feat: warn when sending to address with zero tx history (#82)

On the confirm-tx screen, asynchronously check the recipient address
via Blockscout API. If the address has never sent or received any
transactions, display a prominent red warning banner.

Closes #82

src/popup/index.html

@@ -577,19 +577,6 @@
                     <div id="confirm-fee-amount" class="text-xs"></div>
                 </div>
                 <div id="confirm-warnings" class="mb-2 hidden"></div>
-                <div
-                    id="confirm-recipient-warning"
-                    class="mb-2"
-                    style="visibility: hidden"
-                >
-                    <div
-                        class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
-                    >
-                        WARNING: The recipient address has ZERO transaction
-                        history. This may indicate a fresh or unused address.
-                        Double-check the address before sending.
-                    </div>
-                </div>
                 <div
                     id="confirm-errors"
                     class="mb-2 border border-border border-dashed p-2 hidden"

src/popup/views/confirmTx.js

@@ -25,6 +25,7 @@ const { decryptWithPassword } = require("../../shared/vault");
 const { formatUsd, getPrice } = require("../../shared/prices");
 const { getProvider } = require("../../shared/balances");
 const { isScamAddress } = require("../../shared/scamlist");
+const { hasTransactionHistory } = require("../../shared/transactions");
 const { ERC20_ABI } = require("../../shared/constants");
 const { log } = require("../../shared/log");
 const makeBlockie = require("ethereum-blockies-base64");
@@ -243,12 +244,6 @@ function show(txInfo) {
     state.viewData = { pendingTx: txInfo };
     showView("confirm-tx");
 
-    // Reset recipient warning: reserve space (visibility:hidden) while
-    // the async check runs, preventing layout shift per README policy.
-    const recipientWarning = $("confirm-recipient-warning");
-    recipientWarning.style.display = "";
-    recipientWarning.style.visibility = "hidden";
-
     estimateGas(txInfo);
     checkRecipientHistory(txInfo);
 }
@@ -294,30 +289,27 @@ async function estimateGas(txInfo) {
 }
 
 async function checkRecipientHistory(txInfo) {
-    const el = $("confirm-recipient-warning");
     try {
-        const provider = getProvider(state.rpcUrl);
+        const hasHistory = await hasTransactionHistory(
-        // Skip warning for contract addresses — they may legitimately
+            txInfo.to,
-        // have zero outgoing transactions (getTransactionCount returns
+            state.blockscoutUrl,
-        // the nonce, i.e. sent-tx count only).
+        );
-        const code = await provider.getCode(txInfo.to);
+        if (hasHistory === false) {
-        if (code && code !== "0x") {
+            const warningsEl = $("confirm-warnings");
-            // Contract address — hide the reserved space entirely
+            const warningDiv = document.createElement("div");
-            el.style.display = "none";
+            warningDiv.className =
-            return;
+                "border border-dashed p-2 mb-1 text-xs font-bold";
-        }
+            warningDiv.style.color = "#dc2626";
-        const txCount = await provider.getTransactionCount(txInfo.to);
+            warningDiv.style.borderColor = "#dc2626";
-        if (txCount === 0) {
+            warningDiv.textContent =
-            el.style.visibility = "visible";
+                "WARNING: This address has ZERO transaction history on-chain. " +
-        } else {
+                "It has never sent or received any transactions. " +
-            // Address has history — collapse the reserved space
+                "Double-check the address before sending.";
-            el.style.display = "none";
+            warningsEl.appendChild(warningDiv);
+            warningsEl.classList.remove("hidden");
         }
     } catch (e) {
         log.errorf("recipient history check failed:", e.message);
-        // On error, collapse the reserved space rather than showing a
-        // false warning or leaving an empty gap
-        el.style.display = "none";
     }
 }
 

src/shared/transactions.js

@@ -251,4 +251,36 @@ function filterTransactions(txs, filters = {}) {
     return { transactions: filtered, newFraudContracts: newFraud };
 }
 
-module.exports = { fetchRecentTransactions, filterTransactions };
+async function hasTransactionHistory(address, blockscoutUrl) {
+    try {
+        const resp = await debugFetch(blockscoutUrl + "/addresses/" + address);
+        if (!resp.ok) {
+            // If Blockscout returns 404, the address has never been seen on-chain.
+            if (resp.status === 404) return false;
+            log.errorf(
+                "blockscout address check:",
+                resp.status,
+                resp.statusText,
+            );
+            return null; // unknown
+        }
+        const data = await resp.json();
+        // Blockscout v2 address endpoint returns tx counts.
+        // An address with no history may still exist (e.g. received ETH once
+        // but shows 0 outgoing). We check both transactions_count and
+        // token_transfers_count to be thorough.
+        const txCount =
+            (parseInt(data.transactions_count, 10) || 0) +
+            (parseInt(data.token_transfers_count, 10) || 0);
+        return txCount > 0;
+    } catch (e) {
+        log.errorf("hasTransactionHistory error:", e.message);
+        return null; // unknown, don't block the user
+    }
+}
+
+module.exports = {
+    fetchRecentTransactions,
+    filterTransactions,
+    hasTransactionHistory,
+};