sneak/AutistMask
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: sneak:f2e44ff4ab6c1250a3166092e5ffa74811413bf2
Branches Tags
sneak:main sneak:feat/issue-144-settings-about sneak:feat/issue-131-transaction-view-layout sneak:fix/116-timestamps-include-timezone sneak:feature/expanded-warnings sneak:fix/cross-wallet-duplicate-detection sneak:feature/copy-flash-feedback sneak:feature/issue-82-new-address-warning sneak:feature/82-warn-new-address sneak:issue-99-block-number-external-link sneak:issue-99-block-number-styling sneak:feature/82-zero-history-warning sneak:fix/issue-99-block-number-link-copy sneak:fix/99-block-number-clickable sneak:fix/87-consistent-error-display-v2 sneak:fix/87-consistent-error-display sneak:fix/consistent-error-display sneak:fix/77-confirm-tx-persist sneak:fix/issue-72-address-token-tx-history sneak:fix/70-confirm-tx-contract-display sneak:fix/issue-58-receive-address-consistency sneak:fix/59-transaction-view-ui-policies sneak:fix/55-swap-show-own-address sneak:feature/show-private-key sneak:feat/message-signing
sneak:v0.1.0
...
compare: sneak:feature/show-private-key
Branches Tags
sneak:feat/issue-144-settings-about sneak:main sneak:feat/issue-131-transaction-view-layout sneak:fix/116-timestamps-include-timezone sneak:feature/expanded-warnings sneak:fix/cross-wallet-duplicate-detection sneak:feature/copy-flash-feedback sneak:feature/issue-82-new-address-warning sneak:feature/82-warn-new-address sneak:issue-99-block-number-external-link sneak:issue-99-block-number-styling sneak:feature/82-zero-history-warning sneak:fix/issue-99-block-number-link-copy sneak:fix/99-block-number-clickable sneak:fix/87-consistent-error-display-v2 sneak:fix/87-consistent-error-display sneak:fix/consistent-error-display sneak:fix/77-confirm-tx-persist sneak:fix/issue-72-address-token-tx-history sneak:fix/70-confirm-tx-contract-display sneak:fix/issue-58-receive-address-consistency sneak:fix/59-transaction-view-ui-policies sneak:fix/55-swap-show-own-address sneak:feature/show-private-key sneak:feat/message-signing
sneak:v0.1.0

44 Commits
f2e44ff4ab ... feature/sh

Author SHA1 Message Date
user
78c050e1fa feat: add private key viewing for addresses
All checks were successful
check / check (push) Successful in 22s
Details 
Add a 'Show private key' button on the address detail view that opens
a dedicated password-prompt screen with a clear warning about key
sensitivity. After correct password entry, the derived private key is
displayed in a read-only well with a copy button.

- Add getPrivateKeyForAddress() to wallet.js
- Add showPrivateKey view with password verification
- Add clipboard policy section to README explaining why we never
  auto-clear the clipboard
- Register new view in helpers.js VIEWS array and wire up in index.js

Closes #19
 2026-02-28 07:40:25 -08:00
Jeffrey Paul
fb67359b3f Merge pull request 'fix: add reverse ENS lookups for all displayed addresses (closes #22)' (#25) from fix/reverse-ens-lookups into main
All checks were successful
check / check (push) Successful in 9s
Details 
Reviewed-on: #25
 2026-02-28 10:06:45 +01:00
Jeffrey Paul
1986704569 Merge branch 'main' into fix/reverse-ens-lookups
All checks were successful
check / check (push) Successful in 21s
Details
2026-02-28 10:05:16 +01:00
Jeffrey Paul
49c29f6bb3 Merge pull request 'fix: preserve ENS names on lookup failure, add debug logging (closes #22)' (#24) from fix/ens-reverse-lookup into main
All checks were successful
check / check (push) Successful in 8s
Details 
Reviewed-on: #24
 2026-02-28 10:05:03 +01:00
Jeffrey Paul
cdb7f478e2 Merge branch 'main' into fix/ens-reverse-lookup
All checks were successful
check / check (push) Successful in 22s
Details
2026-02-28 10:04:26 +01:00
Jeffrey Paul
cbe77d0224 Merge pull request 'fix: show wallet/address titles across all views (closes #26, closes #27, closes #28, closes #29)' (#30) from fix/address-title-consistency into main
All checks were successful
check / check (push) Successful in 9s
Details 
Reviewed-on: #30
 2026-02-28 10:03:40 +01:00
user
2abb720d54 fix: show wallet/address titles in addressDetail and addressToken tx lists (closes #29)
All checks were successful
check / check (push) Successful in 21s
Details
2026-02-27 14:30:09 -08:00
user
bf9a483031 fix: show wallet/address titles in send, txStatus, and home tx list (closes #26, closes #27, closes #28)
All checks were successful
check / check (push) Successful in 22s
Details 
- send.js: show addressTitle() above ENS name and address in From field
- txStatus.js: show addressTitle() in To address when it's a local wallet
- home.js: show addressTitle() for counterparties in tx list when they
  are local wallet addresses
 2026-02-27 14:28:20 -08:00
clawbot
79fec8551f fix: add reverse ENS lookups for all displayed addresses (closes #22)
All checks were successful
check / check (push) Successful in 22s
Details 
Previously, ENS reverse lookups were only performed for the single
counterparty address (from or to depending on direction). This meant
contract interaction targets and the non-counterparty side of
transactions never got ENS names resolved.

Now both from and to addresses are collected for ENS resolution,
ensuring all displayed addresses show their ENS names when available.
 2026-02-27 14:26:04 -08:00
user
da428a3815 fix: preserve ENS names on lookup failure, add debug logging (closes #22)
All checks were successful
check / check (push) Successful in 22s
Details 
Two issues that could cause ENS names to disappear:

1. refreshBalances: on ENS lookup error, addr.ensName was set to null,
   wiping any previously resolved name. Now keeps the existing value
   on error — only overwrites on successful lookup.

2. ens.js cache: failed lookups were cached as null for 12 hours,
   preventing retries even after transient errors resolved. Now skips
   caching on failure so subsequent lookups retry immediately.

Added debug logging to ENS reverse lookups in refreshBalances.
 2026-02-27 14:24:32 -08:00
Jeffrey Paul
171b21c5d8 Merge pull request 'fix: show wallet name for own addresses on approve-tx view (closes #21)' (#23) from fix/approval-address-title into main
All checks were successful
check / check (push) Successful in 9s
Details 
Reviewed-on: #23
 2026-02-27 23:20:26 +01:00
Jeffrey Paul
e7a960c601 Merge branch 'main' into fix/approval-address-title
All checks were successful
check / check (push) Successful in 22s
Details
2026-02-27 23:20:14 +01:00
Jeffrey Paul
b69eec40ef Merge pull request 'fix: low-severity security findings L3, L4, L5 (closes #6)' (#8) from fix/low-severity-security into main
All checks were successful
check / check (push) Successful in 9s
Details 
Reviewed-on: #8
 2026-02-27 23:19:08 +01:00
Jeffrey Paul
cacf2c683c Merge branch 'main' into fix/low-severity-security
All checks were successful
check / check (push) Successful in 22s
Details
2026-02-27 23:18:53 +01:00
user
15e856e63f fix: show wallet name for own addresses on approve-tx view (closes #21)
All checks were successful
check / check (push) Successful in 21s
Details 
The approve-tx view was showing raw addresses for From/To even when they
belonged to the user's wallet. Now uses addressTitle() to display the
wallet name (e.g. 'My Wallet — Address 1') consistently with other views.
 2026-02-27 14:18:29 -08:00
Jeffrey Paul
43e10521ef Merge pull request 'fix: add fallback popup window for tx/sign approval requests (closes #4)' (#17) from fix/tx-approval-popup into main
All checks were successful
check / check (push) Successful in 8s
Details 
Reviewed-on: #17
 2026-02-27 23:15:02 +01:00
Jeffrey Paul
04ba926d43 Merge branch 'main' into fix/tx-approval-popup
All checks were successful
check / check (push) Successful in 22s
Details
2026-02-27 23:10:58 +01:00
clawbot
4fdbc5adae fmt: prettier format content/index.js
All checks were successful
check / check (push) Successful in 21s
Details
2026-02-27 14:10:37 -08:00
Jeffrey Paul
85427e1fd4 Merge branch 'main' into fix/low-severity-security
Some checks failed
check / check (push) Failing after 13s
Details
2026-02-27 23:08:40 +01:00
Jeffrey Paul
8226495994 Merge pull request 'fix: display swaps and contract calls correctly in tx history (closes #3)' (#10) from fix/swap-display into main
All checks were successful
check / check (push) Successful in 9s
Details 
Reviewed-on: #10
 2026-02-27 23:08:16 +01:00
Jeffrey Paul
2f57370155 Merge branch 'main' into fix/swap-display
All checks were successful
check / check (push) Successful in 22s
Details
2026-02-27 23:07:31 +01:00
Jeffrey Paul
c6d5cf4e64 Merge pull request 'feat: add wallet deletion from settings (closes #13)' (#14) from feat/delete-wallet into main
All checks were successful
check / check (push) Successful in 22s
Details 
Reviewed-on: #14
 2026-02-27 23:04:45 +01:00
clawbot
34e29d7659 fix: re-render wallet list after deletion by calling showSettingsView
All checks were successful
check / check (push) Successful in 21s
Details
2026-02-27 14:02:44 -08:00
Jeffrey Paul
6d0531f1b4 Merge pull request 'fix: use grey well for contract address in address-token view (closes #9)' (#15) from fix/address-token-grey-well into main
All checks were successful
check / check (push) Successful in 21s
Details 
Reviewed-on: #15
 2026-02-27 23:00:00 +01:00
clawbot
8893f5dce7 refactor: delete-wallet-confirm as standalone full view
All checks were successful
check / check (push) Successful in 22s
Details 
Replace the inline confirmation div at the bottom of Settings with a
proper full-screen view (view-delete-wallet-confirm). This fixes the
issue where the confirmation was offscreen on the 360x600 popup.

- New view with back button, title, warning text, password input,
  and red-text Confirm Delete button
- Dedicated flash area for password errors
- New deleteWallet.js module with init/show pattern
- Added delete-wallet-confirm to VIEWS array in helpers.js
- Removed old inline confirmation HTML and logic from settings
 2026-02-27 13:58:58 -08:00
clawbot
2bffa91045 fix: reduce contract info well margins to prevent address wrapping
All checks were successful
check / check (push) Successful in 22s
Details
2026-02-27 13:54:19 -08:00
clawbot
2b0b889b01 fix: use wallet.encryptedSecret not wallet.encrypted for password verify
All checks were successful
check / check (push) Successful in 22s
Details
2026-02-27 13:52:08 -08:00
clawbot
5936199676 fix: place color dot next to address, not title, matching convention
All checks were successful
check / check (push) Successful in 22s
Details
2026-02-27 13:03:43 -08:00
user
8824237db6 fix: match approval view display consistency for decoded calldata
All checks were successful
check / check (push) Successful in 21s
Details 
- Restructured calldata section to use same well layout as approval view:
  Action label + bold name + structured details
- Always show raw data section below decoded well
- Unknown contract calls show method name in well instead of inline
 2026-02-27 13:01:53 -08:00
user
aaeb38d7c6 fix: show Swap type label and heading on transaction detail page
All checks were successful
check / check (push) Successful in 21s
Details
2026-02-27 13:00:07 -08:00
clawbot
107c243f65 fix: use consistent [x] delete buttons, add inline rename
All checks were successful
check / check (push) Successful in 8s
Details 
- Delete buttons now use [x] with border, matching token and site
  removal patterns in settings
- Wallet names are click-to-rename (inline input), matching the
  home view rename UX
 2026-02-27 12:53:46 -08:00
clawbot
655b90c7df feat: add wallet deletion from settings (closes #13) 
- Per-wallet [delete] links in settings wallet list
- Monochrome styling throughout, no red/danger colors
- Password confirmation modal with warning text
- Cleans up site permissions for deleted addresses
- Switches to first remaining wallet or shows welcome if none left
 2026-02-27 12:53:46 -08:00
clawbot
34cd72be88 fix: rework wallet deletion per review feedback 
- Remove all red/danger styling, use standard monochrome colors
- Add wallet picker dropdown instead of relying on selectedWallet
- Fix encryptedSecret field name (was wallet.encrypted)
- Populate dropdown when settings view opens
- Confirmation modal uses standard border styling
 2026-02-27 12:53:46 -08:00
user
689bcbf171 feat: add wallet deletion from settings (closes #13) 2026-02-27 12:53:46 -08:00
clawbot
3b419c7517 fix: add missing TOKEN_BY_ADDRESS import in addressToken view
All checks were successful
check / check (push) Successful in 22s
Details
2026-02-27 12:50:26 -08:00
clawbot
3fd3e30f44 fix: label swap methods as "Swap" in tx lists, remove unused variable
All checks were successful
check / check (push) Successful in 23s
Details 
- Map known DEX methods (execute, swap, multicall, etc.) to "Swap"
  label instead of raw method name like "Execute"
- Remove unused displayData variable in transactionDetail.js

Addresses review feedback on PR #10.
 2026-02-27 12:31:25 -08:00
clawbot
76059c3674 fix: display swaps and contract calls correctly in tx history (closes #3) 
- Preserve contract call metadata (direction, label, method) when token
  transfers merge with normal txs in fetchRecentTransactions
- Handle 'contract' direction in counterparty display for home and
  address detail list views
- Add decoded calldata display to transaction detail view, fetching
  raw input from Blockscout and using decodeCalldata from approval.js
- Show 'Unknown contract call' with raw hex for unrecognized calldata
- Export decodeCalldata from approval.js for reuse
 2026-02-27 12:31:13 -08:00
clawbot
8332570758 fix: increase well horizontal margin to mx-4 per review
All checks were successful
check / check (push) Successful in 22s
Details
2026-02-27 12:27:23 -08:00
clawbot
7b004ddda4 fix: rework contract info well per review feedback
All checks were successful
check / check (push) Successful in 22s
Details 
- Remove border, add rounded corners and horizontal margin
- Each attribute on its own line (key: value format)
- Move well below send/receive buttons
- Add project/token URL from tokenlist when available
- Import TOKEN_BY_ADDRESS for URL lookup
 2026-02-27 12:26:24 -08:00
clawbot
91eefa1667 fix: use grey well for contract address display in address-token view
All checks were successful
check / check (push) Successful in 22s
Details 
- Replace border-b styling with bg-hover + dashed border for visual
  distinction from wallet address
- Rename label from "Token Contract" to "Contract Address"
- Addresses feedback on #9
 2026-02-27 12:15:35 -08:00
user
27f16191b4 fix(L4): use location.origin for postMessage, one-shot UUID listener
Some checks failed
check / check (push) Failing after 13s
Details 
- Content script sends UUID via location.origin instead of "*"
- Inpage UUID listener removes itself after first message to prevent
  malicious pages from overriding the persisted UUID
 2026-02-27 11:58:57 -08:00
clawbot
909543e943 fix(L5): truncate token name/symbol from RPC responses 
Limits token name to 64 chars and symbol to 12 chars to prevent
storage of excessively long values from malicious contracts.
 2026-02-27 11:58:19 -08:00
clawbot
04a34d1a5e fix(L4): generate EIP-6963 provider UUID at install time 
UUID is generated once via crypto.randomUUID(), persisted in
chrome.storage.local, and sent from the content script to the
inpage script via postMessage.
 2026-02-27 11:58:19 -08:00
clawbot
98f68adb11 fix(L3): isUnlocked() returns false when no accounts exposed 
_metamask.isUnlocked() now checks provider.selectedAddress instead of
always returning true.
 2026-02-27 11:58:19 -08:00
20 changed files with 705 additions and 64 deletions
Expand all files Collapse all files

35
README.md
View File

@@ -213,6 +213,22 @@ create an address with the same visible characters and trick the user into
sending funds to it. Showing the complete identifier defeats this class of sending funds to it. Showing the complete identifier defeats this class of
attack. attack.
#### Clipboard Policy
AutistMask never clears or overwrites the user's clipboard. When sensitive data
such as a private key is copied, it is the user's responsibility to manage their
clipboard afterwards. We deliberately avoid auto-clearing the clipboard for two
reasons:
1. **User expectations**: silently modifying the clipboard violates the
principle of least surprise. The user initiated the copy and knows the
content is sensitive.
2. **Data safety**: the user may have copied something else important in the
intervening time. A timed clipboard clear would destroy that unrelated data.
The warning shown before revealing a private key makes it clear that the key is
sensitive and that clipboard management is the user's responsibility.
#### Data Model #### Data Model
The core hierarchy is **Wallets → Addresses**: The core hierarchy is **Wallets → Addresses**:
@@ -316,15 +332,34 @@ transitions.
- Balance list: ETH + tracked ERC-20 tokens (4 decimal places, USD inline). - Balance list: ETH + tracked ERC-20 tokens (4 decimal places, USD inline).
Each balance row is clickable → **AddressToken** Each balance row is clickable → **AddressToken**
- Send / Receive / + Token buttons - Send / Receive / + Token buttons
- "Show private key" button
- Transaction list (with ENS resolution for counterparties) - Transaction list (with ENS resolution for counterparties)
- **Transitions**: - **Transitions**:
- Tap balance row → **AddressToken** (for that token) - Tap balance row → **AddressToken** (for that token)
- "Send" → **Send** - "Send" → **Send**
- "Receive" → **Receive** - "Receive" → **Receive**
- "+ Token" → **AddToken** - "+ Token" → **AddToken**
- "Show private key" → **ShowPrivateKey**
- Tap transaction row → **TransactionDetail** - Tap transaction row → **TransactionDetail**
- "Back" → **Home** - "Back" → **Home**
#### ShowPrivateKey
- **When**: User clicked "Show private key" on AddressDetail.
- **Elements**:
- "Back" button
- Title: "Display Private Key"
- Warning box (lock + money icons) explaining the key controls funds and
that the user is responsible for clipboard management
- Password input
- "Display Private Key" button (with lock + money icons)
- After reveal: private key in a read-only well (monospace, select-all),
Copy button, Done button
- **Transitions**:
- "Display Private Key" (correct password) → reveals key in-place
- "Copy" → copies key to clipboard
- "Done" / "Back" → **AddressDetail** (key cleared from DOM)
#### AddressToken #### AddressToken
- **When**: User clicked a specific token balance on AddressDetail. - **When**: User clicked a specific token balance on AddressDetail.

20
src/content/index.js
View File

@@ -13,6 +13,26 @@ if (typeof browser !== "undefined") {
(document.head || document.documentElement).appendChild(script); (document.head || document.documentElement).appendChild(script);
} }
// Send the persisted EIP-6963 provider UUID to the inpage script.
// Generated once at install time and stored in chrome.storage.local.
(function sendProviderUuid() {
const storage =
typeof browser !== "undefined"
? browser.storage.local
: chrome.storage.local;
storage.get("eip6963Uuid", (items) => {
let uuid = items?.eip6963Uuid;
if (!uuid) {
uuid = crypto.randomUUID();
storage.set({ eip6963Uuid: uuid });
}
window.postMessage(
{ type: "AUTISTMASK_PROVIDER_UUID", uuid },
location.origin,
);
});
})();
// Relay requests from the page to the background script // Relay requests from the page to the background script
window.addEventListener("message", (event) => { window.addEventListener("message", (event) => {
if (event.source !== window) return; if (event.source !== window) return;

37
src/content/inpage.js
View File

@@ -9,7 +9,7 @@
const pending = {}; const pending = {};
// Listen for responses from the content script // Listen for responses from the content script
window.addEventListener("message", (event) => { window.addEventListener("message", function onUuid(event) {
if (event.source !== window) return; if (event.source !== window) return;
if (event.data?.type !== "AUTISTMASK_RESPONSE") return; if (event.data?.type !== "AUTISTMASK_RESPONSE") return;
const { id, result, error } = event.data; const { id, result, error } = event.data;
@@ -24,7 +24,7 @@
}); });
// Listen for events pushed from the extension // Listen for events pushed from the extension
window.addEventListener("message", (event) => { window.addEventListener("message", function onUuid(event) {
if (event.source !== window) return; if (event.source !== window) return;
if (event.data?.type !== "AUTISTMASK_EVENT") return; if (event.data?.type !== "AUTISTMASK_EVENT") return;
const { eventName, data } = event.data; const { eventName, data } = event.data;
@@ -134,7 +134,7 @@
// Some dApps (wagmi) check this to confirm MetaMask-like behavior // Some dApps (wagmi) check this to confirm MetaMask-like behavior
_metamask: { _metamask: {
isUnlocked() { isUnlocked() {
return Promise.resolve(true); return Promise.resolve(provider.selectedAddress !== null);
}, },
}, },
}; };
@@ -155,21 +155,38 @@
"</svg>", "</svg>",
); );
const providerInfo = { let providerUuid = crypto.randomUUID(); // fallback until real UUID arrives
uuid: "f3c5b2a1-8d4e-4f6a-9c7b-1e2d3a4b5c6d",
name: "AutistMask", function buildProviderInfo() {
icon: ICON_SVG, return {
rdns: "berlin.sneak.autistmask", uuid: providerUuid,
}; name: "AutistMask",
icon: ICON_SVG,
rdns: "berlin.sneak.autistmask",
};
}
function announceProvider() { function announceProvider() {
window.dispatchEvent( window.dispatchEvent(
new CustomEvent("eip6963:announceProvider", { new CustomEvent("eip6963:announceProvider", {
detail: Object.freeze({ info: providerInfo, provider }), detail: Object.freeze({
info: buildProviderInfo(),
provider,
}),
}), }),
); );
} }
// Listen for the persisted UUID from the content script
function onProviderUuid(event) {
if (event.source !== window) return;
if (event.data?.type !== "AUTISTMASK_PROVIDER_UUID") return;
window.removeEventListener("message", onProviderUuid);
providerUuid = event.data.uuid;
announceProvider();
}
window.addEventListener("message", onProviderUuid);
window.addEventListener("eip6963:requestProvider", announceProvider); window.addEventListener("eip6963:requestProvider", announceProvider);
announceProvider(); announceProvider();
})(); })();

162
src/popup/index.html
View File

@@ -307,6 +307,15 @@
</button> </button>
</div> </div>
<div class="mb-3">
<button
id="btn-show-private-key"
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer text-xs"
>
&#128274; Show private key
</button>
</div>
<!-- transactions --> <!-- transactions -->
<div class="mt-3"> <div class="mt-3">
<div class="border-b border-border pb-1 mb-1"> <div class="border-b border-border pb-1 mb-1">
@@ -318,6 +327,77 @@
</div> </div>
</div> </div>
<!-- ============ SHOW PRIVATE KEY ============ -->
<div id="view-show-private-key" class="view hidden">
<button
id="btn-show-pk-back"
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer mb-2"
>
&lt; Back
</button>
<h2 class="font-bold mb-2">Display Private Key</h2>
<!-- password prompt section -->
<div id="show-pk-prompt">
<div
class="border border-border border-dashed p-3 mb-3 text-xs"
>
<p class="mb-1">
&#128274;&#128176; Your private key controls this
address and all its funds. Anyone who has it can
spend your tokens.
</p>
<p>
Do not share it. Do not paste it into websites. If
you copy it, you are responsible for clearing your
clipboard when you are done.
</p>
</div>
<div class="mb-2">
<label class="block mb-1">Password</label>
<input
type="password"
id="show-pk-password"
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
placeholder="Enter your password"
/>
</div>
<div
id="show-pk-error"
class="text-xs mb-2 border border-border border-dashed p-1 hidden"
></div>
<button
id="btn-show-pk-reveal"
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
>
&#128274;&#128176; Display Private Key
</button>
</div>
<!-- revealed key section -->
<div id="show-pk-key-well" class="hidden">
<div
class="bg-well p-3 mx-1 mb-3 break-all font-mono text-xs select-all"
>
<span id="show-pk-key-value"></span>
</div>
<div class="flex gap-2">
<button
id="btn-show-pk-copy"
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
>
Copy
</button>
<button
id="btn-show-pk-done"
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
>
Done
</button>
</div>
</div>
</div>
<!-- ============ ADDRESS-TOKEN DETAIL VIEW ============ --> <!-- ============ ADDRESS-TOKEN DETAIL VIEW ============ -->
<div id="view-address-token" class="view hidden"> <div id="view-address-token" class="view hidden">
<button <button
@@ -358,12 +438,6 @@
</div> </div>
</div> </div>
<!-- token contract details (ERC-20 only) -->
<div
id="address-token-contract-info"
class="border-b border-border-light pb-2 mb-2 text-xs hidden"
></div>
<!-- actions --> <!-- actions -->
<div class="flex gap-2 mb-3"> <div class="flex gap-2 mb-3">
<button <button
@@ -380,6 +454,12 @@
</button> </button>
</div> </div>
<!-- token contract details (ERC-20 only) -->
<div
id="address-token-contract-info"
class="bg-hover rounded-md mx-1 p-3 mb-3 text-xs hidden"
></div>
<!-- token-filtered transactions --> <!-- token-filtered transactions -->
<div class="mt-3"> <div class="mt-3">
<div class="border-b border-border pb-1 mb-1"> <div class="border-b border-border pb-1 mb-1">
@@ -708,9 +788,7 @@
<div class="bg-well p-3 mx-1 mb-3"> <div class="bg-well p-3 mx-1 mb-3">
<h3 class="font-bold mb-1">Wallets</h3> <h3 class="font-bold mb-1">Wallets</h3>
<p class="text-xs text-muted mb-2"> <div id="settings-wallet-list" class="mb-2"></div>
Add a new wallet from a recovery phrase or private key.
</p>
<button <button
id="btn-main-add-wallet" id="btn-main-add-wallet"
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer" class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
@@ -845,6 +923,41 @@
</div> </div>
</div> </div>
<!-- ============ DELETE WALLET CONFIRM ============ -->
<div id="view-delete-wallet-confirm" class="view hidden">
<button
id="btn-delete-wallet-back"
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer mb-2"
>
&lt; Back
</button>
<h2 class="font-bold mb-3">Delete Wallet</h2>
<p class="text-xs mb-3">
Deleting
<strong id="delete-wallet-name"></strong> is permanent. Any
funds will be unrecoverable without your recovery phrase.
</p>
<div
id="delete-wallet-flash"
class="text-xs text-red-500 mb-2 hidden"
></div>
<div class="mb-2">
<label class="block mb-1">Password</label>
<input
type="password"
id="delete-wallet-password"
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
placeholder="Enter your password to confirm"
/>
</div>
<button
id="btn-delete-wallet-confirm"
class="border border-border text-red-500 px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
>
Confirm Delete
</button>
</div>
<!-- ============ SETTINGS: ADD TOKEN ============ --> <!-- ============ SETTINGS: ADD TOKEN ============ -->
<div id="view-settings-addtoken" class="view hidden"> <div id="view-settings-addtoken" class="view hidden">
<button <button
@@ -920,7 +1033,13 @@
> >
&lt; Back &lt; Back
</button> </button>
<h2 class="font-bold mb-2">Transaction</h2> <h2 id="tx-detail-heading" class="font-bold mb-2">
Transaction
</h2>
<div id="tx-detail-type-section" class="mb-4 hidden">
<div class="text-xs text-muted mb-1">Type</div>
<div id="tx-detail-type" class="text-xs font-bold"></div>
</div>
<div class="mb-4"> <div class="mb-4">
<div class="text-xs text-muted mb-1">Status</div> <div class="text-xs text-muted mb-1">Status</div>
<div id="tx-detail-status" class="text-xs"></div> <div id="tx-detail-status" class="text-xs"></div>
@@ -945,6 +1064,29 @@
<div class="text-xs text-muted mb-1">To</div> <div class="text-xs text-muted mb-1">To</div>
<div id="tx-detail-to" class="text-xs break-all"></div> <div id="tx-detail-to" class="text-xs break-all"></div>
</div> </div>
<div id="tx-detail-calldata-section" class="mb-4 hidden">
<div
id="tx-detail-calldata-well"
class="mb-3 border border-border border-dashed p-2"
>
<div class="text-xs text-muted mb-1">Action</div>
<div
id="tx-detail-calldata-action"
class="text-xs font-bold mb-2"
></div>
<div
id="tx-detail-calldata-details"
class="text-xs"
></div>
</div>
<div id="tx-detail-rawdata-section" class="hidden">
<div class="text-xs text-muted mb-1">Raw data</div>
<div
id="tx-detail-rawdata"
class="text-xs break-all font-mono border border-border border-dashed p-2"
></div>
</div>
</div>
<div class="mb-4"> <div class="mb-4">
<div class="text-xs text-muted mb-1">Transaction hash</div> <div class="text-xs text-muted mb-1">Transaction hash</div>
<div id="tx-detail-hash" class="text-xs break-all"></div> <div id="tx-detail-hash" class="text-xs break-all"></div>

3
src/popup/index.js
View File

@@ -19,6 +19,7 @@ const txStatus = require("./views/txStatus");
const transactionDetail = require("./views/transactionDetail"); const transactionDetail = require("./views/transactionDetail");
const receive = require("./views/receive"); const receive = require("./views/receive");
const addToken = require("./views/addToken"); const addToken = require("./views/addToken");
const showPrivateKey = require("./views/showPrivateKey");
const settings = require("./views/settings"); const settings = require("./views/settings");
const settingsAddToken = require("./views/settingsAddToken"); const settingsAddToken = require("./views/settingsAddToken");
const approval = require("./views/approval"); const approval = require("./views/approval");
@@ -56,6 +57,7 @@ const ctx = {
showAddWalletView: () => addWallet.show(), showAddWalletView: () => addWallet.show(),
showImportKeyView: () => importKey.show(), showImportKeyView: () => importKey.show(),
showAddressDetail: () => addressDetail.show(), showAddressDetail: () => addressDetail.show(),
showPrivateKey: () => showPrivateKey.show(),
showAddressToken: () => addressToken.show(), showAddressToken: () => addressToken.show(),
showAddTokenView: () => addToken.show(), showAddTokenView: () => addToken.show(),
showConfirmTx: (txInfo) => confirmTx.show(txInfo), showConfirmTx: (txInfo) => confirmTx.show(txInfo),
@@ -212,6 +214,7 @@ async function init() {
importKey.init(ctx); importKey.init(ctx);
home.init(ctx); home.init(ctx);
addressDetail.init(ctx); addressDetail.init(ctx);
showPrivateKey.init(ctx);
addressToken.init(ctx); addressToken.init(ctx);
send.init(ctx); send.init(ctx);
confirmTx.init(ctx); confirmTx.init(ctx);

22
src/popup/views/addressDetail.js
View File

@@ -4,6 +4,7 @@ const {
showFlash, showFlash,
balanceLinesForAddress, balanceLinesForAddress,
addressDotHtml, addressDotHtml,
addressTitle,
escapeHtml, escapeHtml,
truncateMiddle, truncateMiddle,
} = require("./helpers"); } = require("./helpers");
@@ -150,11 +151,11 @@ async function loadTransactions(address) {
loadedTxs = txs; loadedTxs = txs;
// Collect unique counterparty addresses for ENS resolution. // Collect ALL unique addresses (from + to) for ENS resolution so
// that reverse lookups work for every displayed address, not just
// the ones that were originally entered as ENS names.
const counterparties = [ const counterparties = [
...new Set( ...new Set(txs.flatMap((tx) => [tx.from, tx.to].filter(Boolean))),
txs.map((tx) => (tx.direction === "sent" ? tx.to : tx.from)),
),
]; ];
if (counterparties.length > 0) { if (counterparties.length > 0) {
try { try {
@@ -185,14 +186,19 @@ function renderTransactions(txs) {
let html = ""; let html = "";
let i = 0; let i = 0;
for (const tx of txs) { for (const tx of txs) {
const counterparty = tx.direction === "sent" ? tx.to : tx.from; const counterparty =
tx.direction === "sent" || tx.direction === "contract"
? tx.to
: tx.from;
const ensName = ensNameMap.get(counterparty) || null; const ensName = ensNameMap.get(counterparty) || null;
const title = addressTitle(counterparty, state.wallets);
const dirLabel = tx.directionLabel; const dirLabel = tx.directionLabel;
const amountStr = tx.value const amountStr = tx.value
? escapeHtml(tx.value + " " + tx.symbol) ? escapeHtml(tx.value + " " + tx.symbol)
: escapeHtml(tx.symbol); : escapeHtml(tx.symbol);
const maxAddr = Math.max(32, 36 - Math.max(0, amountStr.length - 10)); const maxAddr = Math.max(32, 36 - Math.max(0, amountStr.length - 10));
const displayAddr = ensName || truncateMiddle(counterparty, maxAddr); const displayAddr =
title || ensName || truncateMiddle(counterparty, maxAddr);
const addrStr = escapeHtml(displayAddr); const addrStr = escapeHtml(displayAddr);
const dot = addressDotHtml(counterparty); const dot = addressDotHtml(counterparty);
const err = tx.isError ? " (failed)" : ""; const err = tx.isError ? " (failed)" : "";
@@ -255,6 +261,10 @@ function init(_ctx) {
}); });
$("btn-add-token").addEventListener("click", ctx.showAddTokenView); $("btn-add-token").addEventListener("click", ctx.showAddTokenView);
$("btn-show-private-key").addEventListener("click", () => {
ctx.showPrivateKey();
});
} }
module.exports = { init, show }; module.exports = { init, show };

41
src/popup/views/addressToken.js
View File

@@ -6,11 +6,13 @@ const {
showView, showView,
showFlash, showFlash,
addressDotHtml, addressDotHtml,
addressTitle,
escapeHtml, escapeHtml,
truncateMiddle, truncateMiddle,
balanceLine, balanceLine,
} = require("./helpers"); } = require("./helpers");
const { state, currentAddress, saveState } = require("../../shared/state"); const { state, currentAddress, saveState } = require("../../shared/state");
const { TOKEN_BY_ADDRESS } = require("../../shared/tokenList");
const { const {
formatUsd, formatUsd,
getPrice, getPrice,
@@ -142,30 +144,24 @@ function show() {
const tokenHolders = tb && tb.holders != null ? tb.holders : null; const tokenHolders = tb && tb.holders != null ? tb.holders : null;
const dot = addressDotHtml(tokenId); const dot = addressDotHtml(tokenId);
const tokenLink = `https://etherscan.io/token/${escapeHtml(tokenId)}`; const tokenLink = `https://etherscan.io/token/${escapeHtml(tokenId)}`;
let infoHtml = const knownToken = TOKEN_BY_ADDRESS.get(tokenId.toLowerCase());
`<div class="font-bold mb-1">Token Contract</div>` + const projectUrl = knownToken && knownToken.url ? knownToken.url : null;
`<div class="flex items-center mb-1">${dot}` + let infoHtml = `<div class="font-bold mb-2">Contract Address</div>`;
infoHtml +=
`<div class="flex items-center mb-2">${dot}` +
`<span class="break-all underline decoration-dashed cursor-pointer" id="address-token-contract-copy" data-copy="${escapeHtml(tokenId)}">${escapeHtml(tokenId)}</span>` + `<span class="break-all underline decoration-dashed cursor-pointer" id="address-token-contract-copy" data-copy="${escapeHtml(tokenId)}">${escapeHtml(tokenId)}</span>` +
`<a href="${tokenLink}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>` + `<a href="${tokenLink}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>` +
`</div>`; `</div>`;
const details = [];
if (tokenName) if (tokenName)
details.push(`<span class="text-muted">Name:</span> ${tokenName}`); infoHtml += `<div class="mb-1"><span class="text-muted">Name:</span> ${tokenName}</div>`;
if (tokenSymbol) if (tokenSymbol)
details.push( infoHtml += `<div class="mb-1"><span class="text-muted">Symbol:</span> ${tokenSymbol}</div>`;
`<span class="text-muted">Symbol:</span> ${tokenSymbol}`,
);
if (tokenDecimals != null) if (tokenDecimals != null)
details.push( infoHtml += `<div class="mb-1"><span class="text-muted">Decimals:</span> ${tokenDecimals}</div>`;
`<span class="text-muted">Decimals:</span> ${tokenDecimals}`,
);
if (tokenHolders != null) if (tokenHolders != null)
details.push( infoHtml += `<div class="mb-1"><span class="text-muted">Holders:</span> ${Number(tokenHolders).toLocaleString()}</div>`;
`<span class="text-muted">Holders:</span> ${Number(tokenHolders).toLocaleString()}`, if (projectUrl)
); infoHtml += `<div class="mb-1"><span class="text-muted">Website:</span> <a href="${escapeHtml(projectUrl)}" target="_blank" rel="noopener" class="underline decoration-dashed">${escapeHtml(projectUrl)}</a></div>`;
if (details.length > 0) {
infoHtml += `<div class="flex flex-wrap gap-x-3 gap-y-1">${details.join("")}</div>`;
}
contractInfo.innerHTML = infoHtml; contractInfo.innerHTML = infoHtml;
contractInfo.classList.remove("hidden"); contractInfo.classList.remove("hidden");
} else { } else {
@@ -218,11 +214,10 @@ async function loadTransactions(address, tokenId) {
loadedTxs = txs; loadedTxs = txs;
// Collect unique counterparty addresses for ENS resolution // Collect ALL unique addresses for ENS resolution so reverse
// lookups work for every displayed address.
const counterparties = [ const counterparties = [
...new Set( ...new Set(txs.flatMap((tx) => [tx.from, tx.to].filter(Boolean))),
txs.map((tx) => (tx.direction === "sent" ? tx.to : tx.from)),
),
]; ];
if (counterparties.length > 0) { if (counterparties.length > 0) {
try { try {
@@ -255,12 +250,14 @@ function renderTransactions(txs) {
for (const tx of txs) { for (const tx of txs) {
const counterparty = tx.direction === "sent" ? tx.to : tx.from; const counterparty = tx.direction === "sent" ? tx.to : tx.from;
const ensName = ensNameMap.get(counterparty) || null; const ensName = ensNameMap.get(counterparty) || null;
const title = addressTitle(counterparty, state.wallets);
const dirLabel = tx.directionLabel; const dirLabel = tx.directionLabel;
const amountStr = tx.value const amountStr = tx.value
? escapeHtml(tx.value + " " + tx.symbol) ? escapeHtml(tx.value + " " + tx.symbol)
: escapeHtml(tx.symbol); : escapeHtml(tx.symbol);
const maxAddr = Math.max(32, 36 - Math.max(0, amountStr.length - 10)); const maxAddr = Math.max(32, 36 - Math.max(0, amountStr.length - 10));
const displayAddr = ensName || truncateMiddle(counterparty, maxAddr); const displayAddr =
title || ensName || truncateMiddle(counterparty, maxAddr);
const addrStr = escapeHtml(displayAddr); const addrStr = escapeHtml(displayAddr);
const dot = addressDotHtml(counterparty); const dot = addressDotHtml(counterparty);
const err = tx.isError ? " (failed)" : ""; const err = tx.isError ? " (failed)" : "";

20
src/popup/views/approval.js
View File

@@ -1,4 +1,10 @@
const { $, addressDotHtml, escapeHtml, showView } = require("./helpers"); const {
$,
addressDotHtml,
addressTitle,
escapeHtml,
showView,
} = require("./helpers");
const { state, saveState } = require("../../shared/state"); const { state, saveState } = require("../../shared/state");
const { formatEther, formatUnits, Interface, toUtf8String } = require("ethers"); const { formatEther, formatUnits, Interface, toUtf8String } = require("ethers");
const { ERC20_ABI } = require("../../shared/constants"); const { ERC20_ABI } = require("../../shared/constants");
@@ -22,7 +28,15 @@ function approvalAddressHtml(address) {
const dot = addressDotHtml(address); const dot = addressDotHtml(address);
const link = `https://etherscan.io/address/${address}`; const link = `https://etherscan.io/address/${address}`;
const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`; const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
return `<div class="flex items-center">${dot}<span class="break-all">${escapeHtml(address)}</span>${extLink}</div>`; const title = addressTitle(address, state.wallets);
let html = "";
if (title) {
html += `<div class="flex items-center font-bold">${dot}${escapeHtml(title)}</div>`;
html += `<div class="break-all">${escapeHtml(address)}${extLink}</div>`;
} else {
html += `<div class="flex items-center">${dot}<span class="break-all">${escapeHtml(address)}</span>${extLink}</div>`;
}
return html;
} }
function formatTxValue(val) { function formatTxValue(val) {
@@ -453,4 +467,4 @@ function init(ctx) {
}); });
} }
module.exports = { init, show }; module.exports = { init, show, decodeCalldata };

90
src/popup/views/deleteWallet.js Normal file
View File

@@ -0,0 +1,90 @@
const { $, showView, showFlash } = require("./helpers");
const { state, saveState } = require("../../shared/state");
const { decryptWithPassword } = require("../../shared/vault");
let deleteWalletIndex = null;
let ctx = null;
function show(walletIdx) {
deleteWalletIndex = walletIdx;
const wallet = state.wallets[walletIdx];
$("delete-wallet-name").textContent =
wallet.name || "Wallet " + (walletIdx + 1);
$("delete-wallet-password").value = "";
$("delete-wallet-flash").textContent = "";
$("delete-wallet-flash").classList.add("hidden");
showView("delete-wallet-confirm");
}
function init(_ctx) {
ctx = _ctx;
$("btn-delete-wallet-back").addEventListener("click", () => {
deleteWalletIndex = null;
ctx.showSettingsView();
});
$("btn-delete-wallet-confirm").addEventListener("click", async () => {
const pw = $("delete-wallet-password").value;
if (!pw) {
$("delete-wallet-flash").textContent =
"Please enter your password.";
$("delete-wallet-flash").classList.remove("hidden");
return;
}
if (deleteWalletIndex === null) {
$("delete-wallet-flash").textContent =
"No wallet selected for deletion.";
$("delete-wallet-flash").classList.remove("hidden");
return;
}
const walletIdx = deleteWalletIndex;
const wallet = state.wallets[walletIdx];
// Verify password against the wallet's encrypted data
try {
await decryptWithPassword(wallet.encryptedSecret, pw);
} catch (_e) {
$("delete-wallet-flash").textContent = "Wrong password.";
$("delete-wallet-flash").classList.remove("hidden");
return;
}
// Collect addresses to clean up from allowedSites/deniedSites
const addresses = (wallet.addresses || []).map((a) => a.address);
// Remove wallet
state.wallets.splice(walletIdx, 1);
// Clean up site permissions for deleted addresses
for (const addr of addresses) {
delete state.allowedSites[addr];
delete state.deniedSites[addr];
}
deleteWalletIndex = null;
if (state.wallets.length === 0) {
// No wallets left — reset selection and show welcome
state.selectedWallet = null;
state.selectedAddress = null;
state.activeAddress = null;
await saveState();
showView("welcome");
} else {
// Switch to first wallet if deleted wallet was active
state.selectedWallet = 0;
state.selectedAddress = 0;
state.activeAddress =
state.wallets[0].addresses[0]?.address || null;
await saveState();
ctx.renderWalletList();
ctx.showSettingsView();
showFlash("Wallet deleted.");
}
});
}
module.exports = { init, show };

2
src/popup/views/helpers.js
View File

@@ -16,6 +16,7 @@ const VIEWS = [
"import-key", "import-key",
"main", "main",
"address", "address",
"show-private-key",
"address-token", "address-token",
"send", "send",
"confirm-tx", "confirm-tx",
@@ -25,6 +26,7 @@ const VIEWS = [
"receive", "receive",
"add-token", "add-token",
"settings", "settings",
"delete-wallet-confirm",
"settings-addtoken", "settings-addtoken",
"transaction", "transaction",
"approve-site", "approve-site",

9
src/popup/views/home.js
View File

@@ -6,6 +6,7 @@ const {
isoDate, isoDate,
timeAgo, timeAgo,
addressDotHtml, addressDotHtml,
addressTitle,
escapeHtml, escapeHtml,
truncateMiddle, truncateMiddle,
} = require("./helpers"); } = require("./helpers");
@@ -102,13 +103,17 @@ function renderHomeTxList(ctx) {
let html = ""; let html = "";
let i = 0; let i = 0;
for (const tx of homeTxs) { for (const tx of homeTxs) {
const counterparty = tx.direction === "sent" ? tx.to : tx.from; const counterparty =
tx.direction === "sent" || tx.direction === "contract"
? tx.to
: tx.from;
const dirLabel = tx.directionLabel; const dirLabel = tx.directionLabel;
const amountStr = tx.value const amountStr = tx.value
? escapeHtml(tx.value + " " + tx.symbol) ? escapeHtml(tx.value + " " + tx.symbol)
: escapeHtml(tx.symbol); : escapeHtml(tx.symbol);
const title = addressTitle(counterparty, state.wallets);
const maxAddr = Math.max(32, 36 - Math.max(0, amountStr.length - 10)); const maxAddr = Math.max(32, 36 - Math.max(0, amountStr.length - 10));
const displayAddr = truncateMiddle(counterparty, maxAddr); const displayAddr = title || truncateMiddle(counterparty, maxAddr);
const addrStr = escapeHtml(displayAddr); const addrStr = escapeHtml(displayAddr);
const dot = addressDotHtml(counterparty); const dot = addressDotHtml(counterparty);
const err = tx.isError ? " (failed)" : ""; const err = tx.isError ? " (failed)" : "";

17
src/popup/views/send.js
View File

@@ -1,6 +1,12 @@
// Send view: collect To, Amount, Token. Then go to confirmation. // Send view: collect To, Amount, Token. Then go to confirmation.
const { $, showFlash, addressDotHtml, escapeHtml } = require("./helpers"); const {
$,
showFlash,
addressDotHtml,
addressTitle,
escapeHtml,
} = require("./helpers");
const { state, currentAddress } = require("../../shared/state"); const { state, currentAddress } = require("../../shared/state");
let ctx; let ctx;
const { getProvider } = require("../../shared/balances"); const { getProvider } = require("../../shared/balances");
@@ -44,8 +50,15 @@ function updateSendBalance() {
const dot = addressDotHtml(addr.address); const dot = addressDotHtml(addr.address);
const link = `https://etherscan.io/address/${addr.address}`; const link = `https://etherscan.io/address/${addr.address}`;
const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`; const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
const title = addressTitle(addr.address, state.wallets);
let fromHtml = ""; let fromHtml = "";
if (addr.ensName) { if (title) {
fromHtml += `<div class="flex items-center font-bold">${dot}${escapeHtml(title)}</div>`;
if (addr.ensName) {
fromHtml += `<div>${escapeHtml(addr.ensName)}</div>`;
}
fromHtml += `<div class="break-all">${escapeHtml(addr.address)}${extLink}</div>`;
} else if (addr.ensName) {
fromHtml += `<div class="flex items-center font-bold">${dot}${escapeHtml(addr.ensName)}</div>`; fromHtml += `<div class="flex items-center font-bold">${dot}${escapeHtml(addr.ensName)}</div>`;
fromHtml += `<div class="break-all">${escapeHtml(addr.address)}${extLink}</div>`; fromHtml += `<div class="break-all">${escapeHtml(addr.address)}${extLink}</div>`;
} else { } else {

60
src/popup/views/settings.js
View File

@@ -2,6 +2,7 @@ const { $, showView, showFlash, escapeHtml } = require("./helpers");
const { state, saveState } = require("../../shared/state"); const { state, saveState } = require("../../shared/state");
const { ETHEREUM_MAINNET_CHAIN_ID } = require("../../shared/constants"); const { ETHEREUM_MAINNET_CHAIN_ID } = require("../../shared/constants");
const { log, debugFetch } = require("../../shared/log"); const { log, debugFetch } = require("../../shared/log");
const deleteWallet = require("./deleteWallet");
const runtime = const runtime =
typeof browser !== "undefined" ? browser.runtime : chrome.runtime; typeof browser !== "undefined" ? browser.runtime : chrome.runtime;
@@ -65,11 +66,68 @@ function renderTrackedTokens() {
}); });
} }
function renderWalletListSettings() {
const container = $("settings-wallet-list");
if (state.wallets.length === 0) {
container.innerHTML = '<p class="text-xs text-muted">No wallets.</p>';
return;
}
let html = "";
state.wallets.forEach((wallet, idx) => {
const name = escapeHtml(wallet.name || "Wallet " + (idx + 1));
html += `<div class="flex justify-between items-center text-xs py-1 border-b border-border-light">`;
html += `<span class="settings-wallet-name cursor-pointer underline decoration-dashed" data-idx="${idx}">${name}</span>`;
html += `<button class="btn-delete-wallet border border-border px-1 hover:bg-fg hover:text-bg cursor-pointer" data-idx="${idx}">[x]</button>`;
html += `</div>`;
});
container.innerHTML = html;
container.querySelectorAll(".btn-delete-wallet").forEach((btn) => {
btn.addEventListener("click", () => {
const idx = parseInt(btn.dataset.idx, 10);
deleteWallet.show(idx);
});
});
// Inline rename on click
container.querySelectorAll(".settings-wallet-name").forEach((span) => {
span.addEventListener("click", () => {
const idx = parseInt(span.dataset.idx, 10);
const wallet = state.wallets[idx];
const input = document.createElement("input");
input.type = "text";
input.className =
"border border-border p-0 text-xs bg-bg text-fg w-full";
input.value = wallet.name || "Wallet " + (idx + 1);
span.replaceWith(input);
input.focus();
input.select();
const finish = async () => {
const val = input.value.trim();
if (val && val !== wallet.name) {
wallet.name = val;
await saveState();
}
renderWalletListSettings();
};
input.addEventListener("blur", finish);
input.addEventListener("keydown", (e) => {
if (e.key === "Enter") input.blur();
if (e.key === "Escape") {
input.value = wallet.name || "Wallet " + (idx + 1);
input.blur();
}
});
});
});
}
function show() { function show() {
$("settings-rpc").value = state.rpcUrl; $("settings-rpc").value = state.rpcUrl;
$("settings-blockscout").value = state.blockscoutUrl; $("settings-blockscout").value = state.blockscoutUrl;
renderTrackedTokens(); renderTrackedTokens();
renderSiteLists(); renderSiteLists();
renderWalletListSettings();
showView("settings"); showView("settings");
} }
@@ -83,6 +141,8 @@ function renderSiteLists() {
} }
function init(ctx) { function init(ctx) {
deleteWallet.init(ctx);
$("btn-save-rpc").addEventListener("click", async () => { $("btn-save-rpc").addEventListener("click", async () => {
const url = $("settings-rpc").value.trim(); const url = $("settings-rpc").value.trim();
if (!url) { if (!url) {

79
src/popup/views/showPrivateKey.js Normal file
View File

@@ -0,0 +1,79 @@
const { $, showView, showFlash, showError, hideError } = require("./helpers");
const { state } = require("../../shared/state");
const { decryptWithPassword } = require("../../shared/vault");
const { getPrivateKeyForAddress } = require("../../shared/wallet");
let ctx;
let revealed = false;
function show() {
revealed = false;
$("show-pk-password").value = "";
$("show-pk-key-well").classList.add("hidden");
$("show-pk-key-value").textContent = "";
$("show-pk-prompt").classList.remove("hidden");
hideError("show-pk-error");
showView("show-private-key");
}
function init(_ctx) {
ctx = _ctx;
$("btn-show-pk-back").addEventListener("click", () => {
clearKey();
ctx.showAddressDetail();
});
$("btn-show-pk-reveal").addEventListener("click", async () => {
const pw = $("show-pk-password").value;
if (!pw) {
showError("show-pk-error", "Please enter your password.");
return;
}
const wallet = state.wallets[state.selectedWallet];
let decryptedSecret;
try {
decryptedSecret = await decryptWithPassword(
wallet.encryptedSecret,
pw,
);
} catch (_e) {
showError("show-pk-error", "Wrong password.");
return;
}
const privateKey = getPrivateKeyForAddress(
wallet,
state.selectedAddress,
decryptedSecret,
);
revealed = true;
$("show-pk-prompt").classList.add("hidden");
$("show-pk-key-well").classList.remove("hidden");
$("show-pk-key-value").textContent = privateKey;
hideError("show-pk-error");
});
$("btn-show-pk-copy").addEventListener("click", () => {
const key = $("show-pk-key-value").textContent;
if (key) {
navigator.clipboard.writeText(key);
showFlash("Copied!");
}
});
$("btn-show-pk-done").addEventListener("click", () => {
clearKey();
ctx.showAddressDetail();
});
}
function clearKey() {
revealed = false;
$("show-pk-key-value").textContent = "";
$("show-pk-password").value = "";
}
module.exports = { init, show };

100
src/popup/views/transactionDetail.js
View File

@@ -13,6 +13,8 @@ const {
} = require("./helpers"); } = require("./helpers");
const { state } = require("../../shared/state"); const { state } = require("../../shared/state");
const makeBlockie = require("ethereum-blockies-base64"); const makeBlockie = require("ethereum-blockies-base64");
const { log, debugFetch } = require("../../shared/log");
const { decodeCalldata } = require("./approval");
const EXT_ICON = const EXT_ICON =
`<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` + `<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
@@ -42,11 +44,11 @@ function txAddressHtml(address, ensName, title) {
const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`; const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
let html = `<div class="mb-1">${blockie}</div>`; let html = `<div class="mb-1">${blockie}</div>`;
if (title) { if (title) {
html += `<div class="flex items-center font-bold">${dot}${escapeHtml(title)}</div>`; html += `<div class="font-bold">${escapeHtml(title)}</div>`;
} }
if (ensName) { if (ensName) {
html += html +=
`<div class="flex items-center">${title ? "" : dot}` + `<div class="flex items-center">${dot}` +
copyableHtml(ensName, "") + copyableHtml(ensName, "") +
extLink + extLink +
`</div>` + `</div>` +
@@ -55,7 +57,7 @@ function txAddressHtml(address, ensName, title) {
`</div>`; `</div>`;
} else { } else {
html += html +=
`<div class="flex items-center">${title ? "" : dot}` + `<div class="flex items-center">${dot}` +
copyableHtml(address, "break-all") + copyableHtml(address, "break-all") +
extLink + extLink +
`</div>`; `</div>`;
@@ -85,9 +87,15 @@ function show(tx) {
fromEns: tx.fromEns || null, fromEns: tx.fromEns || null,
toEns: tx.toEns || null, toEns: tx.toEns || null,
directionLabel: tx.directionLabel || null, directionLabel: tx.directionLabel || null,
direction: tx.direction || null,
isContractCall: tx.isContractCall || false,
method: tx.method || null,
}, },
}; };
render(); render();
if (tx.isContractCall || tx.direction === "contract") {
loadCalldata(tx.hash, tx.to);
}
} }
function render() { function render() {
@@ -121,6 +129,25 @@ function render() {
nativeEl.parentElement.classList.add("hidden"); nativeEl.parentElement.classList.add("hidden");
} }
// Show type label for contract interactions (Swap, Execute, etc.)
const typeSection = $("tx-detail-type-section");
const typeEl = $("tx-detail-type");
const headingEl = $("tx-detail-heading");
if (tx.direction === "contract" && tx.directionLabel) {
if (typeSection) {
typeEl.textContent = tx.directionLabel;
typeSection.classList.remove("hidden");
}
if (headingEl) headingEl.textContent = tx.directionLabel;
} else {
if (typeSection) typeSection.classList.add("hidden");
if (headingEl) headingEl.textContent = "Transaction";
}
// Hide calldata section by default; loadCalldata will show it if needed
const calldataSection = $("tx-detail-calldata-section");
if (calldataSection) calldataSection.classList.add("hidden");
$("tx-detail-time").textContent = $("tx-detail-time").textContent =
isoDate(tx.timestamp) + " (" + timeAgo(tx.timestamp) + ")"; isoDate(tx.timestamp) + " (" + timeAgo(tx.timestamp) + ")";
$("tx-detail-status").textContent = tx.isError ? "Failed" : "Success"; $("tx-detail-status").textContent = tx.isError ? "Failed" : "Success";
@@ -137,6 +164,73 @@ function render() {
}); });
} }
async function loadCalldata(txHash, toAddress) {
const section = $("tx-detail-calldata-section");
const actionEl = $("tx-detail-calldata-action");
const detailsEl = $("tx-detail-calldata-details");
const wellEl = $("tx-detail-calldata-well");
const rawSection = $("tx-detail-rawdata-section");
const rawEl = $("tx-detail-rawdata");
if (!section || !actionEl || !detailsEl) return;
try {
const resp = await debugFetch(
state.blockscoutUrl + "/transactions/" + txHash,
);
if (!resp.ok) return;
const txData = await resp.json();
const inputData = txData.raw_input || txData.input || null;
if (!inputData || inputData === "0x") return;
const decoded = decodeCalldata(inputData, toAddress || "");
if (decoded) {
// Render decoded calldata matching approval view style
actionEl.textContent = decoded.name;
let detailsHtml = "";
if (decoded.description) {
detailsHtml += `<div class="mb-2">${escapeHtml(decoded.description)}</div>`;
}
for (const d of decoded.details || []) {
detailsHtml += `<div class="mb-2">`;
detailsHtml += `<div class="text-muted">${escapeHtml(d.label)}</div>`;
if (d.address) {
const dot = addressDotHtml(d.address);
detailsHtml += `<div>${dot}${copyableHtml(d.value, "break-all")}</div>`;
} else {
detailsHtml += `<div class="font-bold">${escapeHtml(d.value)}</div>`;
}
detailsHtml += `</div>`;
}
detailsEl.innerHTML = detailsHtml;
if (wellEl) wellEl.classList.remove("hidden");
} else {
// Unknown contract call — show method name in well
const method = txData.method || "Unknown contract call";
actionEl.textContent = method;
detailsEl.innerHTML = "";
if (wellEl) wellEl.classList.remove("hidden");
}
// Always show raw data
if (rawSection && rawEl) {
rawEl.innerHTML = copyableHtml(inputData, "break-all");
rawSection.classList.remove("hidden");
}
section.classList.remove("hidden");
// Bind copy handlers for new elements
section.querySelectorAll("[data-copy]").forEach((el) => {
el.onclick = () => {
navigator.clipboard.writeText(el.dataset.copy);
showFlash("Copied!");
};
});
} catch (e) {
log.errorf("loadCalldata failed:", e.message);
}
}
function init(_ctx) { function init(_ctx) {
ctx = _ctx; ctx = _ctx;
$("btn-tx-back").addEventListener("click", () => { $("btn-tx-back").addEventListener("click", () => {

8
src/popup/views/txStatus.js
View File

@@ -5,6 +5,7 @@ const {
showView, showView,
showFlash, showFlash,
addressDotHtml, addressDotHtml,
addressTitle,
escapeHtml, escapeHtml,
} = require("./helpers"); } = require("./helpers");
const { state, saveState } = require("../../shared/state"); const { state, saveState } = require("../../shared/state");
@@ -37,6 +38,13 @@ function toAddressHtml(address) {
const dot = addressDotHtml(address); const dot = addressDotHtml(address);
const link = `https://etherscan.io/address/${address}`; const link = `https://etherscan.io/address/${address}`;
const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`; const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
const title = addressTitle(address, state.wallets);
if (title) {
return (
`<div class="flex items-center font-bold">${dot}${escapeHtml(title)}</div>` +
`<div class="break-all">${escapeHtml(address)}${extLink}</div>`
);
}
return `<div class="flex items-center">${dot}<span class="break-all">${escapeHtml(address)}</span>${extLink}</div>`; return `<div class="flex items-center">${dot}<span class="break-all">${escapeHtml(address)}</span>${extLink}</div>`;
} }

22
src/shared/balances.js
View File

@@ -123,15 +123,27 @@ async function refreshBalances(wallets, rpcUrl, blockscoutUrl, trackedTokens) {
}), }),
); );
// ENS reverse lookup // ENS reverse lookup — only overwrite on success so that
// transient RPC errors don't wipe a previously resolved name.
updates.push( updates.push(
provider provider
.lookupAddress(addr.address) .lookupAddress(addr.address)
.then((name) => { .then((name) => {
addr.ensName = name || null; addr.ensName = name || null;
log.debugf(
"ENS reverse",
addr.address,
"->",
addr.ensName,
);
}) })
.catch(() => { .catch((e) => {
addr.ensName = null; log.errorf(
"ENS reverse failed",
addr.address,
e.message,
);
// Keep existing addr.ensName if we had one
}), }),
); );
@@ -192,6 +204,10 @@ async function lookupTokenInfo(contractAddress, rpcUrl) {
name = symbol; name = symbol;
} }
// Truncate to prevent storage of excessively long values from RPC
name = String(name).slice(0, 64);
symbol = String(symbol).slice(0, 12);
log.infof("Token resolved:", symbol, "decimals", Number(decimals)); log.infof("Token resolved:", symbol, "decimals", Number(decimals));
return { name, symbol, decimals: Number(decimals) }; return { name, symbol, decimals: Number(decimals) };
} }

2
src/shared/ens.js
View File

@@ -39,7 +39,7 @@ async function resolveEnsName(address, rpcUrl) {
return name; return name;
} catch (e) { } catch (e) {
log.errorf("ENS reverse lookup failed", address, e.message); log.errorf("ENS reverse lookup failed", address, e.message);
setCache(address, null); // Don't cache failures — let subsequent lookups retry
return null; return null;
} }
} }

27
src/shared/transactions.js
View File

@@ -37,7 +37,21 @@ function parseTx(tx, addrLower) {
if (token) { if (token) {
symbol = token.symbol; symbol = token.symbol;
} }
const label = method.charAt(0).toUpperCase() + method.slice(1); // Map known DEX methods to "Swap" for cleaner display
const SWAP_METHODS = new Set([
"execute",
"swap",
"swapExactTokensForTokens",
"swapTokensForExactTokens",
"swapExactETHForTokens",
"swapTokensForExactETH",
"swapExactTokensForETH",
"swapETHForExactTokens",
"multicall",
]);
const label = SWAP_METHODS.has(method)
? "Swap"
: method.charAt(0).toUpperCase() + method.slice(1);
direction = "contract"; direction = "contract";
directionLabel = label; directionLabel = label;
value = ""; value = "";
@@ -139,9 +153,18 @@ async function fetchRecentTransactions(address, blockscoutUrl, count = 25) {
// When a token transfer shares a hash with a normal tx, the normal tx // When a token transfer shares a hash with a normal tx, the normal tx
// is the contract call (0 ETH) and the token transfer has the real // is the contract call (0 ETH) and the token transfer has the real
// amount and symbol. Replace the normal tx with the token transfer. // amount and symbol. Replace the normal tx with the token transfer,
// but preserve contract call metadata (direction, label, method) so
// swaps and other contract interactions display correctly.
for (const tt of ttJson.items || []) { for (const tt of ttJson.items || []) {
const parsed = parseTokenTransfer(tt, addrLower); const parsed = parseTokenTransfer(tt, addrLower);
const existing = txsByHash.get(parsed.hash);
if (existing && existing.direction === "contract") {
parsed.direction = "contract";
parsed.directionLabel = existing.directionLabel;
parsed.isContractCall = true;
parsed.method = existing.method;
}
txsByHash.set(parsed.hash, parsed); txsByHash.set(parsed.hash, parsed);
} }

13
src/shared/wallet.js
View File

@@ -41,6 +41,18 @@ function getSignerForAddress(walletData, addrIndex, decryptedSecret) {
return new Wallet(decryptedSecret); return new Wallet(decryptedSecret);
} }
function getPrivateKeyForAddress(walletData, addrIndex, decryptedSecret) {
if (walletData.type === "hd") {
const node = HDNodeWallet.fromPhrase(
decryptedSecret,
"",
BIP44_ETH_PATH,
);
return node.deriveChild(addrIndex).privateKey;
}
return decryptedSecret;
}
function isValidMnemonic(mnemonic) { function isValidMnemonic(mnemonic) {
return Mnemonic.isValidMnemonic(mnemonic); return Mnemonic.isValidMnemonic(mnemonic);
} }
@@ -51,5 +63,6 @@ module.exports = {
hdWalletFromMnemonic, hdWalletFromMnemonic,
addressFromPrivateKey, addressFromPrivateKey,
getSignerForAddress, getSignerForAddress,
getPrivateKeyForAddress,
isValidMnemonic, isValidMnemonic,
}; };