorage.getItem(DELTA_STORAGE_KEY);
        if (!raw) return;
        const data = JSON.parse(raw);
        if (data.blacklist && Array.isArray(data.blacklist)) {
            deltaBlacklist = new Set(
                data.blacklist.map((d) => d.toLowerCase()),
            );
        }
    } catch {
        // localStorage unavailable or corrupt — start empty
    }
 }
 /**
 * Persist delta to localStorage if it fits within MAX_DELTA_BYTES.
 */
 function saveDeltaToStorage() {
    try {
        const data = {
            blacklist: Array.from(deltaBlacklist),
        };
        const json = JSON.stringify(data);
        if (json.length < MAX_DELTA_BYTES) {
            localStorage.setItem(DELTA_STORAGE_KEY, json);
        } else {
            // Too large — remove stale key if present
            localStorage.removeItem(DELTA_STORAGE_KEY);
        }
    } catch {
        // localStorage unavailable — skip silently
    }
 }
 /**
 * Load a pre-parsed config and compute the delta against the vendored list.
 * Used for both live fetches and testing.
 *
 * @param {{ blacklist?: string[] }} config
 */
 function loadConfig(config) {
    const liveBlacklist = (config.blacklist || []).map((d) => d.toLowerCase());
    // Delta = entries in the live list that are NOT in the vendored list
    deltaBlacklist = new Set(
        liveBlacklist.filter((d) => !vendoredBlacklist.has(d)),
    );
    lastFetchTime = Date.now();
    saveDeltaToStorage();
 }
 /**
 * Generate hostname variants for subdomain matching.
 * "sub.evil.com" yields ["sub.evil.com", "evil.com"].
 *
 * @param {string} hostname
 * @returns {string[]}
 */
 function hostnameVariants(hostname) {
    const h = hostname.toLowerCase();
    const variants = [h];
    const parts = h.split(".");
    // Parent domains: a.b.c.d -> b.c.d, c.d
    for (let i = 1; i < parts.length - 1; i++) {
        variants.push(parts.slice(i).join("."));
    }
    return variants;
 }
 /**
 * Check if a hostname is on the phishing blocklist.
 * Checks delta first (fresh/recent scam sites), then vendored list.
 *
 * @param {string} hostname - The hostname to check.
 * @returns {boolean}
 */
 function isPhishingDomain(hostname) {
    if (!hostname) return false;
    const variants = hostnameVariants(hostname);
    // Check delta blacklist first (fresh/recent scam sites), then vendored
    for (const v of variants) {
        if (deltaBlacklist.has(v) || vendoredBlacklist.has(v)) return true;
    }
    return false;
 }
 /**
 * Fetch the latest blocklist and compute delta against vendored data.
 * De-duplicates concurrent fetches. Results are cached for CACHE_TTL_MS.
 *
 * @returns {Promise<void>}
 */
 async function updatePhishingList() {
    // Skip if recently fetched
    if (Date.now() - lastFetchTime < CACHE_TTL_MS && lastFetchTime > 0) {
        return;
    }
    // De-duplicate concurrent calls
    if (fetchPromise) return fetchPromise;
    fetchPromise = (async () => {
        try {
            const resp = await fetch(BLOCKLIST_URL);
            if (!resp.ok) throw new Error("HTTP " + resp.status);
            const config = await resp.json();
            loadConfig(config);
        } catch {
            // Silently fail — vendored list still provides coverage.
            // We'll retry next time.
        } finally {
            fetchPromise = null;
        }
    })();
    return fetchPromise;
 }
 /**
 * Start periodic refresh of the phishing list.
 * Should be called once from the background script on startup.
 */
 function startPeriodicRefresh() {
    if (refreshTimer) return;
    refreshTimer = setInterval(updatePhishingList, REFRESH_INTERVAL_MS);
 }
 /**
 * Return the total blocklist size (vendored + delta) for diagnostics.
 *
 * @returns {number}
 */
 function getBlocklistSize() {
    return vendoredBlacklist.size + deltaBlacklist.size;
 }
 /**
 * Return the delta blocklist size for diagnostics.
 *
 * @returns {number}
 */
 function getDeltaSize() {
    return deltaBlacklist.size;
 }
 /**
 * Reset internal state (for testing).
 */
 function _reset() {
    deltaBlacklist = new Set();
    lastFetchTime = 0;
    fetchPromise = null;
    if (refreshTimer) {
        clearInterval(refreshTimer);
        refreshTimer = null;
    }
 }
 // Load persisted delta on module initialization
 loadDeltaFromStorage();
 module.exports = {
    isPhishingDomain,
    updatePhishingList,
    startPeriodicRefresh,
    loadConfig,
    getBlocklistSize,
    getDeltaSize,
    hostnameVariants,
    _reset,
    // Exposed for testing only
    _getVendoredBlacklistSize: () => vendoredBlacklist.size,
    _getDeltaBlacklist: () => deltaBlacklist,
 };
--- a/src/shared/prices.js
+++ b/src/shared/prices.js
@@ -8,6 +8,13 @@ const prices = {};
 let lastFetchedAt = 0;
 async function refreshPrices() {
    // Testnet tokens have no real market value — skip price fetching
    // and clear any stale mainnet prices so the UI shows no USD values.
    const { currentNetwork } = require("./state");
    if (currentNetwork().isTestnet) {
        clearPrices();
        return;
    }
    const now = Date.now();
    if (now - lastFetchedAt < PRICE_CACHE_TTL) return;
    try {
@@ -19,7 +26,19 @@ async function refreshPrices() {
    }
 }
 // Clear all cached prices and reset the fetch timestamp so the
 // next refreshPrices() call will fetch fresh data.
 function clearPrices() {
    for (const key of Object.keys(prices)) {
        delete prices[key];
    }
    lastFetchedAt = 0;
 }
 // Return the USD price for a symbol, or null on testnet / unknown.
 function getPrice(symbol) {
    const { currentNetwork } = require("./state");
    if (currentNetwork().isTestnet) return null;
    return prices[symbol] || null;
 }
@@ -37,6 +56,8 @@ function formatUsd(amount) {
 }
 function getAddressValueUsd(addr) {
    const { currentNetwork } = require("./state");
    if (currentNetwork().isTestnet) return null;
    if (!prices.ETH) return null;
    let total = 0;
    const ethBal = parseFloat(addr.balance || "0");
@@ -51,6 +72,8 @@ function getAddressValueUsd(addr) {
 }
 function getWalletValueUsd(wallet) {
    const { currentNetwork } = require("./state");
    if (currentNetwork().isTestnet) return null;
    if (!prices.ETH) return null;
    let total = 0;
    for (const addr of wallet.addresses) {
@@ -60,6 +83,8 @@ function getWalletValueUsd(wallet) {
 }
 function getTotalValueUsd(wallets) {
    const { currentNetwork } = require("./state");
    if (currentNetwork().isTestnet) return null;
    if (!prices.ETH) return null;
    let total = 0;
    for (const wallet of wallets) {
@@ -71,6 +96,7 @@ function getTotalValueUsd(wallets) {
 module.exports = {
    prices,
    refreshPrices,
    clearPrices,
    getPrice,
    formatUsd,
    getAddressValueUsd,
--- a/src/shared/scamlist.js
+++ b/src/shared/scamlist.js
--- a/src/shared/state.js
+++ b/src/shared/state.js
@@ -1,6 +1,7 @@
 // State management and extension storage persistence.
 const { DEFAULT_RPC_URL, DEFAULT_BLOCKSCOUT_URL } = require("./constants");
 const { networkById } = require("./networks");
 const storageApi =
    typeof browser !== "undefined"
@@ -11,6 +12,7 @@ const DEFAULT_STATE = {
    hasWallet: false,
    wallets: [],
    trackedTokens: [],
    networkId: "mainnet",
    rpcUrl: DEFAULT_RPC_URL,
    blockscoutUrl: DEFAULT_BLOCKSCOUT_URL,
    lastBalanceRefresh: 0,
@@ -23,8 +25,11 @@ const DEFAULT_STATE = {
    hideFraudContracts: true,
    hideDustTransactions: true,
    dustThresholdGwei: 100000,
    utcTimestamps: false,
    fraudContracts: [],
    tokenHolderCache: {},
    theme: "system",
    debugMode: false,
 };
 const state = {
@@ -34,13 +39,20 @@ const state = {
    selectedAddress: null,
    selectedToken: null,
    viewData: {},
    viewStack: [],
 };
 // Return the network configuration for the currently selected network.
 function currentNetwork() {
    return networkById(state.networkId);
 }
 async function saveState() {
    const persisted = {
        hasWallet: state.hasWallet,
        wallets: state.wallets,
        trackedTokens: state.trackedTokens,
        networkId: state.networkId,
        rpcUrl: state.rpcUrl,
        blockscoutUrl: state.blockscoutUrl,
        lastBalanceRefresh: state.lastBalanceRefresh,
@@ -53,13 +65,17 @@ async function saveState() {
        hideFraudContracts: state.hideFraudContracts,
        hideDustTransactions: state.hideDustTransactions,
        dustThresholdGwei: state.dustThresholdGwei,
        utcTimestamps: state.utcTimestamps,
        fraudContracts: state.fraudContracts,
        tokenHolderCache: state.tokenHolderCache,
        theme: state.theme,
        debugMode: state.debugMode,
        currentView: state.currentView,
        selectedWallet: state.selectedWallet,
        selectedAddress: state.selectedAddress,
        selectedToken: state.selectedToken,
        viewData: state.viewData,
        viewStack: state.viewStack,
    };
    await storageApi.set({ autistmask: persisted });
 }
@@ -71,6 +87,7 @@ async function loadState() {
        state.hasWallet = saved.hasWallet;
        state.wallets = saved.wallets || [];
        state.trackedTokens = saved.trackedTokens || [];
        state.networkId = saved.networkId || DEFAULT_STATE.networkId;
        state.rpcUrl = saved.rpcUrl || DEFAULT_STATE.rpcUrl;
        state.blockscoutUrl =
            saved.blockscoutUrl || DEFAULT_STATE.blockscoutUrl;
@@ -108,8 +125,13 @@ async function loadState() {
            saved.dustThresholdGwei !== undefined
                ? saved.dustThresholdGwei
                : 100000;
        state.utcTimestamps =
            saved.utcTimestamps !== undefined ? saved.utcTimestamps : false;
        state.fraudContracts = saved.fraudContracts || [];
        state.tokenHolderCache = saved.tokenHolderCache || {};
        state.theme = saved.theme || "system";
        state.debugMode =
            saved.debugMode !== undefined ? saved.debugMode : false;
        state.currentView = saved.currentView || null;
        state.selectedWallet =
            saved.selectedWallet !== undefined ? saved.selectedWallet : null;
@@ -117,6 +139,7 @@ async function loadState() {
            saved.selectedAddress !== undefined ? saved.selectedAddress : null;
        state.selectedToken = saved.selectedToken || null;
        state.viewData = saved.viewData || {};
        state.viewStack = Array.isArray(saved.viewStack) ? saved.viewStack : [];
    }
 }
@@ -127,4 +150,10 @@ function currentAddress() {
    return state.wallets[state.selectedWallet].addresses[state.selectedAddress];
 }
-module.exports = { state, saveState, loadState, currentAddress };
+module.exports = {
    state,
    saveState,
    loadState,
    currentAddress,
    currentNetwork,
 };
--- a/src/shared/transactions.js
+++ b/src/shared/transactions.js
@@ -153,24 +153,38 @@ async function fetchRecentTransactions(address, blockscoutUrl, count = 25) {
    // When a token transfer shares a hash with a normal tx, the normal tx
    // is the contract call (0 ETH) and the token transfer has the real
-    // amount and symbol.  A single transaction (e.g. a swap) can produce
+    // amount and symbol.  For contract calls (swaps), a single transaction
-    // multiple token transfers (one per token involved), so we key token
+    // can produce multiple token transfers (input, intermediates, output).
-    // transfers by hash + contract address to keep all of them.  We also
+    // We consolidate these into the original tx entry using the token
-    // preserve contract-call metadata (direction, label, method) from the
+    // transfer where the user *receives* tokens (the swap output), so
-    // matching normal tx so swaps display correctly.
+    // the transaction list shows the final result rather than confusing
    // intermediate hops.  We preserve the original tx's from/to so the
    // user sees their own address, not a router or Permit2 contract.
    for (const tt of ttJson.items || []) {
        const parsed = parseTokenTransfer(tt, addrLower);
        const existing = txsByHash.get(parsed.hash);
        if (existing && existing.direction === "contract") {
-            parsed.direction = "contract";
+            // For contract calls (swaps), consolidate into the original
-            parsed.directionLabel = existing.directionLabel;
+            // tx entry.  Prefer the "received" transfer (swap output)
-            parsed.isContractCall = true;
+            // for the display amount.  If no received transfer exists,
-            parsed.method = existing.method;
+            // fall back to the first "sent" transfer (swap input).
-            // Remove the bare-hash normal tx so it doesn't appear as a
+            const isReceived = parsed.direction === "received";
-            // duplicate with empty value; token transfers replace it.
+            const needsAmount = !existing.exactValue;
-            txsByHash.delete(parsed.hash);
+            if (isReceived || needsAmount) {
                existing.value = parsed.value;
                existing.exactValue = parsed.exactValue;
                existing.rawAmount = parsed.rawAmount;
                existing.rawUnit = parsed.rawUnit;
                existing.symbol = parsed.symbol;
                existing.contractAddress = parsed.contractAddress;
                existing.holders = parsed.holders;
            }
-        // Use composite key so multiple token transfers per tx are kept.
+            // Keep the original tx's from/to (the user's address and the
            // contract they called), not the token transfer's from/to
            // which may be a router or Permit2 contract.
            continue;
        }
        // Non-contract token transfers get their own entries.
        const ttKey = parsed.hash + ":" + (parsed.contractAddress || "");
        txsByHash.set(ttKey, parsed);
    }
--- a/src/shared/uniswap.js
+++ b/src/shared/uniswap.js
@@ -359,9 +359,12 @@ function decode(data, toAddress) {
                    const s = decodeV3SwapExactIn(inputs[i]);
                    if (s) {
                        if (!inputToken) inputToken = s.tokenIn;
                        if (!outputToken) outputToken = s.tokenOut;
                        if (!inputAmount) inputAmount = s.amountIn;
-                        if (!minOutput) minOutput = s.amountOutMin;
+                        // Always update output: in multi-step swaps (V3 → V4),
                        // the last swap step determines the final output token
                        // and minimum received amount.
                        outputToken = s.tokenOut;
                        minOutput = s.amountOutMin;
                    }
                }
@@ -369,9 +372,9 @@ function decode(data, toAddress) {
                    const s = decodeV2SwapExactIn(inputs[i]);
                    if (s) {
                        if (!inputToken) inputToken = s.tokenIn;
                        if (!outputToken) outputToken = s.tokenOut;
                        if (!inputAmount) inputAmount = s.amountIn;
-                        if (!minOutput) minOutput = s.amountOutMin;
+                        outputToken = s.tokenOut;
                        minOutput = s.amountOutMin;
                    }
                }
@@ -388,12 +391,11 @@ function decode(data, toAddress) {
                    const v4 = decodeV4Swap(inputs[i]);
                    if (v4) {
                        if (!inputToken && v4.tokenIn) inputToken = v4.tokenIn;
                        if (!outputToken && v4.tokenOut)
                            outputToken = v4.tokenOut;
                        if (!inputAmount && v4.amountIn)
                            inputAmount = v4.amountIn;
-                        if (!minOutput && v4.amountOutMin)
+                        // Always update output: last swap step wins
-                            minOutput = v4.amountOutMin;
+                        if (v4.tokenOut) outputToken = v4.tokenOut;
                        if (v4.amountOutMin) minOutput = v4.amountOutMin;
                    }
                }
--- a/src/shared/wallet.js
+++ b/src/shared/wallet.js
@@ -24,6 +24,26 @@ function hdWalletFromMnemonic(mnemonic) {
    return { xpub, firstAddress };
 }
 function hdWalletFromXprv(xprv) {
    const root = HDNodeWallet.fromExtendedKey(xprv);
    if (!root.privateKey) {
        throw new Error("Not an extended private key (xprv).");
    }
    const node = root.derivePath("44'/60'/0'/0");
    const xpub = node.neuter().extendedKey;
    const firstAddress = node.deriveChild(0).address;
    return { xpub, firstAddress };
 }
 function isValidXprv(key) {
    try {
        const node = HDNodeWallet.fromExtendedKey(key);
        return !!node.privateKey;
    } catch {
        return false;
    }
 }
 function addressFromPrivateKey(key) {
    const w = new Wallet(key);
    return w.address;
@@ -38,6 +58,11 @@ function getSignerForAddress(walletData, addrIndex, decryptedSecret) {
        );
        return node.deriveChild(addrIndex);
    }
    if (walletData.type === "xprv") {
        const root = HDNodeWallet.fromExtendedKey(decryptedSecret);
        const node = root.derivePath("44'/60'/0'/0");
        return node.deriveChild(addrIndex);
    }
    return new Wallet(decryptedSecret);
 }
@@ -49,6 +74,8 @@ module.exports = {
    generateMnemonic,
    deriveAddressFromXpub,
    hdWalletFromMnemonic,
    hdWalletFromXprv,
    isValidXprv,
    addressFromPrivateKey,
    getSignerForAddress,
    isValidMnemonic,
--- a/tests/etherscanLabels.test.js
+++ b/tests/etherscanLabels.test.js
@@ -0,0 +1,100 @@
 const { parseEtherscanPage } = require("../src/shared/etherscanLabels");
 describe("etherscanLabels", () => {
    describe("parseEtherscanPage", () => {
        test("detects Fake_Phishing label in title", () => {
            const html = `<html><head><title>Fake_Phishing184810 | Address: 0x00000c07...3ea470000 | Etherscan</title></head><body></body></html>`;
            const result = parseEtherscanPage(html);
            expect(result.label).toBe("Fake_Phishing184810");
            expect(result.isPhishing).toBe(true);
            expect(result.warning).toContain("Fake_Phishing184810");
            expect(result.warning).toContain("Phish/Hack");
        });
        test("detects Fake_Phishing with different number", () => {
            const html = `<html><head><title>Fake_Phishing5169 | Address: 0x3e0defb8...99a7a8a74 | Etherscan</title></head><body></body></html>`;
            const result = parseEtherscanPage(html);
            expect(result.label).toBe("Fake_Phishing5169");
            expect(result.isPhishing).toBe(true);
        });
        test("detects Exploiter label", () => {
            const html = `<html><head><title>Exploiter 42 | Address: 0xabcdef...1234 | Etherscan</title></head><body></body></html>`;
            const result = parseEtherscanPage(html);
            expect(result.label).toBe("Exploiter 42");
            expect(result.isPhishing).toBe(true);
        });
        test("detects scam warning in body text", () => {
            const html =
                `<html><head><title>Address: 0xabcdef...1234 | Etherscan</title></head>` +
                `<body>There are reports that this address was used in a Phishing scam.</body></html>`;
            const result = parseEtherscanPage(html);
            expect(result.label).toBeNull();
            expect(result.isPhishing).toBe(true);
            expect(result.warning).toContain("phishing/scam");
        });
        test("detects scam warning with label in body", () => {
            const html =
                `<html><head><title>SomeScammer | Address: 0xabcdef...1234 | Etherscan</title></head>` +
                `<body>There are reports that this address was used in a scam.</body></html>`;
            const result = parseEtherscanPage(html);
            expect(result.label).toBe("SomeScammer");
            expect(result.isPhishing).toBe(true);
            expect(result.warning).toContain("SomeScammer");
        });
        test("returns clean result for legitimate address", () => {
            const html = `<html><head><title>vitalik.eth | Address: 0xd8dA6BF2...37aA96045 | Etherscan</title></head><body>Overview</body></html>`;
            const result = parseEtherscanPage(html);
            expect(result.label).toBe("vitalik.eth");
            expect(result.isPhishing).toBe(false);
            expect(result.warning).toBeNull();
        });
        test("returns clean result for unlabeled address", () => {
            const html = `<html><head><title>Address: 0x1234567890...abcdef | Etherscan</title></head><body>Overview</body></html>`;
            const result = parseEtherscanPage(html);
            expect(result.label).toBeNull();
            expect(result.isPhishing).toBe(false);
            expect(result.warning).toBeNull();
        });
        test("handles exchange labels correctly (not phishing)", () => {
            const html = `<html><head><title>Coinbase 10 | Address: 0xa9d1e08c...b81d3e43 | Etherscan</title></head><body>Overview</body></html>`;
            const result = parseEtherscanPage(html);
            expect(result.label).toBe("Coinbase 10");
            expect(result.isPhishing).toBe(false);
        });
        test("handles contract names correctly (not phishing)", () => {
            const html = `<html><head><title>Beacon Deposit Contract | Address: 0x00000000...03d7705Fa | Etherscan</title></head><body>Overview</body></html>`;
            const result = parseEtherscanPage(html);
            expect(result.label).toBe("Beacon Deposit Contract");
            expect(result.isPhishing).toBe(false);
        });
        test("handles empty HTML gracefully", () => {
            const result = parseEtherscanPage("");
            expect(result.label).toBeNull();
            expect(result.isPhishing).toBe(false);
            expect(result.warning).toBeNull();
        });
        test("handles malformed title tag", () => {
            const html = `<html><head><title></title></head><body></body></html>`;
            const result = parseEtherscanPage(html);
            expect(result.label).toBeNull();
            expect(result.isPhishing).toBe(false);
        });
        test("detects wallet drainer warning", () => {
            const html =
                `<html><head><title>Address: 0xabc...def | Etherscan</title></head>` +
                `<body>This is a known wallet drainer contract.</body></html>`;
            const result = parseEtherscanPage(html);
            expect(result.isPhishing).toBe(true);
        });
    });
 });
--- a/tests/phishingDomains.test.js
+++ b/tests/phishingDomains.test.js
@@ -0,0 +1,205 @@
 // Provide a localStorage mock for Node.js test environment.
 // Must be set before requiring the module since it calls loadDeltaFromStorage()
 // at module load time.
 const localStorageStore = {};
 global.localStorage = {
    getItem: (key) =>
        Object.prototype.hasOwnProperty.call(localStorageStore, key)
            ? localStorageStore[key]
            : null,
    setItem: (key, value) => {
        localStorageStore[key] = String(value);
    },
    removeItem: (key) => {
        delete localStorageStore[key];
    },
 };
 const {
    isPhishingDomain,
    loadConfig,
    getBlocklistSize,
    getDeltaSize,
    hostnameVariants,
    _reset,
    _getVendoredBlacklistSize,
    _getDeltaBlacklist,
 } = require("../src/shared/phishingDomains");
 // Reset delta state before each test to avoid cross-test contamination.
 // Note: vendored sets are immutable and always present.
 beforeEach(() => {
    _reset();
    // Clear localStorage mock between tests
    for (const key of Object.keys(localStorageStore)) {
        delete localStorageStore[key];
    }
 });
 describe("phishingDomains", () => {
    describe("vendored blocklist", () => {
        test("vendored blacklist is loaded from bundled JSON", () => {
            // The vendored blocklist should have a large number of entries
            expect(_getVendoredBlacklistSize()).toBeGreaterThan(100000);
        });
        test("detects domains from vendored blacklist", () => {
            // These are well-known phishing domains in the vendored list
            expect(isPhishingDomain("hopprotocol.pro")).toBe(true);
            expect(isPhishingDomain("blast-pools.pages.dev")).toBe(true);
        });
        test("getBlocklistSize includes vendored entries", () => {
            expect(getBlocklistSize()).toBeGreaterThan(100000);
        });
    });
    describe("hostnameVariants", () => {
        test("returns exact hostname plus parent domains", () => {
            const variants = hostnameVariants("sub.evil.com");
            expect(variants).toEqual(["sub.evil.com", "evil.com"]);
        });
        test("returns just the hostname for a bare domain", () => {
            const variants = hostnameVariants("example.com");
            expect(variants).toEqual(["example.com"]);
        });
        test("handles deep subdomain chains", () => {
            const variants = hostnameVariants("a.b.c.d.com");
            expect(variants).toEqual([
                "a.b.c.d.com",
                "b.c.d.com",
                "c.d.com",
                "d.com",
            ]);
        });
        test("lowercases hostnames", () => {
            const variants = hostnameVariants("Evil.COM");
            expect(variants).toEqual(["evil.com"]);
        });
    });
    describe("delta computation via loadConfig", () => {
        test("loadConfig computes delta of new entries not in vendored list", () => {
            loadConfig({
                blacklist: [
                    "brand-new-scam-site-xyz123.com",
                    "hopprotocol.pro", // already in vendored
                ],
            });
            // Only the new domain should be in the delta
            expect(
                _getDeltaBlacklist().has("brand-new-scam-site-xyz123.com"),
            ).toBe(true);
            expect(_getDeltaBlacklist().has("hopprotocol.pro")).toBe(false);
            expect(getDeltaSize()).toBe(1);
        });
        test("re-loading config replaces previous delta", () => {
            loadConfig({
                blacklist: ["first-scam-xyz.com"],
            });
            expect(isPhishingDomain("first-scam-xyz.com")).toBe(true);
            loadConfig({
                blacklist: ["second-scam-xyz.com"],
            });
            expect(isPhishingDomain("first-scam-xyz.com")).toBe(false);
            expect(isPhishingDomain("second-scam-xyz.com")).toBe(true);
        });
        test("getBlocklistSize includes both vendored and delta", () => {
            const baseSize = getBlocklistSize();
            loadConfig({
                blacklist: ["delta-only-scam-xyz.com"],
            });
            expect(getBlocklistSize()).toBe(baseSize + 1);
        });
    });
    describe("isPhishingDomain with delta + vendored", () => {
        test("detects domain from delta blacklist", () => {
            loadConfig({
                blacklist: ["fresh-scam-xyz.com"],
            });
            expect(isPhishingDomain("fresh-scam-xyz.com")).toBe(true);
        });
        test("detects domain from vendored blacklist", () => {
            // No delta loaded — vendored still works
            expect(isPhishingDomain("hopprotocol.pro")).toBe(true);
        });
        test("returns false for clean domains", () => {
            expect(isPhishingDomain("etherscan.io")).toBe(false);
            expect(isPhishingDomain("example.com")).toBe(false);
        });
        test("detects subdomain of blacklisted domain (vendored)", () => {
            expect(isPhishingDomain("app.hopprotocol.pro")).toBe(true);
        });
        test("detects subdomain of blacklisted domain (delta)", () => {
            loadConfig({
                blacklist: ["delta-phish-xyz.com"],
            });
            expect(isPhishingDomain("sub.delta-phish-xyz.com")).toBe(true);
        });
        test("case-insensitive matching", () => {
            loadConfig({
                blacklist: ["Delta-Scam-XYZ.COM"],
            });
            expect(isPhishingDomain("delta-scam-xyz.com")).toBe(true);
            expect(isPhishingDomain("DELTA-SCAM-XYZ.COM")).toBe(true);
        });
        test("returns false for empty/null hostname", () => {
            expect(isPhishingDomain("")).toBe(false);
            expect(isPhishingDomain(null)).toBe(false);
        });
        test("handles config with no blacklist key", () => {
            loadConfig({});
            expect(getDeltaSize()).toBe(0);
            // Vendored list still works
            expect(isPhishingDomain("hopprotocol.pro")).toBe(true);
        });
    });
    describe("localStorage persistence", () => {
        test("saveDeltaToStorage persists delta under 256KiB", () => {
            loadConfig({
                blacklist: ["persisted-scam-xyz.com"],
            });
            const stored = localStorage.getItem("phishing-delta");
            expect(stored).not.toBeNull();
            const data = JSON.parse(stored);
            expect(data.blacklist).toContain("persisted-scam-xyz.com");
        });
        test("delta is cleared on _reset", () => {
            loadConfig({
                blacklist: ["temp-scam-xyz.com"],
            });
            expect(getDeltaSize()).toBe(1);
            _reset();
            expect(getDeltaSize()).toBe(0);
        });
    });
    describe("real-world blocklist patterns", () => {
        test("detects known phishing domains from vendored list", () => {
            expect(isPhishingDomain("uniswap-trade.web.app")).toBe(true);
            expect(isPhishingDomain("hopprotocol.pro")).toBe(true);
            expect(isPhishingDomain("blast-pools.pages.dev")).toBe(true);
        });
        test("does not flag legitimate domains", () => {
            expect(isPhishingDomain("opensea.io")).toBe(false);
            expect(isPhishingDomain("etherscan.io")).toBe(false);
        });
    });
 });