feat: expand confirm-tx warnings — closes #114

- Refactor address warnings into src/shared/addressWarnings.js module - getLocalWarnings(address, options): sync checks against local lists - getFullWarnings(address, provider, options): async local + RPC checks - Expand scam address list from 652 to 2417 addresses - Added EtherScamDB (MIT) as additional source - Update confirmTx.js to use the new addressWarnings module
Merge pull request 'fix: reserve space for all error/status messages — closes #123 ' (#124 ) from fix/issue-123-layout-shift-audit into main
2026-03-01 03:40:23 -08:00 · 2026-03-01 12:33:08 +01:00 · 2026-02-28 16:30:43 -08:00 · 2026-03-01 01:21:24 +01:00 · 2026-02-28 16:17:07 -08:00 · 2026-03-01 01:13:15 +01:00
17 changed files with 2039 additions and 94 deletions
--- a/src/popup/index.html
+++ b/src/popup/index.html
@@ -107,7 +107,8 @@
                    </div>
                    <div
                        id="add-wallet-phrase-warning"
-                        class="text-xs mb-2 border border-border border-dashed p-2 hidden"
+                        class="text-xs mb-2 border border-border border-dashed p-2"
+                        style="visibility: hidden"
                    >
                        Write these words down and keep them safe. Anyone with
                        them can take your funds; if you lose them, your wallet
@@ -375,7 +376,8 @@
                </p>
                <div
                    id="export-privkey-flash"
-                    class="text-xs mb-2 hidden"
+                    class="text-xs mb-2 min-h-[1.25rem]"
+                    style="visibility: hidden"
                ></div>
                <div id="export-privkey-password-section" class="mb-2">
                    <label class="block mb-1">Password</label>
@@ -579,13 +581,17 @@
                    <div class="text-xs text-muted mb-1">Your balance</div>
                    <div id="confirm-balance" class="text-xs"></div>
                </div>
-                <div id="confirm-fee" class="mb-3 hidden">
+                <div id="confirm-fee" class="mb-3" style="visibility: hidden">
                    <div class="text-xs text-muted mb-1">
                        Estimated network fee
                    </div>
                    <div id="confirm-fee-amount" class="text-xs"></div>
                </div>
-                <div id="confirm-warnings" class="mb-2 hidden"></div>
+                <div
+                    id="confirm-warnings"
+                    class="mb-2"
+                    style="visibility: hidden"
+                ></div>
                <div
                    id="confirm-recipient-warning"
                    class="mb-2"
@@ -626,7 +632,8 @@
                </div>
                <div
                    id="confirm-errors"
-                    class="mb-2 border border-border border-dashed p-2 hidden"
+                    class="mb-2 border border-border border-dashed p-2"
+                    style="visibility: hidden; min-height: 1.25rem"
                ></div>
                <div class="mb-2">
                    <label class="block mb-1 text-xs">Password</label>
@@ -639,6 +646,7 @@
                <div
                    id="confirm-tx-password-error"
                    class="text-xs mb-2 min-h-[1.25rem]"
+                    style="visibility: hidden"
                ></div>
                <button
                    id="btn-confirm-send"
@@ -753,7 +761,8 @@
                </button>
                <div
                    id="receive-erc20-warning"
-                    class="text-xs border border-border border-dashed p-2 mt-3 hidden"
+                    class="text-xs border border-border border-dashed p-2 mt-3"
+                    style="visibility: hidden"
                ></div>
            </div>

@@ -781,7 +790,8 @@
                </div>
                <div
                    id="add-token-info"
-                    class="text-xs text-muted mb-2 hidden"
+                    class="text-xs text-muted mb-2 min-h-[1.25rem]"
+                    style="visibility: hidden"
                ></div>
                <div class="mb-2">
                    <label class="block mb-1 text-xs text-muted"
@@ -963,7 +973,8 @@
                </p>
                <div
                    id="delete-wallet-flash"
-                    class="text-xs text-red-500 mb-2 hidden"
+                    class="text-xs text-red-500 mb-2 min-h-[1.25rem]"
+                    style="visibility: hidden"
                ></div>
                <div class="mb-2">
                    <label class="block mb-1">Password</label>
@@ -1038,7 +1049,8 @@
                    />
                    <div
                        id="settings-addtoken-info"
-                        class="text-xs text-muted mt-1 hidden"
+                        class="text-xs text-muted mt-1 min-h-[1.25rem]"
+                        style="visibility: hidden"
                    ></div>
                    <button
                        id="btn-settings-addtoken-manual"
@@ -1164,7 +1176,8 @@
                </div>
                <div
                    id="approve-tx-error"
-                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem] hidden"
+                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem]"
+                    style="visibility: hidden"
                ></div>
                <div class="flex justify-between">
                    <button
@@ -1192,8 +1205,10 @@

                <div
                    id="approve-sign-danger-warning"
-                    class="hidden mb-3 p-2 text-xs font-bold"
+                    class="mb-3 p-2 text-xs font-bold"
                    style="
+                        visibility: hidden;
+                        min-height: 1.25rem;
                        background: #fee2e2;
                        color: #991b1b;
                        border: 2px solid #dc2626;
@@ -1230,7 +1245,8 @@
                </div>
                <div
                    id="approve-sign-error"
-                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem] hidden"
+                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem]"
+                    style="visibility: hidden"
                ></div>
                <div class="flex justify-between">
                    <button
--- a/src/popup/styles/main.css
+++ b/src/popup/styles/main.css
@@ -19,3 +19,16 @@ body {
    width: 396px;
    overflow-x: hidden;
 }
+
+/* Copy-flash feedback: inverts colors then fades back */
+.copy-flash-active {
+    background-color: var(--color-fg) !important;
+    color: var(--color-bg) !important;
+    transition: none;
+}
+
+.copy-flash-fade {
+    transition:
+        background-color 225ms ease-out,
+        color 225ms ease-out;
+}
--- a/src/popup/views/addToken.js
+++ b/src/popup/views/addToken.js
@@ -7,7 +7,8 @@ const { log } = require("../../shared/log");

 function show() {
    $("add-token-address").value = "";
-    $("add-token-info").classList.add("hidden");
+    $("add-token-info").textContent = "";
+    $("add-token-info").style.visibility = "hidden";
    const list = $("common-token-list");
    list.innerHTML = getTopTokens(25)
        .map(
@@ -45,7 +46,7 @@ function init(ctx) {
        }
        const infoEl = $("add-token-info");
        infoEl.textContent = "Looking up token...";
-        infoEl.classList.remove("hidden");
+        infoEl.style.visibility = "visible";
        log.debugf("Looking up token contract", contractAddr);
        try {
            const info = await lookupTokenInfo(contractAddr, state.rpcUrl);
@@ -63,7 +64,8 @@ function init(ctx) {
            const detail = e.shortMessage || e.message || String(e);
            log.errorf("Token lookup failed for", contractAddr, detail);
            showFlash(detail);
-            infoEl.classList.add("hidden");
+            infoEl.textContent = "";
+            infoEl.style.visibility = "hidden";
        }
    });

--- a/src/popup/views/addWallet.js
+++ b/src/popup/views/addWallet.js
@@ -11,6 +11,25 @@ const { encryptWithPassword } = require("../../shared/vault");
 const { state, saveState } = require("../../shared/state");
 const { scanForAddresses } = require("../../shared/balances");

+/**
+ * Check if an address already exists in ANY wallet (hd, xprv, or key).
+ * Returns the wallet object if found, or undefined.
+ */
+function findWalletByAddress(addr) {
+    const lower = addr.toLowerCase();
+    return state.wallets.find((w) =>
+        w.addresses.some((a) => a.address.toLowerCase() === lower),
+    );
+}
+
+/**
+ * Check if an xpub already exists in any HD-type wallet (hd or xprv).
+ * Returns the wallet object if found, or undefined.
+ */
+function findWalletByXpub(xpub) {
+    return state.wallets.find((w) => w.xpub && w.xpub === xpub);
+}
+
 let currentMode = "mnemonic";

 const MODES = ["mnemonic", "privkey", "xprv"];
@@ -52,7 +71,7 @@ function show() {
    $("import-xprv-key").value = "";
    $("add-wallet-password").value = "";
    $("add-wallet-password-confirm").value = "";
-    $("add-wallet-phrase-warning").classList.add("hidden");
+    $("add-wallet-phrase-warning").style.visibility = "hidden";
    switchMode("mnemonic");
    showView("add-wallet");
 }
@@ -97,18 +116,18 @@ async function importMnemonic(ctx) {
    const pw = validatePassword();
    if (!pw) return;
    const { xpub, firstAddress } = hdWalletFromMnemonic(mnemonic);
-    const duplicate = state.wallets.find(
-        (w) =>
-            w.type === "hd" &&
-            w.addresses[0] &&
-            w.addresses[0].address.toLowerCase() === firstAddress.toLowerCase(),
-    );
-    if (duplicate) {
+    const xpubDup = findWalletByXpub(xpub);
+    if (xpubDup) {
        showFlash(
-            "This recovery phrase is already added (" + duplicate.name + ").",
+            "This recovery phrase is already added (" + xpubDup.name + ").",
        );
        return;
    }
+    const addrDup = findWalletByAddress(firstAddress);
+    if (addrDup) {
+        showFlash("Address already exists in wallet (" + addrDup.name + ").");
+        return;
+    }
    const encrypted = await encryptWithPassword(mnemonic, pw);
    const walletNum = state.wallets.length + 1;
    const wallet = {
@@ -162,15 +181,10 @@ async function importPrivateKey(ctx) {
    }
    const pw = validatePassword();
    if (!pw) return;
-    const duplicate = state.wallets.find(
-        (w) =>
-            w.type === "key" &&
-            w.addresses[0] &&
-            w.addresses[0].address.toLowerCase() === addr.toLowerCase(),
-    );
+    const duplicate = findWalletByAddress(addr);
    if (duplicate) {
        showFlash(
-            "This private key is already added (" + duplicate.name + ").",
+            "This address already exists in wallet (" + duplicate.name + ").",
        );
        return;
    }
@@ -208,14 +222,14 @@ async function importXprvKey(ctx) {
        return;
    }
    const { xpub, firstAddress } = result;
-    const duplicate = state.wallets.find(
-        (w) =>
-            (w.type === "hd" || w.type === "xprv") &&
-            w.addresses[0] &&
-            w.addresses[0].address.toLowerCase() === firstAddress.toLowerCase(),
-    );
-    if (duplicate) {
-        showFlash("This key is already added (" + duplicate.name + ").");
+    const xpubDup = findWalletByXpub(xpub);
+    if (xpubDup) {
+        showFlash("This key is already added (" + xpubDup.name + ").");
+        return;
+    }
+    const addrDup = findWalletByAddress(firstAddress);
+    if (addrDup) {
+        showFlash("Address already exists in wallet (" + addrDup.name + ").");
        return;
    }
    const pw = validatePassword();
@@ -267,7 +281,7 @@ function init(ctx) {
    // Generate mnemonic
    $("btn-generate-phrase").addEventListener("click", () => {
        $("wallet-mnemonic").value = generateMnemonic();
-        $("add-wallet-phrase-warning").classList.remove("hidden");
+        $("add-wallet-phrase-warning").style.visibility = "visible";
    });

    // Import / confirm
--- a/src/popup/views/addressDetail.js
+++ b/src/popup/views/addressDetail.js
@@ -2,6 +2,7 @@ const {
    $,
    showView,
    showFlash,
+    flashCopyFeedback,
    balanceLinesForAddress,
    addressDotHtml,
    addressTitle,
@@ -241,6 +242,7 @@ function init(_ctx) {
        if (addr) {
            navigator.clipboard.writeText(addr);
            showFlash("Copied!");
+            flashCopyFeedback($("address-full"));
        }
    });

@@ -310,8 +312,8 @@ function init(_ctx) {
        $("export-privkey-address").textContent = addr.address;
        $("export-privkey-address").dataset.full = addr.address;
        $("export-privkey-password").value = "";
-        $("export-privkey-flash").classList.add("hidden");
        $("export-privkey-flash").textContent = "";
+        $("export-privkey-flash").style.visibility = "hidden";
        $("export-privkey-password-section").classList.remove("hidden");
        $("export-privkey-result").classList.add("hidden");
        $("export-privkey-value").textContent = "";
@@ -322,7 +324,7 @@ function init(_ctx) {
        const password = $("export-privkey-password").value;
        if (!password) {
            $("export-privkey-flash").textContent = "Password is required.";
-            $("export-privkey-flash").classList.remove("hidden");
+            $("export-privkey-flash").style.visibility = "visible";
            return;
        }
        const btn = $("btn-export-privkey-confirm");
@@ -343,10 +345,10 @@ function init(_ctx) {
            $("export-privkey-password-section").classList.add("hidden");
            $("export-privkey-value").textContent = privateKey;
            $("export-privkey-result").classList.remove("hidden");
-            $("export-privkey-flash").classList.add("hidden");
+            $("export-privkey-flash").style.visibility = "hidden";
        } catch {
            $("export-privkey-flash").textContent = "Wrong password.";
-            $("export-privkey-flash").classList.remove("hidden");
+            $("export-privkey-flash").style.visibility = "visible";
        } finally {
            btn.disabled = false;
            btn.classList.remove("text-muted");
@@ -358,6 +360,7 @@ function init(_ctx) {
        if (key) {
            navigator.clipboard.writeText(key);
            showFlash("Copied!");
+            flashCopyFeedback($("export-privkey-value"));
        }
    });

@@ -366,6 +369,7 @@ function init(_ctx) {
        if (full) {
            navigator.clipboard.writeText(full);
            showFlash("Copied!");
+            flashCopyFeedback($("export-privkey-address"));
        }
    });

--- a/src/popup/views/addressToken.js
+++ b/src/popup/views/addressToken.js
@@ -5,6 +5,7 @@ const {
    $,
    showView,
    showFlash,
+    flashCopyFeedback,
    addressDotHtml,
    addressTitle,
    escapeHtml,
@@ -317,6 +318,7 @@ function init(_ctx) {
        if (addr) {
            navigator.clipboard.writeText(addr);
            showFlash("Copied!");
+            flashCopyFeedback($("address-token-full"));
        }
    });

@@ -325,6 +327,7 @@ function init(_ctx) {
        if (copyEl) {
            navigator.clipboard.writeText(copyEl.dataset.copy);
            showFlash("Copied!");
+            flashCopyFeedback(copyEl);
        }
    });

@@ -373,6 +376,7 @@ function init(_ctx) {
            copyEl.addEventListener("click", () => {
                navigator.clipboard.writeText(copyEl.dataset.copy);
                showFlash("Copied!");
+                flashCopyFeedback(copyEl);
            });
        }
        updateSendBalance();
--- a/src/popup/views/approval.js
+++ b/src/popup/views/approval.js
@@ -269,7 +269,7 @@ function showTxApproval(details) {
    }

    $("approve-tx-password").value = "";
-    $("approve-tx-error").classList.add("hidden");
+    hideError("approve-tx-error");

    showView("approve-tx");
 }
@@ -351,10 +351,10 @@ function showSignApproval(details) {
    if (warningEl) {
        if (sp.dangerWarning) {
            warningEl.textContent = sp.dangerWarning;
-            warningEl.classList.remove("hidden");
+            warningEl.style.visibility = "visible";
        } else {
            warningEl.textContent = "";
-            warningEl.classList.add("hidden");
+            warningEl.style.visibility = "hidden";
        }
    }

--- a/src/popup/views/confirmTx.js
+++ b/src/popup/views/confirmTx.js
@@ -15,6 +15,7 @@ const {
    hideError,
    showView,
    showFlash,
+    flashCopyFeedback,
    addressTitle,
    addressDotHtml,
    escapeHtml,
@@ -24,7 +25,10 @@ const { getSignerForAddress } = require("../../shared/wallet");
 const { decryptWithPassword } = require("../../shared/vault");
 const { formatUsd, getPrice } = require("../../shared/prices");
 const { getProvider } = require("../../shared/balances");
-const { isScamAddress } = require("../../shared/scamlist");
+const {
+    getLocalWarnings,
+    getFullWarnings,
+} = require("../../shared/addressWarnings");
 const { ERC20_ABI, isBurnAddress } = require("../../shared/constants");
 const { log } = require("../../shared/log");
 const makeBlockie = require("ethereum-blockies-base64");
@@ -117,6 +121,7 @@ function show(txInfo) {
            copyEl.onclick = () => {
                navigator.clipboard.writeText(copyEl.dataset.copy);
                showFlash("Copied!");
+                flashCopyFeedback(copyEl);
            };
        }
    } else {
@@ -165,33 +170,23 @@ function show(txInfo) {
        $("confirm-balance").textContent = valueWithUsd(bal + " ETH", balUsd);
    }

-    // Check for warnings (synchronous checks)
-    const warnings = [];
-    if (isScamAddress(txInfo.to)) {
-        warnings.push(
-            "This address is on a known scam/fraud list. Do not send funds to this address.",
-        );
-    }
-    if (isBurnAddress(txInfo.to)) {
-        warnings.push(
-            "This is a known null/burn address. Funds sent here are permanently destroyed and cannot be recovered.",
-        );
-    }
-    if (txInfo.to.toLowerCase() === txInfo.from.toLowerCase()) {
-        warnings.push("You are sending to your own address.");
-    }
+    // Check for warnings (synchronous local checks)
+    const localWarnings = getLocalWarnings(txInfo.to, {
+        fromAddress: txInfo.from,
+    });

    const warningsEl = $("confirm-warnings");
-    if (warnings.length > 0) {
-        warningsEl.innerHTML = warnings
+    if (localWarnings.length > 0) {
+        warningsEl.innerHTML = localWarnings
            .map(
                (w) =>
-                    `<div class="border border-border border-dashed p-2 mb-1 text-xs font-bold">WARNING: ${w}</div>`,
+                    `<div class="border border-border border-dashed p-2 mb-1 text-xs font-bold">WARNING: ${w.message}</div>`,
            )
            .join("");
-        warningsEl.classList.remove("hidden");
+        warningsEl.style.visibility = "visible";
    } else {
-        warningsEl.classList.add("hidden");
+        warningsEl.innerHTML = "";
+        warningsEl.style.visibility = "hidden";
    }

    // Check for errors
@@ -229,11 +224,12 @@ function show(txInfo) {
        errorsEl.innerHTML = errors
            .map((e) => `<div class="text-xs">${e}</div>`)
            .join("");
-        errorsEl.classList.remove("hidden");
+        errorsEl.style.visibility = "visible";
        sendBtn.disabled = true;
        sendBtn.classList.add("text-muted");
    } else {
-        errorsEl.classList.add("hidden");
+        errorsEl.innerHTML = "";
+        errorsEl.style.visibility = "hidden";
        sendBtn.disabled = false;
        sendBtn.classList.remove("text-muted");
    }
@@ -243,7 +239,7 @@ function show(txInfo) {
    hideError("confirm-tx-password-error");

    // Gas estimate — show placeholder then fetch async
-    $("confirm-fee").classList.remove("hidden");
+    $("confirm-fee").style.visibility = "visible";
    $("confirm-fee-amount").textContent = "Estimating...";
    state.viewData = { pendingTx: txInfo };
    showView("confirm-tx");
@@ -305,15 +301,16 @@ async function estimateGas(txInfo) {
 async function checkRecipientHistory(txInfo) {
    try {
        const provider = getProvider(state.rpcUrl);
-        const code = await provider.getCode(txInfo.to);
-        if (code && code !== "0x") {
-            // Recipient is a contract — warn the user
-            $("confirm-contract-warning").style.visibility = "visible";
-            return;
-        }
-        const txCount = await provider.getTransactionCount(txInfo.to);
-        if (txCount === 0) {
-            $("confirm-recipient-warning").style.visibility = "visible";
+        const asyncWarnings = await getFullWarnings(txInfo.to, provider, {
+            fromAddress: txInfo.from,
+        });
+        for (const w of asyncWarnings) {
+            if (w.type === "contract") {
+                $("confirm-contract-warning").style.visibility = "visible";
+            }
+            if (w.type === "new-address") {
+                $("confirm-recipient-warning").style.visibility = "visible";
+            }
        }
    } catch (e) {
        log.errorf("recipient history check failed:", e.message);
--- a/src/popup/views/deleteWallet.js
+++ b/src/popup/views/deleteWallet.js
@@ -12,7 +12,7 @@ function show(walletIdx) {
        wallet.name || "Wallet " + (walletIdx + 1);
    $("delete-wallet-password").value = "";
    $("delete-wallet-flash").textContent = "";
-    $("delete-wallet-flash").classList.add("hidden");
+    $("delete-wallet-flash").style.visibility = "hidden";
    showView("delete-wallet-confirm");
 }

@@ -29,14 +29,14 @@ function init(_ctx) {
        if (!pw) {
            $("delete-wallet-flash").textContent =
                "Please enter your password.";
-            $("delete-wallet-flash").classList.remove("hidden");
+            $("delete-wallet-flash").style.visibility = "visible";
            return;
        }

        if (deleteWalletIndex === null) {
            $("delete-wallet-flash").textContent =
                "No wallet selected for deletion.";
-            $("delete-wallet-flash").classList.remove("hidden");
+            $("delete-wallet-flash").style.visibility = "visible";
            return;
        }

@@ -52,7 +52,7 @@ function init(_ctx) {
            await decryptWithPassword(wallet.encryptedSecret, pw);
        } catch (_e) {
            $("delete-wallet-flash").textContent = "Wrong password.";
-            $("delete-wallet-flash").classList.remove("hidden");
+            $("delete-wallet-flash").style.visibility = "visible";
            btn.disabled = false;
            btn.classList.remove("text-muted");
            return;
--- a/src/popup/views/helpers.js
+++ b/src/popup/views/helpers.js
@@ -40,11 +40,13 @@ function $(id) {
 function showError(id, msg) {
    const el = $(id);
    el.textContent = msg;
-    el.classList.remove("hidden");
+    el.style.visibility = "visible";
 }

 function hideError(id) {
-    $(id).classList.add("hidden");
+    const el = $(id);
+    el.textContent = "";
+    el.style.visibility = "hidden";
 }

 function showView(name) {
@@ -258,12 +260,26 @@ function timeAgo(timestamp) {
    return years + " year" + (years !== 1 ? "s" : "") + " ago";
 }

+function flashCopyFeedback(el) {
+    if (!el) return;
+    el.classList.remove("copy-flash-fade");
+    el.classList.add("copy-flash-active");
+    setTimeout(() => {
+        el.classList.remove("copy-flash-active");
+        el.classList.add("copy-flash-fade");
+        setTimeout(() => {
+            el.classList.remove("copy-flash-fade");
+        }, 275);
+    }, 75);
+}
+
 module.exports = {
    $,
    showError,
    hideError,
    showView,
    showFlash,
+    flashCopyFeedback,
    balanceLine,
    balanceLinesForAddress,
    addressColor,
--- a/src/popup/views/home.js
+++ b/src/popup/views/home.js
@@ -2,6 +2,7 @@ const {
    $,
    showView,
    showFlash,
+    flashCopyFeedback,
    balanceLinesForAddress,
    isoDate,
    timeAgo,
@@ -85,9 +86,10 @@ function renderActiveAddress() {
        el.innerHTML =
            `<span class="underline decoration-dashed cursor-pointer" id="active-addr-copy">${dot}${escapeHtml(addr)}</span>` +
            `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
-        $("active-addr-copy").addEventListener("click", () => {
+        $("active-addr-copy").addEventListener("click", (e) => {
            navigator.clipboard.writeText(addr);
            showFlash("Copied!");
+            flashCopyFeedback(e.currentTarget);
        });
    } else {
        el.textContent = "";
--- a/src/popup/views/receive.js
+++ b/src/popup/views/receive.js
@@ -2,6 +2,7 @@ const {
    $,
    showView,
    showFlash,
+    flashCopyFeedback,
    formatAddressHtml,
    addressTitle,
 } = require("./helpers");
@@ -52,19 +53,21 @@ function show() {
            "This is an ERC-20 token. Only send " +
            symbol +
            " on the Ethereum network to this address. Sending tokens on other networks will result in permanent loss.";
-        warningEl.classList.remove("hidden");
+        warningEl.style.visibility = "visible";
    } else {
-        warningEl.classList.add("hidden");
+        warningEl.textContent = "";
+        warningEl.style.visibility = "hidden";
    }
    showView("receive");
 }

 function init(ctx) {
-    $("receive-address-block").addEventListener("click", () => {
+    $("receive-address-block").addEventListener("click", (e) => {
        const addr = $("receive-address-block").dataset.full;
        if (addr) {
            navigator.clipboard.writeText(addr);
            showFlash("Copied!");
+            flashCopyFeedback(e.currentTarget);
        }
    });

@@ -73,6 +76,7 @@ function init(ctx) {
        if (addr) {
            navigator.clipboard.writeText(addr);
            showFlash("Copied!");
+            flashCopyFeedback($("receive-address-block"));
        }
    });

--- a/src/popup/views/settingsAddToken.js
+++ b/src/popup/views/settingsAddToken.js
@@ -73,7 +73,8 @@ function renderDropdown() {

 function show() {
    $("settings-addtoken-address").value = "";
-    $("settings-addtoken-info").classList.add("hidden");
+    $("settings-addtoken-info").textContent = "";
+    $("settings-addtoken-info").style.visibility = "hidden";
    renderTop10();
    renderDropdown();
    showView("settings-addtoken");
@@ -129,7 +130,7 @@ function init(_ctx) {
        }
        const infoEl = $("settings-addtoken-info");
        infoEl.textContent = "Looking up token...";
-        infoEl.classList.remove("hidden");
+        infoEl.style.visibility = "visible";
        log.debugf("Looking up token contract", addr);
        try {
            const info = await lookupTokenInfo(addr, state.rpcUrl);
@@ -143,7 +144,8 @@ function init(_ctx) {
            await saveState();
            showFlash("Added " + info.symbol);
            $("settings-addtoken-address").value = "";
-            infoEl.classList.add("hidden");
+            infoEl.textContent = "";
+            infoEl.style.visibility = "hidden";
            renderTop10();
            renderDropdown();
            ctx.doRefreshAndRender();
@@ -151,7 +153,8 @@ function init(_ctx) {
            const detail = e.shortMessage || e.message || String(e);
            log.errorf("Token lookup failed for", addr, detail);
            showFlash(detail);
-            infoEl.classList.add("hidden");
+            infoEl.textContent = "";
+            infoEl.style.visibility = "hidden";
        }
    });
 }
--- a/src/popup/views/transactionDetail.js
+++ b/src/popup/views/transactionDetail.js
@@ -5,6 +5,7 @@ const {
    $,
    showView,
    showFlash,
+    flashCopyFeedback,
    addressDotHtml,
    addressTitle,
    escapeHtml,
@@ -171,6 +172,7 @@ function render() {
            el.onclick = () => {
                navigator.clipboard.writeText(el.dataset.copy);
                showFlash("Copied!");
+                flashCopyFeedback(el);
            };
        });
 }
@@ -248,6 +250,7 @@ async function loadCalldata(txHash, toAddress) {
                el.onclick = () => {
                    navigator.clipboard.writeText(el.dataset.copy);
                    showFlash("Copied!");
+                    flashCopyFeedback(el);
                };
            });
        }
--- a/src/popup/views/txStatus.js
+++ b/src/popup/views/txStatus.js
@@ -4,6 +4,7 @@ const {
    $,
    showView,
    showFlash,
+    flashCopyFeedback,
    addressDotHtml,
    addressTitle,
    escapeHtml,
@@ -77,6 +78,7 @@ function attachCopyHandlers(viewId) {
            el.onclick = () => {
                navigator.clipboard.writeText(el.dataset.copy);
                showFlash("Copied!");
+                flashCopyFeedback(el);
            };
        });
 }
--- a/src/shared/addressWarnings.js
+++ b/src/shared/addressWarnings.js
@@ -0,0 +1,98 @@
+// Address warning module.
+// Provides local and async (RPC-based) warning checks for Ethereum addresses.
+// Returns arrays of {type, message, severity} objects.
+
+const { isScamAddress } = require("./scamlist");
+const { isBurnAddress } = require("./constants");
+const { log } = require("./log");
+
+/**
+ * Check an address against local-only lists (scam, burn, self-send).
+ * Synchronous — no network calls.
+ *
+ * @param {string} address - The target address to check.
+ * @param {object} [options] - Optional context.
+ * @param {string} [options.fromAddress] - Sender address (for self-send check).
+ * @returns {Array<{type: string, message: string, severity: string}>}
+ */
+function getLocalWarnings(address, options = {}) {
+    const warnings = [];
+    const addr = address.toLowerCase();
+
+    if (isScamAddress(addr)) {
+        warnings.push({
+            type: "scam",
+            message:
+                "This address is on a known scam/fraud list. Do not send funds to this address.",
+            severity: "critical",
+        });
+    }
+
+    if (isBurnAddress(addr)) {
+        warnings.push({
+            type: "burn",
+            message:
+                "This is a known null/burn address. Funds sent here are permanently destroyed and cannot be recovered.",
+            severity: "critical",
+        });
+    }
+
+    if (options.fromAddress && addr === options.fromAddress.toLowerCase()) {
+        warnings.push({
+            type: "self-send",
+            message: "You are sending to your own address.",
+            severity: "warning",
+        });
+    }
+
+    return warnings;
+}
+
+/**
+ * Check an address against local lists AND via RPC queries.
+ * Async — performs network calls to check contract status and tx history.
+ *
+ * @param {string} address - The target address to check.
+ * @param {object} provider - An ethers.js provider instance.
+ * @param {object} [options] - Optional context.
+ * @param {string} [options.fromAddress] - Sender address (for self-send check).
+ * @returns {Promise<Array<{type: string, message: string, severity: string}>>}
+ */
+async function getFullWarnings(address, provider, options = {}) {
+    const warnings = getLocalWarnings(address, options);
+
+    try {
+        const code = await provider.getCode(address);
+        if (code && code !== "0x") {
+            warnings.push({
+                type: "contract",
+                message:
+                    "This address is a smart contract, not a regular wallet.",
+                severity: "warning",
+            });
+            // If it's a contract, skip the tx count check — contracts
+            // may legitimately have zero inbound EOA transactions.
+            return warnings;
+        }
+    } catch (e) {
+        log.errorf("contract check failed:", e.message);
+    }
+
+    try {
+        const txCount = await provider.getTransactionCount(address);
+        if (txCount === 0) {
+            warnings.push({
+                type: "new-address",
+                message:
+                    "This address has never sent a transaction. Double-check it is correct.",
+                severity: "info",
+            });
+        }
+    } catch (e) {
+        log.errorf("tx count check failed:", e.message);
+    }
+
+    return warnings;
+}
+
+module.exports = { getLocalWarnings, getFullWarnings };
--- a/src/shared/scamlist.js
+++ b/src/shared/scamlist.js
Author	SHA1	Message	Date
clawbot	c67dab1c96	feat: expand confirm-tx warnings — closes #114 All checks were successful check / check (push) Successful in 21s Details - Refactor address warnings into src/shared/addressWarnings.js module - getLocalWarnings(address, options): sync checks against local lists - getFullWarnings(address, provider, options): async local + RPC checks - Expand scam address list from 652 to 2417 addresses - Added EtherScamDB (MIT) as additional source - Update confirmTx.js to use the new addressWarnings module	2026-03-01 03:40:23 -08:00
Jeffrey Paul	834228b572	Merge pull request 'fix: reserve space for all error/status messages — closes #123 ' (#124 ) from fix/issue-123-layout-shift-audit into main All checks were successful check / check (push) Successful in 8s Details Reviewed-on: #124	2026-03-01 12:33:08 +01:00
clawbot	813993f17c	fix: reserve space for all error/status messages — closes #123 All checks were successful check / check (push) Successful in 22s Details Replace display:none (hidden class) with visibility:hidden/visible for all error, warning, and status message elements across the extension UI. This prevents layout shift when messages appear or disappear. Changes: - helpers.js: showError/hideError now use visibility instead of hidden class - index.html: all error/status divs use visibility:hidden + min-height - confirmTx.js: warnings, errors, fee section use visibility - approval.js: tx-error, sign-error, danger-warning use visibility - addressDetail.js: export-privkey-flash uses visibility - deleteWallet.js: delete-wallet-flash uses visibility - addWallet.js: phrase-warning uses visibility - receive.js: erc20-warning uses visibility - addToken.js: add-token-info uses visibility - settingsAddToken.js: settings-addtoken-info uses visibility	2026-02-28 16:30:43 -08:00
Jeffrey Paul	5f01d9f111	Merge pull request 'feat: speed up copy-flash timing by ~25% — follow-up to #113 ' (#121 ) from fix/issue-100-faster-copy-flash into main All checks were successful check / check (push) Successful in 11s Details Reviewed-on: #121	2026-03-01 01:21:24 +01:00
user	d78af3ec80	feat: speed up copy-flash timing by ~25% All checks were successful check / check (push) Successful in 20s Details Reduce active phase from 100ms to 75ms, fade transition from 300ms to 225ms, and cleanup delay from 350ms to 275ms for snappier feedback. Refs #100	2026-02-28 16:17:07 -08:00
Jeffrey Paul	753fb5658a	Merge pull request 'fix: cross-wallet-type duplicate detection — closes #111 ' (#115 ) from fix/issue-111-cross-wallet-dedup into main All checks were successful check / check (push) Successful in 9s Details Reviewed-on: #115	2026-03-01 01:13:15 +01:00
Jeffrey Paul	bdb2031d46	Merge branch 'main' into fix/issue-111-cross-wallet-dedup All checks were successful check / check (push) Successful in 21s Details	2026-03-01 01:13:06 +01:00
Jeffrey Paul	25ecaee128	Merge pull request 'feat: add copy-flash visual feedback — closes #100 ' (#113 ) from fix/issue-100-copy-flash-feedback into main All checks were successful check / check (push) Successful in 21s Details Reviewed-on: #113	2026-03-01 01:12:40 +01:00
user	ff4b5ee24d	feat: add copy-flash visual feedback on click-to-copy All checks were successful check / check (push) Successful in 9s Details When a user clicks to copy text (addresses, tx hashes, etc.), the copied element now briefly flashes with inverted colors (bg/fg swap) and fades back over ~300ms. This provides localized visual feedback in addition to the existing flash message. Applied to all click-to-copy elements across all views. closes #100	2026-03-01 01:01:34 +01:00
user	ca6e9054f9	fix: cross-wallet-type duplicate detection for all import methods All checks were successful check / check (push) Successful in 22s Details - Private key import now checks ALL wallets (hd, xprv, key) for address conflicts - xprv import now checks xpub against existing xpubs and addresses across all wallet types - Mnemonic import now checks xpub against xprv wallets and addresses across all types - Extract findWalletByAddress() and findWalletByXpub() helpers for consistent dedup closes #111	2026-02-28 15:58:47 -08:00