Compare commits
48 Commits
feature/82
...
e7e0cebf1c
| Author | SHA1 | Date | |
|---|---|---|---|
|
e7e0cebf1c | ||
| d35bfb7d23 | |||
| 3bf60ff162 | |||
| 6aeab54e8c | |||
| f65764d501 | |||
| 4e097c1e32 | |||
|
3f6f98dcaf | ||
|
|
3e900dc14c | ||
|
|
5dfc6e332b | ||
| a182aa534b | |||
| a388100262 | |||
| dd3cabf816 | |||
|
|
235e5e7fa7 | ||
|
|
be06bd8f0c | ||
|
|
a72359432b | ||
|
|
2bdb547995 | ||
| 834228b572 | |||
|
|
813993f17c | ||
| 5f01d9f111 | |||
|
|
d78af3ec80 | ||
| 753fb5658a | |||
| bdb2031d46 | |||
| 25ecaee128 | |||
|
|
ff4b5ee24d | ||
|
|
ca6e9054f9 | ||
| 09c52b2519 | |||
| 1fb9fade51 | |||
| bc04482fb5 | |||
|
|
045328f3b9 | ||
|
|
576fe3ab15 | ||
|
|
35bb6b9806 | ||
|
|
e56e15e34c | ||
|
|
cc69ce39ed | ||
|
|
9476724284 | ||
|
|
9246959777 | ||
|
|
0f6daf3200 | ||
|
|
435669b6b6 | ||
|
|
f75a258125 | ||
|
|
4d120e5ea9 | ||
|
|
57959b70c3 | ||
|
|
7a7f9c5135 | ||
|
|
8c071ae508 | ||
|
|
a3c2b8227a | ||
|
|
f9f3e7b85a | ||
| 812fc01a98 | |||
|
|
811c125cb9 | ||
|
|
3005813f2c | ||
|
|
5565e76796 |
107
LICENSE
107
LICENSE
@@ -672,3 +672,110 @@ may consider it more useful to permit linking proprietary applications with
|
||||
the library. If this is what you want to do, use the GNU Lesser General
|
||||
Public License instead of this License. But first, please read
|
||||
<https://www.gnu.org/licenses/why-not-lgpl.html>.
|
||||
|
||||
===========================================================================
|
||||
THIRD-PARTY FILES
|
||||
===========================================================================
|
||||
|
||||
The following files are not original to this project and are distributed
|
||||
under their own licenses. They are NOT covered by the GPL-3.0 license above.
|
||||
|
||||
---------------------------------------------------------------------------
|
||||
File: src/shared/phishingBlocklist.json
|
||||
Source: https://github.com/AugurProject/eth-phishing-detect (config.json)
|
||||
Copyright: Copyright (c) 2018 kumavis
|
||||
License: Don't Be a Dick Public License (DBAD), Version 1.2
|
||||
---------------------------------------------------------------------------
|
||||
|
||||
DON'T BE A DICK PUBLIC LICENSE
|
||||
|
||||
Version 1.2, February 2021
|
||||
|
||||
Copyright (C) 2018 kumavis
|
||||
|
||||
Everyone is permitted to copy and distribute verbatim or modified
|
||||
copies of this license document.
|
||||
|
||||
DON'T BE A DICK PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
1. Do whatever you like with the original work, just don't be a dick.
|
||||
|
||||
Being a dick includes - but is not limited to - the following instances:
|
||||
|
||||
1a. Outright copyright infringement - Don't just copy the original
|
||||
work/works and change the name.
|
||||
1b. Selling the unmodified original with no work done what-so-ever,
|
||||
that's REALLY being a dick.
|
||||
1c. Modifying the original work to contain hidden harmful content.
|
||||
That would make you a PROPER dick.
|
||||
|
||||
2. If you become rich through modifications, related works/services, or
|
||||
supporting the original work, share the love. Only a dick would make
|
||||
loads off this work and not buy the original work's creator(s) a pint.
|
||||
|
||||
3. Code is provided with no warranty. Using somebody else's code and
|
||||
bitching when it goes wrong makes you a DONKEY dick. Fix the problem
|
||||
yourself. A non-dick would submit the fix back or submit a bug report.
|
||||
|
||||
4. If you use code, calling it your own would make you a ROYAL dick.
|
||||
Alternatively, even just a comment giving attribution to where you found
|
||||
the code would be OK.
|
||||
|
||||
---------------------------------------------------------------------------
|
||||
File: src/shared/scamlist.js (address data from MyEtherWallet ethereum-lists)
|
||||
Source: https://github.com/MyEtherWallet/ethereum-lists (addresses-darklist.json)
|
||||
Copyright: Copyright (c) 2020 MyEtherWallet
|
||||
License: MIT License
|
||||
---------------------------------------------------------------------------
|
||||
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2020 MyEtherWallet
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
---------------------------------------------------------------------------
|
||||
File: src/shared/scamlist.js (address data from EtherScamDB)
|
||||
Source: https://github.com/MrLuit/EtherScamDB (scams.yaml)
|
||||
Copyright: Copyright (c) 2018 Luit Hollander
|
||||
License: MIT License
|
||||
---------------------------------------------------------------------------
|
||||
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2018 Luit Hollander
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
86
README.md
86
README.md
@@ -15,10 +15,12 @@ Hence, a minimally viable ERC20 browser wallet/signer that works cross-platform.
|
||||
Everything you need, nothing you don't. We import as few libraries as possible,
|
||||
don't implement any crypto, and don't send user-specific data anywhere but a
|
||||
(user-configurable) Ethereum RPC endpoint (which defaults to a public node). The
|
||||
extension contacts exactly three external services: the configured RPC node for
|
||||
extension contacts three user-configurable services: the configured RPC node for
|
||||
blockchain interactions, a public CoinDesk API (no API key) for realtime price
|
||||
information, and a Blockscout block-explorer API for transaction history and
|
||||
token balances. All three endpoints are user-configurable.
|
||||
token balances. It also fetches a community-maintained phishing domain blocklist
|
||||
periodically and performs best-effort Etherscan address label lookups during
|
||||
transaction confirmation.
|
||||
|
||||
In the extension is a hardcoded list of the top ERC20 contract addresses. You
|
||||
can add any ERC20 contract by contract address if you wish, but the hardcoded
|
||||
@@ -435,16 +437,29 @@ transitions.
|
||||
#### TransactionDetail
|
||||
|
||||
- **When**: User tapped a transaction row from AddressDetail or AddressToken.
|
||||
- **Elements**:
|
||||
- **Elements** (grouped into logical blocks using light well containers; field
|
||||
labels are self-explanatory so groups have no headings):
|
||||
- "Transaction" heading, "Back" button
|
||||
- Status: "Success" or "Failed"
|
||||
- Time: ISO datetime + relative age in parentheses
|
||||
- Amount: value + symbol (bold)
|
||||
- From: blockie + color dot + full address (tap to copy) + etherscan link
|
||||
- ENS name if available
|
||||
- To: blockie + color dot + full address (tap to copy) + etherscan link
|
||||
- ENS name if available
|
||||
- Transaction hash: full hash (tap to copy) + etherscan link
|
||||
- Type: transaction classification — one of: Native ETH Transfer, ERC-20
|
||||
Token Transfer, Swap, Token Approval, Contract Call, Contract Creation
|
||||
- Status: "Success" or "Failed"
|
||||
- From: blockie + color dot + full address (tap to copy) + etherscan link;
|
||||
ENS name if available
|
||||
- To: blockie + color dot + full address (tap to copy) + etherscan link; ENS
|
||||
name if available
|
||||
- Time: ISO datetime + relative age in parentheses
|
||||
- Block: block number (tap to copy) + etherscan block link
|
||||
- Amount: value + symbol (bold)
|
||||
- Native quantity: raw integer + unit (shown when available)
|
||||
- Token contract: shown for ERC-20 transfers — color dot + full contract
|
||||
address (tap to copy) + etherscan token link
|
||||
- Decoded details (shown for contract calls): action name, decoded
|
||||
parameters, token details, swap steps
|
||||
- Network details (shown when on-chain data is available): nonce, gas price,
|
||||
gas used, transaction fee (all tap to copy)
|
||||
- Raw data (shown when calldata is present): full calldata in monospace
|
||||
dashed border
|
||||
- **Transitions**:
|
||||
- "Back" → **AddressToken** (if `selectedToken` set) or **AddressDetail**
|
||||
|
||||
@@ -567,14 +582,25 @@ What the extension does NOT do:
|
||||
|
||||
- No analytics or telemetry services
|
||||
- No token list APIs (user adds tokens manually by contract address)
|
||||
- No phishing/blocklist APIs
|
||||
- No Infura/Alchemy dependency (any JSON-RPC endpoint works)
|
||||
- No backend servers operated by the developer
|
||||
|
||||
These three services (RPC endpoint, CoinDesk price API, and Blockscout API) are
|
||||
the only external services. All three endpoints are user-configurable. Users who
|
||||
want maximum privacy can point the RPC and Blockscout URLs at their own
|
||||
self-hosted instances (price fetching can be disabled in a future version).
|
||||
In addition to the three user-configurable services above (RPC endpoint,
|
||||
CoinDesk price API, and Blockscout API), AutistMask also contacts:
|
||||
|
||||
- **Phishing domain blocklist**: A community-maintained phishing domain
|
||||
blocklist is vendored into the extension at build time. At runtime, the
|
||||
extension fetches the live list once every 24 hours to detect newly added
|
||||
domains. Only the delta (domains not already in the vendored list) is kept in
|
||||
memory, keeping runtime memory usage small. The delta is persisted to
|
||||
localStorage if it is under 256 KiB.
|
||||
- **Etherscan address labels**: When confirming a transaction, the extension
|
||||
performs a best-effort lookup of the recipient address on Etherscan to check
|
||||
for phishing/scam labels. This is a direct page fetch with no API key; the
|
||||
user's browser makes the request.
|
||||
|
||||
Users who want maximum privacy can point the RPC and Blockscout URLs at their
|
||||
own self-hosted instances (price fetching can be disabled in a future version).
|
||||
|
||||
### Dependencies
|
||||
|
||||
@@ -764,6 +790,21 @@ indexes it as a real token transfer.
|
||||
designed as a sharp tool — users who understand the risks can configure the
|
||||
wallet to show everything unfiltered, unix-style.
|
||||
|
||||
#### Phishing Domain Protection
|
||||
|
||||
AutistMask protects users from known phishing sites when they connect their
|
||||
wallet or approve transactions/signatures. A community-maintained domain
|
||||
blocklist is vendored into the extension at build time, providing immediate
|
||||
protection without any network requests. At runtime, the extension fetches the
|
||||
live list once every 24 hours and keeps only the delta (newly added domains not
|
||||
in the vendored list) in memory. This architecture keeps runtime memory usage
|
||||
small while ensuring fresh coverage of new phishing domains.
|
||||
|
||||
When a dApp on a blocklisted domain requests a wallet connection, transaction
|
||||
approval, or signature, the approval popup displays a prominent red warning
|
||||
banner alerting the user. The domain checker matches exact hostnames and all
|
||||
parent domains (subdomain matching).
|
||||
|
||||
#### Transaction Decoding
|
||||
|
||||
When a dApp asks the user to approve a transaction, AutistMask attempts to
|
||||
@@ -846,6 +887,21 @@ Currently supported:
|
||||
|
||||
GPL-3.0. See [LICENSE](LICENSE).
|
||||
|
||||
### Third-Party Data Files
|
||||
|
||||
This repository includes data files from third-party projects that are not
|
||||
covered by the GPL-3.0 license above. These files, their copyright holders, and
|
||||
their licenses are:
|
||||
|
||||
| File | Source | Copyright | License |
|
||||
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -------------------------------------------------------------- |
|
||||
| `src/shared/phishingBlocklist.json` | [eth-phishing-detect](https://github.com/AugurProject/eth-phishing-detect) community-maintained phishing domain blocklist | Copyright (c) 2018 kumavis | [DBAD (Don't Be a Dick)](https://github.com/philsturgeon/dbad) |
|
||||
| `src/shared/scamlist.js` (address data from MyEtherWallet) | [ethereum-lists](https://github.com/MyEtherWallet/ethereum-lists) `addresses-darklist.json` | Copyright (c) 2020 MyEtherWallet | MIT |
|
||||
| `src/shared/scamlist.js` (address data from EtherScamDB) | [EtherScamDB](https://github.com/MrLuit/EtherScamDB) `scams.yaml` | Copyright (c) 2018 Luit Hollander | MIT |
|
||||
|
||||
The full license texts for these third-party files are included in the
|
||||
[LICENSE](LICENSE) file.
|
||||
|
||||
## Author
|
||||
|
||||
[@sneak](https://sneak.berlin)
|
||||
|
||||
@@ -12,6 +12,11 @@ const { refreshBalances, getProvider } = require("../shared/balances");
|
||||
const { debugFetch } = require("../shared/log");
|
||||
const { decryptWithPassword } = require("../shared/vault");
|
||||
const { getSignerForAddress } = require("../shared/wallet");
|
||||
const {
|
||||
isPhishingDomain,
|
||||
updatePhishingList,
|
||||
startPeriodicRefresh,
|
||||
} = require("../shared/phishingDomains");
|
||||
|
||||
const storageApi =
|
||||
typeof browser !== "undefined"
|
||||
@@ -571,6 +576,11 @@ async function backgroundRefresh() {
|
||||
|
||||
setInterval(backgroundRefresh, BACKGROUND_REFRESH_INTERVAL);
|
||||
|
||||
// Fetch the phishing domain blocklist delta on startup and refresh every 24h.
|
||||
// The vendored blocklist is bundled at build time; this fetches only new entries.
|
||||
updatePhishingList();
|
||||
startPeriodicRefresh();
|
||||
|
||||
// When approval window is closed without a response, treat as rejection
|
||||
if (windowsApi && windowsApi.onRemoved) {
|
||||
windowsApi.onRemoved.addListener((windowId) => {
|
||||
@@ -643,6 +653,8 @@ runtime.onMessage.addListener((msg, sender, sendResponse) => {
|
||||
resp.type = "sign";
|
||||
resp.signParams = approval.signParams;
|
||||
}
|
||||
// Flag if the requesting domain is on the phishing blocklist.
|
||||
resp.isPhishingDomain = isPhishingDomain(approval.hostname);
|
||||
sendResponse(resp);
|
||||
} else {
|
||||
sendResponse(null);
|
||||
|
||||
@@ -56,37 +56,105 @@
|
||||
< Back
|
||||
</button>
|
||||
<h2 class="font-bold mb-2">Add Wallet</h2>
|
||||
<p class="mb-2">
|
||||
Enter your 12 or 24 word recovery phrase below, or click the
|
||||
button to roll the die for a new one.
|
||||
</p>
|
||||
<div class="mb-1 flex justify-end">
|
||||
|
||||
<!-- Mode selector tabs -->
|
||||
<div
|
||||
class="flex border-b border-border mb-3"
|
||||
id="add-wallet-tabs"
|
||||
>
|
||||
<button
|
||||
id="btn-generate-phrase"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer text-xs"
|
||||
title="Generate a random recovery phrase"
|
||||
id="tab-mnemonic"
|
||||
class="px-3 py-1.5 cursor-pointer text-xs font-bold border border-border border-b-bg bg-bg -mb-px"
|
||||
>
|
||||
[⚀]
|
||||
From Phrase
|
||||
</button>
|
||||
<button
|
||||
id="tab-privkey"
|
||||
class="px-3 py-1.5 cursor-pointer text-xs text-muted border border-dashed border-border-light border-b-transparent -mb-px hover:bg-fg hover:text-bg"
|
||||
>
|
||||
From Key
|
||||
</button>
|
||||
<button
|
||||
id="tab-xprv"
|
||||
class="px-3 py-1.5 cursor-pointer text-xs text-muted border border-dashed border-border-light border-b-transparent -mb-px hover:bg-fg hover:text-bg"
|
||||
>
|
||||
From xprv
|
||||
</button>
|
||||
</div>
|
||||
<div class="mb-2">
|
||||
<textarea
|
||||
id="wallet-mnemonic"
|
||||
rows="3"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg resize-y"
|
||||
placeholder="word word word ..."
|
||||
></textarea>
|
||||
|
||||
<!-- Mnemonic form section -->
|
||||
<div id="add-wallet-section-mnemonic">
|
||||
<p class="mb-2">
|
||||
Enter your 12 or 24 word recovery phrase below, or click
|
||||
the button to roll the die for a new one.
|
||||
</p>
|
||||
<div class="mb-1 flex justify-end">
|
||||
<button
|
||||
id="btn-generate-phrase"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer text-xs"
|
||||
title="Generate a random recovery phrase"
|
||||
>
|
||||
[⚀]
|
||||
</button>
|
||||
</div>
|
||||
<div class="mb-2">
|
||||
<textarea
|
||||
id="wallet-mnemonic"
|
||||
rows="3"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg resize-y"
|
||||
placeholder="word word word ..."
|
||||
></textarea>
|
||||
</div>
|
||||
<div
|
||||
id="add-wallet-phrase-warning"
|
||||
class="text-xs mb-2 border border-border border-dashed p-2"
|
||||
style="visibility: hidden"
|
||||
>
|
||||
Write these words down and keep them safe. Anyone with
|
||||
them can take your funds; if you lose them, your wallet
|
||||
is gone.
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
id="add-wallet-phrase-warning"
|
||||
class="text-xs mb-2 border border-border border-dashed p-2 hidden"
|
||||
>
|
||||
Write these words down and keep them safe. Anyone with them
|
||||
can take your funds; if you lose them, your wallet is gone.
|
||||
|
||||
<!-- Private key form section -->
|
||||
<div id="add-wallet-section-privkey" class="hidden">
|
||||
<p class="mb-2">
|
||||
Paste your private key below. This wallet will have a
|
||||
single address.
|
||||
</p>
|
||||
<div class="mb-2">
|
||||
<input
|
||||
type="password"
|
||||
id="import-private-key"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
placeholder="0x..."
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Extended key (xprv) form section -->
|
||||
<div id="add-wallet-section-xprv" class="hidden">
|
||||
<p class="mb-2">
|
||||
Paste your extended private key (xprv) below. This will
|
||||
import the HD wallet and scan for used addresses.
|
||||
</p>
|
||||
<div class="mb-2">
|
||||
<input
|
||||
type="password"
|
||||
id="import-xprv-key"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
placeholder="xprv..."
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Shared password fields -->
|
||||
<div class="mb-2" id="add-wallet-password-section">
|
||||
<label class="block mb-1">Choose a password</label>
|
||||
<p class="text-xs text-muted mb-1">
|
||||
<p
|
||||
class="text-xs text-muted mb-1"
|
||||
id="add-wallet-password-hint"
|
||||
>
|
||||
This password encrypts your recovery phrase on this
|
||||
device. You will need it to send funds.
|
||||
</p>
|
||||
@@ -107,64 +175,6 @@
|
||||
<button
|
||||
id="btn-add-wallet-confirm"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
|
||||
>
|
||||
Add
|
||||
</button>
|
||||
<div class="mt-3 text-xs text-muted">
|
||||
Have a private key instead?
|
||||
<button
|
||||
id="btn-add-wallet-import-key"
|
||||
class="underline cursor-pointer bg-transparent border-none text-fg text-xs font-mono p-0"
|
||||
>
|
||||
Import private key
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ============ IMPORT PRIVATE KEY ============ -->
|
||||
<div id="view-import-key" class="view hidden">
|
||||
<button
|
||||
id="btn-import-key-back"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer mb-2"
|
||||
>
|
||||
< Back
|
||||
</button>
|
||||
<h2 class="font-bold mb-2">Import Private Key</h2>
|
||||
<p class="mb-2">
|
||||
Paste your private key below. This wallet will have a single
|
||||
address.
|
||||
</p>
|
||||
<div class="mb-2">
|
||||
<input
|
||||
type="password"
|
||||
id="import-private-key"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
placeholder="0x..."
|
||||
/>
|
||||
</div>
|
||||
<div class="mb-2" id="import-key-password-section">
|
||||
<label class="block mb-1">Choose a password</label>
|
||||
<p class="text-xs text-muted mb-1">
|
||||
This password encrypts your private key on this device.
|
||||
You will need it to send funds.
|
||||
</p>
|
||||
<input
|
||||
type="password"
|
||||
id="import-key-password"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
/>
|
||||
</div>
|
||||
<div class="mb-2" id="import-key-password-confirm-section">
|
||||
<label class="block mb-1">Confirm password</label>
|
||||
<input
|
||||
type="password"
|
||||
id="import-key-password-confirm"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
/>
|
||||
</div>
|
||||
<button
|
||||
id="btn-import-key-confirm"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
|
||||
>
|
||||
Import
|
||||
</button>
|
||||
@@ -175,7 +185,7 @@
|
||||
<!-- active address headline -->
|
||||
<div
|
||||
id="total-value"
|
||||
class="text-2xl font-bold min-h-[2rem]"
|
||||
class="text-2xl font-bold min-h-[2rem] text-fg"
|
||||
></div>
|
||||
<div
|
||||
id="total-value-sub"
|
||||
@@ -366,7 +376,8 @@
|
||||
</p>
|
||||
<div
|
||||
id="export-privkey-flash"
|
||||
class="text-xs mb-2 hidden"
|
||||
class="text-xs mb-2 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<div id="export-privkey-password-section" class="mb-2">
|
||||
<label class="block mb-1">Password</label>
|
||||
@@ -570,16 +581,71 @@
|
||||
<div class="text-xs text-muted mb-1">Your balance</div>
|
||||
<div id="confirm-balance" class="text-xs"></div>
|
||||
</div>
|
||||
<div id="confirm-fee" class="mb-3 hidden">
|
||||
<div id="confirm-fee" class="mb-3" style="visibility: hidden">
|
||||
<div class="text-xs text-muted mb-1">
|
||||
Estimated network fee
|
||||
</div>
|
||||
<div id="confirm-fee-amount" class="text-xs"></div>
|
||||
</div>
|
||||
<div id="confirm-warnings" class="mb-2 hidden"></div>
|
||||
<div
|
||||
id="confirm-warnings"
|
||||
class="mb-2"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<div
|
||||
id="confirm-recipient-warning"
|
||||
class="mb-2"
|
||||
style="visibility: hidden"
|
||||
>
|
||||
<div
|
||||
class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
|
||||
>
|
||||
WARNING: The recipient address has ZERO transaction
|
||||
history. This may indicate a fresh or unused address.
|
||||
Double-check the address before sending.
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
id="confirm-contract-warning"
|
||||
class="mb-2"
|
||||
style="visibility: hidden"
|
||||
>
|
||||
<div
|
||||
class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
|
||||
>
|
||||
WARNING: The recipient is a smart contract. Sending ETH
|
||||
or tokens directly to a contract may result in permanent
|
||||
loss of funds.
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
id="confirm-burn-warning"
|
||||
class="mb-2"
|
||||
style="visibility: hidden"
|
||||
>
|
||||
<div
|
||||
class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
|
||||
>
|
||||
WARNING: This is a known null/burn address. Funds sent
|
||||
here are permanently destroyed and cannot be recovered.
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
id="confirm-etherscan-warning"
|
||||
class="mb-2"
|
||||
style="visibility: hidden"
|
||||
>
|
||||
<div
|
||||
class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
|
||||
>
|
||||
WARNING: Etherscan has flagged this address as
|
||||
phishing/scam. Do not send funds to this address.
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
id="confirm-errors"
|
||||
class="mb-2 border border-border border-dashed p-2 hidden"
|
||||
class="mb-2 border border-border border-dashed p-2"
|
||||
style="visibility: hidden; min-height: 1.25rem"
|
||||
></div>
|
||||
<div class="mb-2">
|
||||
<label class="block mb-1 text-xs">Password</label>
|
||||
@@ -592,6 +658,7 @@
|
||||
<div
|
||||
id="confirm-tx-password-error"
|
||||
class="text-xs mb-2 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<button
|
||||
id="btn-confirm-send"
|
||||
@@ -706,7 +773,8 @@
|
||||
</button>
|
||||
<div
|
||||
id="receive-erc20-warning"
|
||||
class="text-xs border border-border border-dashed p-2 mt-3 hidden"
|
||||
class="text-xs border border-border border-dashed p-2 mt-3"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
</div>
|
||||
|
||||
@@ -734,7 +802,8 @@
|
||||
</div>
|
||||
<div
|
||||
id="add-token-info"
|
||||
class="text-xs text-muted mb-2 hidden"
|
||||
class="text-xs text-muted mb-2 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<div class="mb-2">
|
||||
<label class="block mb-1 text-xs text-muted"
|
||||
@@ -792,7 +861,7 @@
|
||||
<div class="bg-well p-3 mx-1 mb-3">
|
||||
<h3 class="font-bold mb-1">Display</h3>
|
||||
<label
|
||||
class="text-xs flex items-center gap-1 cursor-pointer"
|
||||
class="text-xs flex items-center gap-1 cursor-pointer mb-2"
|
||||
>
|
||||
<input
|
||||
type="checkbox"
|
||||
@@ -800,6 +869,17 @@
|
||||
/>
|
||||
Show tracked tokens with zero balance
|
||||
</label>
|
||||
<div class="text-xs flex items-center gap-1">
|
||||
<label for="settings-theme">Theme:</label>
|
||||
<select
|
||||
id="settings-theme"
|
||||
class="border border-border p-1 bg-bg text-fg text-xs cursor-pointer"
|
||||
>
|
||||
<option value="system">System</option>
|
||||
<option value="light">Light</option>
|
||||
<option value="dark">Dark</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="bg-well p-3 mx-1 mb-3">
|
||||
@@ -881,6 +961,12 @@
|
||||
/>
|
||||
<span class="text-xs text-muted">gwei</span>
|
||||
</div>
|
||||
<label
|
||||
class="text-xs flex items-center gap-1 cursor-pointer mb-1"
|
||||
>
|
||||
<input type="checkbox" id="settings-utc-timestamps" />
|
||||
UTC Timestamps
|
||||
</label>
|
||||
</div>
|
||||
|
||||
<div class="bg-well p-3 mx-1 mb-3">
|
||||
@@ -916,7 +1002,8 @@
|
||||
</p>
|
||||
<div
|
||||
id="delete-wallet-flash"
|
||||
class="text-xs text-red-500 mb-2 hidden"
|
||||
class="text-xs text-red-500 mb-2 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<div class="mb-2">
|
||||
<label class="block mb-1">Password</label>
|
||||
@@ -991,7 +1078,8 @@
|
||||
/>
|
||||
<div
|
||||
id="settings-addtoken-info"
|
||||
class="text-xs text-muted mt-1 hidden"
|
||||
class="text-xs text-muted mt-1 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<button
|
||||
id="btn-settings-addtoken-manual"
|
||||
@@ -1013,66 +1101,149 @@
|
||||
<h2 id="tx-detail-heading" class="font-bold mb-2">
|
||||
Transaction
|
||||
</h2>
|
||||
<div id="tx-detail-type-section" class="mb-4 hidden">
|
||||
<div class="text-xs text-muted mb-1">Type</div>
|
||||
<div id="tx-detail-type" class="text-xs font-bold"></div>
|
||||
</div>
|
||||
<div class="mb-4">
|
||||
<div class="text-xs text-muted mb-1">Status</div>
|
||||
<div id="tx-detail-status" class="text-xs"></div>
|
||||
</div>
|
||||
<div class="mb-4">
|
||||
<div class="text-xs text-muted mb-1">Time</div>
|
||||
<div id="tx-detail-time" class="text-xs"></div>
|
||||
</div>
|
||||
<div class="mb-4">
|
||||
<div class="text-xs text-muted mb-1">Amount</div>
|
||||
<div id="tx-detail-value" class="text-xs"></div>
|
||||
</div>
|
||||
<div class="mb-4 hidden">
|
||||
<div class="text-xs text-muted mb-1">Native quantity</div>
|
||||
<div id="tx-detail-native" class="text-xs"></div>
|
||||
</div>
|
||||
<div class="mb-4">
|
||||
<div class="text-xs text-muted mb-1">From</div>
|
||||
<div id="tx-detail-from" class="text-xs break-all"></div>
|
||||
</div>
|
||||
<div class="mb-4">
|
||||
<div class="text-xs text-muted mb-1">To</div>
|
||||
<div id="tx-detail-to" class="text-xs break-all"></div>
|
||||
</div>
|
||||
<div id="tx-detail-calldata-section" class="mb-4 hidden">
|
||||
<div
|
||||
id="tx-detail-calldata-well"
|
||||
class="mb-3 border border-border border-dashed p-2"
|
||||
>
|
||||
<div class="text-xs text-muted mb-1">Action</div>
|
||||
|
||||
<!-- ── Identity ── -->
|
||||
<div class="bg-well p-3 mx-1 mb-3">
|
||||
<div class="mb-2">
|
||||
<div class="text-xs text-muted mb-1">
|
||||
Transaction hash
|
||||
</div>
|
||||
<div
|
||||
id="tx-detail-calldata-action"
|
||||
class="text-xs font-bold mb-2"
|
||||
id="tx-detail-hash"
|
||||
class="text-xs break-all"
|
||||
></div>
|
||||
</div>
|
||||
<div id="tx-detail-type-section" class="mb-2 hidden">
|
||||
<div class="text-xs text-muted mb-1">Type</div>
|
||||
<div
|
||||
id="tx-detail-calldata-details"
|
||||
class="text-xs"
|
||||
id="tx-detail-type"
|
||||
class="text-xs font-bold"
|
||||
></div>
|
||||
</div>
|
||||
<div class="mb-2">
|
||||
<div class="text-xs text-muted mb-1">Status</div>
|
||||
<div id="tx-detail-status" class="text-xs"></div>
|
||||
</div>
|
||||
<div class="mb-2">
|
||||
<div class="text-xs text-muted mb-1">From</div>
|
||||
<div
|
||||
id="tx-detail-from"
|
||||
class="text-xs break-all"
|
||||
></div>
|
||||
</div>
|
||||
<div class="mb-2">
|
||||
<div class="text-xs text-muted mb-1">To</div>
|
||||
<div id="tx-detail-to" class="text-xs break-all"></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ── Timing ── -->
|
||||
<div class="bg-well p-3 mx-1 mb-3">
|
||||
<div class="mb-2">
|
||||
<div class="text-xs text-muted mb-1">Time</div>
|
||||
<div id="tx-detail-time" class="text-xs"></div>
|
||||
</div>
|
||||
<div id="tx-detail-block-section" class="mb-2 hidden">
|
||||
<div class="text-xs text-muted mb-1">Block</div>
|
||||
<div id="tx-detail-block" class="text-xs"></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ── Value ── -->
|
||||
<div class="bg-well p-3 mx-1 mb-3">
|
||||
<div class="mb-2">
|
||||
<div class="text-xs text-muted mb-1">Amount</div>
|
||||
<div id="tx-detail-value" class="text-xs"></div>
|
||||
</div>
|
||||
<div class="mb-2 hidden">
|
||||
<div class="text-xs text-muted mb-1">
|
||||
Native quantity
|
||||
</div>
|
||||
<div id="tx-detail-native" class="text-xs"></div>
|
||||
</div>
|
||||
<div
|
||||
id="tx-detail-token-contract-section"
|
||||
class="mb-2 hidden"
|
||||
>
|
||||
<div class="text-xs text-muted mb-1">
|
||||
Token contract
|
||||
</div>
|
||||
<div
|
||||
id="tx-detail-token-contract"
|
||||
class="text-xs break-all"
|
||||
></div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="mb-4">
|
||||
<div class="text-xs text-muted mb-1">Transaction hash</div>
|
||||
<div id="tx-detail-hash" class="text-xs break-all"></div>
|
||||
|
||||
<!-- ── Decoded details ── -->
|
||||
<div id="tx-detail-calldata-section" class="hidden">
|
||||
<div class="bg-well p-3 mx-1 mb-3">
|
||||
<div id="tx-detail-calldata-well" class="mb-2">
|
||||
<div class="text-xs text-muted mb-1">Action</div>
|
||||
<div
|
||||
id="tx-detail-calldata-action"
|
||||
class="text-xs font-bold mb-2"
|
||||
></div>
|
||||
<div
|
||||
id="tx-detail-calldata-details"
|
||||
class="text-xs"
|
||||
></div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div id="tx-detail-rawdata-section" class="mb-4 hidden">
|
||||
<div class="text-xs text-muted mb-1">Raw data</div>
|
||||
<div
|
||||
id="tx-detail-rawdata"
|
||||
class="text-xs break-all font-mono border border-border border-dashed p-2"
|
||||
></div>
|
||||
|
||||
<!-- ── Network details ── -->
|
||||
<div id="tx-detail-network-section" class="hidden">
|
||||
<div class="bg-well p-3 mx-1 mb-3">
|
||||
<div id="tx-detail-nonce-section" class="mb-2 hidden">
|
||||
<div class="text-xs text-muted mb-1">Nonce</div>
|
||||
<div id="tx-detail-nonce" class="text-xs"></div>
|
||||
</div>
|
||||
<div
|
||||
id="tx-detail-gasprice-section"
|
||||
class="mb-2 hidden"
|
||||
>
|
||||
<div class="text-xs text-muted mb-1">Gas price</div>
|
||||
<div id="tx-detail-gasprice" class="text-xs"></div>
|
||||
</div>
|
||||
<div id="tx-detail-gasused-section" class="mb-2 hidden">
|
||||
<div class="text-xs text-muted mb-1">Gas used</div>
|
||||
<div id="tx-detail-gasused" class="text-xs"></div>
|
||||
</div>
|
||||
<div id="tx-detail-fee-section" class="mb-2 hidden">
|
||||
<div class="text-xs text-muted mb-1">
|
||||
Transaction fee
|
||||
</div>
|
||||
<div id="tx-detail-fee" class="text-xs"></div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ── Raw data ── -->
|
||||
<div id="tx-detail-rawdata-section" class="hidden">
|
||||
<div class="bg-well p-3 mx-1 mb-3">
|
||||
<div class="mb-2">
|
||||
<div class="text-xs text-muted mb-1">Raw data</div>
|
||||
<div
|
||||
id="tx-detail-rawdata"
|
||||
class="text-xs break-all font-mono border border-border border-dashed p-2"
|
||||
></div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ============ TRANSACTION APPROVAL ============ -->
|
||||
<div id="view-approve-tx" class="view hidden">
|
||||
<h2 class="font-bold mb-2">Transaction Request</h2>
|
||||
<div
|
||||
id="approve-tx-phishing-warning"
|
||||
class="mb-3 p-2 text-xs font-bold hidden bg-red-100 text-red-800 border-2 border-red-600 rounded-md"
|
||||
>
|
||||
⚠️ PHISHING WARNING: This site is on a known phishing
|
||||
blocklist. This transaction may steal your funds. Proceed
|
||||
with extreme caution.
|
||||
</div>
|
||||
<p class="mb-2">
|
||||
<span id="approve-tx-hostname" class="font-bold"></span>
|
||||
wants to send a transaction.
|
||||
@@ -1117,7 +1288,8 @@
|
||||
</div>
|
||||
<div
|
||||
id="approve-tx-error"
|
||||
class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem] hidden"
|
||||
class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<div class="flex justify-between">
|
||||
<button
|
||||
@@ -1138,6 +1310,14 @@
|
||||
<!-- ============ SIGNATURE APPROVAL ============ -->
|
||||
<div id="view-approve-sign" class="view hidden">
|
||||
<h2 class="font-bold mb-2">Signature Request</h2>
|
||||
<div
|
||||
id="approve-sign-phishing-warning"
|
||||
class="mb-3 p-2 text-xs font-bold hidden bg-red-100 text-red-800 border-2 border-red-600 rounded-md"
|
||||
>
|
||||
⚠️ PHISHING WARNING: This site is on a known phishing
|
||||
blocklist. Signing this message may authorize theft of your
|
||||
funds. Proceed with extreme caution.
|
||||
</div>
|
||||
<p class="mb-2">
|
||||
<span id="approve-sign-hostname" class="font-bold"></span>
|
||||
wants you to sign a message.
|
||||
@@ -1145,8 +1325,10 @@
|
||||
|
||||
<div
|
||||
id="approve-sign-danger-warning"
|
||||
class="hidden mb-3 p-2 text-xs font-bold"
|
||||
class="mb-3 p-2 text-xs font-bold"
|
||||
style="
|
||||
visibility: hidden;
|
||||
min-height: 1.25rem;
|
||||
background: #fee2e2;
|
||||
color: #991b1b;
|
||||
border: 2px solid #dc2626;
|
||||
@@ -1183,7 +1365,8 @@
|
||||
</div>
|
||||
<div
|
||||
id="approve-sign-error"
|
||||
class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem] hidden"
|
||||
class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<div class="flex justify-between">
|
||||
<button
|
||||
@@ -1204,6 +1387,14 @@
|
||||
<!-- ============ SITE APPROVAL ============ -->
|
||||
<div id="view-approve-site" class="view hidden">
|
||||
<h2 class="font-bold mb-2">Connection Request</h2>
|
||||
<div
|
||||
id="approve-site-phishing-warning"
|
||||
class="mb-3 p-2 text-xs font-bold hidden bg-red-100 text-red-800 border-2 border-red-600 rounded-md"
|
||||
>
|
||||
⚠️ PHISHING WARNING: This site is on a known phishing
|
||||
blocklist. Connecting your wallet may result in loss of
|
||||
funds. Proceed with extreme caution.
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<p class="mb-2">
|
||||
<span id="approve-hostname" class="font-bold"></span>
|
||||
|
||||
@@ -6,11 +6,11 @@ const { state, saveState, loadState } = require("../shared/state");
|
||||
const { refreshPrices } = require("../shared/prices");
|
||||
const { refreshBalances } = require("../shared/balances");
|
||||
const { $, showView } = require("./views/helpers");
|
||||
const { applyTheme } = require("./theme");
|
||||
|
||||
const home = require("./views/home");
|
||||
const welcome = require("./views/welcome");
|
||||
const addWallet = require("./views/addWallet");
|
||||
const importKey = require("./views/importKey");
|
||||
const addressDetail = require("./views/addressDetail");
|
||||
const addressToken = require("./views/addressToken");
|
||||
const send = require("./views/send");
|
||||
@@ -54,7 +54,6 @@ const ctx = {
|
||||
renderWalletList,
|
||||
doRefreshAndRender,
|
||||
showAddWalletView: () => addWallet.show(),
|
||||
showImportKeyView: () => importKey.show(),
|
||||
showAddressDetail: () => addressDetail.show(),
|
||||
showAddressToken: () => addressToken.show(),
|
||||
showAddTokenView: () => addToken.show(),
|
||||
@@ -178,6 +177,7 @@ async function init() {
|
||||
}
|
||||
|
||||
await loadState();
|
||||
applyTheme(state.theme);
|
||||
|
||||
// Auto-default active address
|
||||
if (
|
||||
@@ -217,7 +217,6 @@ async function init() {
|
||||
|
||||
welcome.init(ctx);
|
||||
addWallet.init(ctx);
|
||||
importKey.init(ctx);
|
||||
home.init(ctx);
|
||||
addressDetail.init(ctx);
|
||||
addressToken.init(ctx);
|
||||
|
||||
@@ -15,7 +15,32 @@
|
||||
--color-section: #dddddd;
|
||||
}
|
||||
|
||||
html.dark {
|
||||
--color-bg: #000000;
|
||||
--color-fg: #ffffff;
|
||||
--color-muted: #aaaaaa;
|
||||
--color-border: #ffffff;
|
||||
--color-border-light: #444444;
|
||||
--color-hover: #222222;
|
||||
--color-well: #1a1a1a;
|
||||
--color-danger-well: #2a0a0a;
|
||||
--color-section: #2a2a2a;
|
||||
}
|
||||
|
||||
body {
|
||||
width: 396px;
|
||||
overflow-x: hidden;
|
||||
}
|
||||
|
||||
/* Copy-flash feedback: inverts colors then fades back */
|
||||
.copy-flash-active {
|
||||
background-color: var(--color-fg) !important;
|
||||
color: var(--color-bg) !important;
|
||||
transition: none;
|
||||
}
|
||||
|
||||
.copy-flash-fade {
|
||||
transition:
|
||||
background-color 225ms ease-out,
|
||||
color 225ms ease-out;
|
||||
}
|
||||
|
||||
33
src/popup/theme.js
Normal file
33
src/popup/theme.js
Normal file
@@ -0,0 +1,33 @@
|
||||
// Theme management: applies light/dark class to <html> based on preference.
|
||||
|
||||
let mediaQuery = null;
|
||||
let mediaHandler = null;
|
||||
|
||||
function applyTheme(theme) {
|
||||
// Clean up previous system listener
|
||||
if (mediaQuery && mediaHandler) {
|
||||
mediaQuery.removeEventListener("change", mediaHandler);
|
||||
mediaHandler = null;
|
||||
}
|
||||
|
||||
if (theme === "dark") {
|
||||
document.documentElement.classList.add("dark");
|
||||
} else if (theme === "light") {
|
||||
document.documentElement.classList.remove("dark");
|
||||
} else {
|
||||
// system
|
||||
mediaQuery = window.matchMedia("(prefers-color-scheme: dark)");
|
||||
const update = () => {
|
||||
if (mediaQuery.matches) {
|
||||
document.documentElement.classList.add("dark");
|
||||
} else {
|
||||
document.documentElement.classList.remove("dark");
|
||||
}
|
||||
};
|
||||
mediaHandler = update;
|
||||
mediaQuery.addEventListener("change", update);
|
||||
update();
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = { applyTheme };
|
||||
@@ -7,7 +7,8 @@ const { log } = require("../../shared/log");
|
||||
|
||||
function show() {
|
||||
$("add-token-address").value = "";
|
||||
$("add-token-info").classList.add("hidden");
|
||||
$("add-token-info").textContent = "";
|
||||
$("add-token-info").style.visibility = "hidden";
|
||||
const list = $("common-token-list");
|
||||
list.innerHTML = getTopTokens(25)
|
||||
.map(
|
||||
@@ -45,7 +46,7 @@ function init(ctx) {
|
||||
}
|
||||
const infoEl = $("add-token-info");
|
||||
infoEl.textContent = "Looking up token...";
|
||||
infoEl.classList.remove("hidden");
|
||||
infoEl.style.visibility = "visible";
|
||||
log.debugf("Looking up token contract", contractAddr);
|
||||
try {
|
||||
const info = await lookupTokenInfo(contractAddr, state.rpcUrl);
|
||||
@@ -63,7 +64,8 @@ function init(ctx) {
|
||||
const detail = e.shortMessage || e.message || String(e);
|
||||
log.errorf("Token lookup failed for", contractAddr, detail);
|
||||
showFlash(detail);
|
||||
infoEl.classList.add("hidden");
|
||||
infoEl.textContent = "";
|
||||
infoEl.style.visibility = "hidden";
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -3,114 +3,299 @@ const {
|
||||
generateMnemonic,
|
||||
hdWalletFromMnemonic,
|
||||
isValidMnemonic,
|
||||
addressFromPrivateKey,
|
||||
hdWalletFromXprv,
|
||||
isValidXprv,
|
||||
} = require("../../shared/wallet");
|
||||
const { encryptWithPassword } = require("../../shared/vault");
|
||||
const { state, saveState } = require("../../shared/state");
|
||||
const { scanForAddresses } = require("../../shared/balances");
|
||||
|
||||
/**
|
||||
* Check if an address already exists in ANY wallet (hd, xprv, or key).
|
||||
* Returns the wallet object if found, or undefined.
|
||||
*/
|
||||
function findWalletByAddress(addr) {
|
||||
const lower = addr.toLowerCase();
|
||||
return state.wallets.find((w) =>
|
||||
w.addresses.some((a) => a.address.toLowerCase() === lower),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if an xpub already exists in any HD-type wallet (hd or xprv).
|
||||
* Returns the wallet object if found, or undefined.
|
||||
*/
|
||||
function findWalletByXpub(xpub) {
|
||||
return state.wallets.find((w) => w.xpub && w.xpub === xpub);
|
||||
}
|
||||
|
||||
let currentMode = "mnemonic";
|
||||
|
||||
const MODES = ["mnemonic", "privkey", "xprv"];
|
||||
|
||||
const PASSWORD_HINTS = {
|
||||
mnemonic:
|
||||
"This password encrypts your recovery phrase on this device. You will need it to send funds.",
|
||||
privkey:
|
||||
"This password encrypts your private key on this device. You will need it to send funds.",
|
||||
xprv: "This password encrypts your key on this device. You will need it to send funds.",
|
||||
};
|
||||
|
||||
function switchMode(mode) {
|
||||
currentMode = mode;
|
||||
for (const m of MODES) {
|
||||
$("add-wallet-section-" + m).classList.toggle("hidden", m !== mode);
|
||||
const tab = $("tab-" + m);
|
||||
const isActive = m === mode;
|
||||
// Active: bold, solid border on top/sides, no bottom border (connects to content)
|
||||
tab.classList.toggle("font-bold", isActive);
|
||||
tab.classList.toggle("border-solid", isActive);
|
||||
tab.classList.toggle("border-border", isActive);
|
||||
tab.classList.toggle("border-b-bg", isActive);
|
||||
tab.classList.toggle("bg-bg", isActive);
|
||||
// Inactive: muted text, dashed border on top/sides, transparent bottom, hover invert
|
||||
tab.classList.toggle("text-muted", !isActive);
|
||||
tab.classList.toggle("border-dashed", !isActive);
|
||||
tab.classList.toggle("border-border-light", !isActive);
|
||||
tab.classList.toggle("border-b-transparent", !isActive);
|
||||
tab.classList.toggle("hover:bg-fg", !isActive);
|
||||
tab.classList.toggle("hover:text-bg", !isActive);
|
||||
}
|
||||
$("add-wallet-password-hint").textContent = PASSWORD_HINTS[mode];
|
||||
}
|
||||
|
||||
function show() {
|
||||
$("wallet-mnemonic").value = "";
|
||||
$("import-private-key").value = "";
|
||||
$("import-xprv-key").value = "";
|
||||
$("add-wallet-password").value = "";
|
||||
$("add-wallet-password-confirm").value = "";
|
||||
$("add-wallet-phrase-warning").classList.add("hidden");
|
||||
$("add-wallet-phrase-warning").style.visibility = "hidden";
|
||||
switchMode("mnemonic");
|
||||
showView("add-wallet");
|
||||
}
|
||||
|
||||
function init(ctx) {
|
||||
$("btn-generate-phrase").addEventListener("click", () => {
|
||||
$("wallet-mnemonic").value = generateMnemonic();
|
||||
$("add-wallet-phrase-warning").classList.remove("hidden");
|
||||
});
|
||||
function validatePassword() {
|
||||
const pw = $("add-wallet-password").value;
|
||||
const pw2 = $("add-wallet-password-confirm").value;
|
||||
if (!pw) {
|
||||
showFlash("Please choose a password.");
|
||||
return null;
|
||||
}
|
||||
if (pw.length < 12) {
|
||||
showFlash("Password must be at least 12 characters.");
|
||||
return null;
|
||||
}
|
||||
if (pw !== pw2) {
|
||||
showFlash("Passwords do not match.");
|
||||
return null;
|
||||
}
|
||||
return pw;
|
||||
}
|
||||
|
||||
$("btn-add-wallet-confirm").addEventListener("click", async () => {
|
||||
const mnemonic = $("wallet-mnemonic").value.trim();
|
||||
if (!mnemonic) {
|
||||
showFlash(
|
||||
"Enter a recovery phrase or press the die to generate one.",
|
||||
);
|
||||
return;
|
||||
}
|
||||
const words = mnemonic.split(/\s+/);
|
||||
if (words.length !== 12 && words.length !== 24) {
|
||||
showFlash(
|
||||
"Recovery phrase must be 12 or 24 words. You entered " +
|
||||
words.length +
|
||||
".",
|
||||
);
|
||||
return;
|
||||
}
|
||||
if (!isValidMnemonic(mnemonic)) {
|
||||
showFlash("Invalid recovery phrase. Check for typos.");
|
||||
return;
|
||||
}
|
||||
const pw = $("add-wallet-password").value;
|
||||
const pw2 = $("add-wallet-password-confirm").value;
|
||||
if (!pw) {
|
||||
showFlash("Please choose a password.");
|
||||
return;
|
||||
}
|
||||
if (pw.length < 12) {
|
||||
showFlash("Password must be at least 12 characters.");
|
||||
return;
|
||||
}
|
||||
if (pw !== pw2) {
|
||||
showFlash("Passwords do not match.");
|
||||
return;
|
||||
}
|
||||
const { xpub, firstAddress } = hdWalletFromMnemonic(mnemonic);
|
||||
const duplicate = state.wallets.find(
|
||||
(w) =>
|
||||
w.type === "hd" &&
|
||||
w.addresses[0] &&
|
||||
w.addresses[0].address.toLowerCase() ===
|
||||
firstAddress.toLowerCase(),
|
||||
async function importMnemonic(ctx) {
|
||||
const mnemonic = $("wallet-mnemonic").value.trim();
|
||||
if (!mnemonic) {
|
||||
showFlash("Enter a recovery phrase or press the die to generate one.");
|
||||
return;
|
||||
}
|
||||
const words = mnemonic.split(/\s+/);
|
||||
if (words.length !== 12 && words.length !== 24) {
|
||||
showFlash(
|
||||
"Recovery phrase must be 12 or 24 words. You entered " +
|
||||
words.length +
|
||||
".",
|
||||
);
|
||||
if (duplicate) {
|
||||
showFlash(
|
||||
"This recovery phrase is already added (" +
|
||||
duplicate.name +
|
||||
").",
|
||||
);
|
||||
return;
|
||||
}
|
||||
const encrypted = await encryptWithPassword(mnemonic, pw);
|
||||
const walletNum = state.wallets.length + 1;
|
||||
const wallet = {
|
||||
type: "hd",
|
||||
name: "Wallet " + walletNum,
|
||||
xpub: xpub,
|
||||
encryptedSecret: encrypted,
|
||||
nextIndex: 1,
|
||||
addresses: [
|
||||
{ address: firstAddress, balance: "0.0000", tokenBalances: [] },
|
||||
],
|
||||
};
|
||||
state.wallets.push(wallet);
|
||||
state.hasWallet = true;
|
||||
return;
|
||||
}
|
||||
if (!isValidMnemonic(mnemonic)) {
|
||||
showFlash("Invalid recovery phrase. Check for typos.");
|
||||
return;
|
||||
}
|
||||
const pw = validatePassword();
|
||||
if (!pw) return;
|
||||
const { xpub, firstAddress } = hdWalletFromMnemonic(mnemonic);
|
||||
const xpubDup = findWalletByXpub(xpub);
|
||||
if (xpubDup) {
|
||||
showFlash(
|
||||
"This recovery phrase is already added (" + xpubDup.name + ").",
|
||||
);
|
||||
return;
|
||||
}
|
||||
const addrDup = findWalletByAddress(firstAddress);
|
||||
if (addrDup) {
|
||||
showFlash("Address already exists in wallet (" + addrDup.name + ").");
|
||||
return;
|
||||
}
|
||||
const encrypted = await encryptWithPassword(mnemonic, pw);
|
||||
const walletNum = state.wallets.length + 1;
|
||||
const wallet = {
|
||||
type: "hd",
|
||||
name: "Wallet " + walletNum,
|
||||
xpub: xpub,
|
||||
encryptedSecret: encrypted,
|
||||
nextIndex: 1,
|
||||
addresses: [
|
||||
{ address: firstAddress, balance: "0.0000", tokenBalances: [] },
|
||||
],
|
||||
};
|
||||
state.wallets.push(wallet);
|
||||
state.hasWallet = true;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showView("main");
|
||||
|
||||
// Scan for used HD addresses beyond index 0.
|
||||
showFlash("Scanning for addresses...", 30000);
|
||||
const scan = await scanForAddresses(xpub, state.rpcUrl);
|
||||
if (scan.addresses.length > 1) {
|
||||
wallet.addresses = scan.addresses.map((a) => ({
|
||||
address: a.address,
|
||||
balance: "0.0000",
|
||||
tokenBalances: [],
|
||||
}));
|
||||
wallet.nextIndex = scan.nextIndex;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showView("main");
|
||||
showFlash("Found " + scan.addresses.length + " addresses.");
|
||||
} else {
|
||||
showFlash("Ready.", 1000);
|
||||
}
|
||||
|
||||
// Scan for used HD addresses beyond index 0.
|
||||
showFlash("Scanning for addresses...", 30000);
|
||||
const scan = await scanForAddresses(xpub, state.rpcUrl);
|
||||
if (scan.addresses.length > 1) {
|
||||
wallet.addresses = scan.addresses.map((a) => ({
|
||||
address: a.address,
|
||||
balance: "0.0000",
|
||||
tokenBalances: [],
|
||||
}));
|
||||
wallet.nextIndex = scan.nextIndex;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showFlash("Found " + scan.addresses.length + " addresses.");
|
||||
} else {
|
||||
showFlash("Ready.", 1000);
|
||||
}
|
||||
ctx.doRefreshAndRender();
|
||||
}
|
||||
|
||||
ctx.doRefreshAndRender();
|
||||
async function importPrivateKey(ctx) {
|
||||
const key = $("import-private-key").value.trim();
|
||||
if (!key) {
|
||||
showFlash("Please enter your private key.");
|
||||
return;
|
||||
}
|
||||
let addr;
|
||||
try {
|
||||
addr = addressFromPrivateKey(key);
|
||||
} catch (e) {
|
||||
showFlash("Invalid private key.");
|
||||
return;
|
||||
}
|
||||
const pw = validatePassword();
|
||||
if (!pw) return;
|
||||
const duplicate = findWalletByAddress(addr);
|
||||
if (duplicate) {
|
||||
showFlash(
|
||||
"This address already exists in wallet (" + duplicate.name + ").",
|
||||
);
|
||||
return;
|
||||
}
|
||||
const encrypted = await encryptWithPassword(key, pw);
|
||||
const walletNum = state.wallets.length + 1;
|
||||
state.wallets.push({
|
||||
type: "key",
|
||||
name: "Wallet " + walletNum,
|
||||
encryptedSecret: encrypted,
|
||||
addresses: [{ address: addr, balance: "0.0000", tokenBalances: [] }],
|
||||
});
|
||||
state.hasWallet = true;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showView("main");
|
||||
|
||||
ctx.doRefreshAndRender();
|
||||
}
|
||||
|
||||
async function importXprvKey(ctx) {
|
||||
const xprv = $("import-xprv-key").value.trim();
|
||||
if (!xprv) {
|
||||
showFlash("Please enter your extended private key.");
|
||||
return;
|
||||
}
|
||||
if (!isValidXprv(xprv)) {
|
||||
showFlash("Invalid extended private key.");
|
||||
return;
|
||||
}
|
||||
let result;
|
||||
try {
|
||||
result = hdWalletFromXprv(xprv);
|
||||
} catch (e) {
|
||||
showFlash("Invalid extended private key.");
|
||||
return;
|
||||
}
|
||||
const { xpub, firstAddress } = result;
|
||||
const xpubDup = findWalletByXpub(xpub);
|
||||
if (xpubDup) {
|
||||
showFlash("This key is already added (" + xpubDup.name + ").");
|
||||
return;
|
||||
}
|
||||
const addrDup = findWalletByAddress(firstAddress);
|
||||
if (addrDup) {
|
||||
showFlash("Address already exists in wallet (" + addrDup.name + ").");
|
||||
return;
|
||||
}
|
||||
const pw = validatePassword();
|
||||
if (!pw) return;
|
||||
const encrypted = await encryptWithPassword(xprv, pw);
|
||||
const walletNum = state.wallets.length + 1;
|
||||
const wallet = {
|
||||
type: "xprv",
|
||||
name: "Wallet " + walletNum,
|
||||
xpub: xpub,
|
||||
encryptedSecret: encrypted,
|
||||
nextIndex: 1,
|
||||
addresses: [
|
||||
{ address: firstAddress, balance: "0.0000", tokenBalances: [] },
|
||||
],
|
||||
};
|
||||
state.wallets.push(wallet);
|
||||
state.hasWallet = true;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showView("main");
|
||||
|
||||
// Scan for used HD addresses beyond index 0.
|
||||
showFlash("Scanning for addresses...", 30000);
|
||||
const scan = await scanForAddresses(xpub, state.rpcUrl);
|
||||
if (scan.addresses.length > 1) {
|
||||
wallet.addresses = scan.addresses.map((a) => ({
|
||||
address: a.address,
|
||||
balance: "0.0000",
|
||||
tokenBalances: [],
|
||||
}));
|
||||
wallet.nextIndex = scan.nextIndex;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showFlash("Found " + scan.addresses.length + " addresses.");
|
||||
} else {
|
||||
showFlash("Ready.", 1000);
|
||||
}
|
||||
|
||||
ctx.doRefreshAndRender();
|
||||
}
|
||||
|
||||
function init(ctx) {
|
||||
// Tab click handlers
|
||||
$("tab-mnemonic").addEventListener("click", () => switchMode("mnemonic"));
|
||||
$("tab-privkey").addEventListener("click", () => switchMode("privkey"));
|
||||
$("tab-xprv").addEventListener("click", () => switchMode("xprv"));
|
||||
|
||||
// Generate mnemonic
|
||||
$("btn-generate-phrase").addEventListener("click", () => {
|
||||
$("wallet-mnemonic").value = generateMnemonic();
|
||||
$("add-wallet-phrase-warning").style.visibility = "visible";
|
||||
});
|
||||
|
||||
// Import / confirm
|
||||
$("btn-add-wallet-confirm").addEventListener("click", async () => {
|
||||
if (currentMode === "mnemonic") {
|
||||
await importMnemonic(ctx);
|
||||
} else if (currentMode === "privkey") {
|
||||
await importPrivateKey(ctx);
|
||||
} else if (currentMode === "xprv") {
|
||||
await importXprvKey(ctx);
|
||||
}
|
||||
});
|
||||
|
||||
// Back button
|
||||
$("btn-add-wallet-back").addEventListener("click", () => {
|
||||
if (!state.hasWallet) {
|
||||
showView("welcome");
|
||||
@@ -119,11 +304,6 @@ function init(ctx) {
|
||||
showView("main");
|
||||
}
|
||||
});
|
||||
|
||||
$("btn-add-wallet-import-key").addEventListener(
|
||||
"click",
|
||||
ctx.showImportKeyView,
|
||||
);
|
||||
}
|
||||
|
||||
module.exports = { init, show };
|
||||
|
||||
@@ -2,6 +2,7 @@ const {
|
||||
$,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
balanceLinesForAddress,
|
||||
addressDotHtml,
|
||||
addressTitle,
|
||||
@@ -94,18 +95,39 @@ function show() {
|
||||
function isoDate(timestamp) {
|
||||
const d = new Date(timestamp * 1000);
|
||||
const pad = (n) => String(n).padStart(2, "0");
|
||||
if (state.utcTimestamps) {
|
||||
return (
|
||||
d.getUTCFullYear() +
|
||||
"-" +
|
||||
pad(d.getUTCMonth() + 1) +
|
||||
"-" +
|
||||
pad(d.getUTCDate()) +
|
||||
"T" +
|
||||
pad(d.getUTCHours()) +
|
||||
":" +
|
||||
pad(d.getUTCMinutes()) +
|
||||
":" +
|
||||
pad(d.getUTCSeconds()) +
|
||||
"Z"
|
||||
);
|
||||
}
|
||||
const offsetMin = -d.getTimezoneOffset();
|
||||
const sign = offsetMin >= 0 ? "+" : "-";
|
||||
const absOff = Math.abs(offsetMin);
|
||||
const tzStr = sign + pad(Math.floor(absOff / 60)) + ":" + pad(absOff % 60);
|
||||
return (
|
||||
d.getFullYear() +
|
||||
"-" +
|
||||
pad(d.getMonth() + 1) +
|
||||
"-" +
|
||||
pad(d.getDate()) +
|
||||
" " +
|
||||
"T" +
|
||||
pad(d.getHours()) +
|
||||
":" +
|
||||
pad(d.getMinutes()) +
|
||||
":" +
|
||||
pad(d.getSeconds())
|
||||
pad(d.getSeconds()) +
|
||||
tzStr
|
||||
);
|
||||
}
|
||||
|
||||
@@ -241,6 +263,7 @@ function init(_ctx) {
|
||||
if (addr) {
|
||||
navigator.clipboard.writeText(addr);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback($("address-full"));
|
||||
}
|
||||
});
|
||||
|
||||
@@ -310,8 +333,8 @@ function init(_ctx) {
|
||||
$("export-privkey-address").textContent = addr.address;
|
||||
$("export-privkey-address").dataset.full = addr.address;
|
||||
$("export-privkey-password").value = "";
|
||||
$("export-privkey-flash").classList.add("hidden");
|
||||
$("export-privkey-flash").textContent = "";
|
||||
$("export-privkey-flash").style.visibility = "hidden";
|
||||
$("export-privkey-password-section").classList.remove("hidden");
|
||||
$("export-privkey-result").classList.add("hidden");
|
||||
$("export-privkey-value").textContent = "";
|
||||
@@ -322,7 +345,7 @@ function init(_ctx) {
|
||||
const password = $("export-privkey-password").value;
|
||||
if (!password) {
|
||||
$("export-privkey-flash").textContent = "Password is required.";
|
||||
$("export-privkey-flash").classList.remove("hidden");
|
||||
$("export-privkey-flash").style.visibility = "visible";
|
||||
return;
|
||||
}
|
||||
const btn = $("btn-export-privkey-confirm");
|
||||
@@ -343,10 +366,10 @@ function init(_ctx) {
|
||||
$("export-privkey-password-section").classList.add("hidden");
|
||||
$("export-privkey-value").textContent = privateKey;
|
||||
$("export-privkey-result").classList.remove("hidden");
|
||||
$("export-privkey-flash").classList.add("hidden");
|
||||
$("export-privkey-flash").style.visibility = "hidden";
|
||||
} catch {
|
||||
$("export-privkey-flash").textContent = "Wrong password.";
|
||||
$("export-privkey-flash").classList.remove("hidden");
|
||||
$("export-privkey-flash").style.visibility = "visible";
|
||||
} finally {
|
||||
btn.disabled = false;
|
||||
btn.classList.remove("text-muted");
|
||||
@@ -358,6 +381,7 @@ function init(_ctx) {
|
||||
if (key) {
|
||||
navigator.clipboard.writeText(key);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback($("export-privkey-value"));
|
||||
}
|
||||
});
|
||||
|
||||
@@ -366,6 +390,7 @@ function init(_ctx) {
|
||||
if (full) {
|
||||
navigator.clipboard.writeText(full);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback($("export-privkey-address"));
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -5,6 +5,7 @@ const {
|
||||
$,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
addressDotHtml,
|
||||
addressTitle,
|
||||
escapeHtml,
|
||||
@@ -44,21 +45,46 @@ function etherscanAddressLink(address) {
|
||||
return `https://etherscan.io/address/${address}`;
|
||||
}
|
||||
|
||||
function etherscanTokenLink(tokenContract, holderAddress) {
|
||||
return `https://etherscan.io/token/${tokenContract}?a=${holderAddress}`;
|
||||
}
|
||||
|
||||
function isoDate(timestamp) {
|
||||
const d = new Date(timestamp * 1000);
|
||||
const pad = (n) => String(n).padStart(2, "0");
|
||||
if (state.utcTimestamps) {
|
||||
return (
|
||||
d.getUTCFullYear() +
|
||||
"-" +
|
||||
pad(d.getUTCMonth() + 1) +
|
||||
"-" +
|
||||
pad(d.getUTCDate()) +
|
||||
"T" +
|
||||
pad(d.getUTCHours()) +
|
||||
":" +
|
||||
pad(d.getUTCMinutes()) +
|
||||
":" +
|
||||
pad(d.getUTCSeconds()) +
|
||||
"Z"
|
||||
);
|
||||
}
|
||||
const offsetMin = -d.getTimezoneOffset();
|
||||
const sign = offsetMin >= 0 ? "+" : "-";
|
||||
const absOff = Math.abs(offsetMin);
|
||||
const tzStr = sign + pad(Math.floor(absOff / 60)) + ":" + pad(absOff % 60);
|
||||
return (
|
||||
d.getFullYear() +
|
||||
"-" +
|
||||
pad(d.getMonth() + 1) +
|
||||
"-" +
|
||||
pad(d.getDate()) +
|
||||
" " +
|
||||
"T" +
|
||||
pad(d.getHours()) +
|
||||
":" +
|
||||
pad(d.getMinutes()) +
|
||||
":" +
|
||||
pad(d.getSeconds())
|
||||
pad(d.getSeconds()) +
|
||||
tzStr
|
||||
);
|
||||
}
|
||||
|
||||
@@ -129,7 +155,10 @@ function show() {
|
||||
$("address-token-dot").innerHTML = addressDotHtml(addr.address);
|
||||
$("address-token-full").dataset.full = addr.address;
|
||||
$("address-token-full").textContent = addr.address;
|
||||
const addrLink = etherscanAddressLink(addr.address);
|
||||
const addrLink =
|
||||
tokenId !== "ETH"
|
||||
? etherscanTokenLink(tokenId, addr.address)
|
||||
: etherscanAddressLink(addr.address);
|
||||
$("address-token-etherscan-link").innerHTML =
|
||||
`<a href="${addrLink}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
|
||||
|
||||
@@ -317,6 +346,7 @@ function init(_ctx) {
|
||||
if (addr) {
|
||||
navigator.clipboard.writeText(addr);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback($("address-token-full"));
|
||||
}
|
||||
});
|
||||
|
||||
@@ -325,6 +355,7 @@ function init(_ctx) {
|
||||
if (copyEl) {
|
||||
navigator.clipboard.writeText(copyEl.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(copyEl);
|
||||
}
|
||||
});
|
||||
|
||||
@@ -373,6 +404,7 @@ function init(_ctx) {
|
||||
copyEl.addEventListener("click", () => {
|
||||
navigator.clipboard.writeText(copyEl.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(copyEl);
|
||||
});
|
||||
}
|
||||
updateSendBalance();
|
||||
|
||||
@@ -13,7 +13,6 @@ const { ERC20_ABI } = require("../../shared/constants");
|
||||
const { TOKEN_BY_ADDRESS } = require("../../shared/tokenList");
|
||||
const txStatus = require("./txStatus");
|
||||
const uniswap = require("../../shared/uniswap");
|
||||
|
||||
const runtime =
|
||||
typeof browser !== "undefined" ? browser.runtime : chrome.runtime;
|
||||
|
||||
@@ -155,7 +154,24 @@ function decodeCalldata(data, toAddress) {
|
||||
return null;
|
||||
}
|
||||
|
||||
function showPhishingWarning(elementId, isPhishing) {
|
||||
const el = $(elementId);
|
||||
if (!el) return;
|
||||
// The background script performs the authoritative phishing domain check
|
||||
// and passes the result via the isPhishingDomain flag.
|
||||
if (isPhishing) {
|
||||
el.classList.remove("hidden");
|
||||
} else {
|
||||
el.classList.add("hidden");
|
||||
}
|
||||
}
|
||||
|
||||
function showTxApproval(details) {
|
||||
showPhishingWarning(
|
||||
"approve-tx-phishing-warning",
|
||||
details.isPhishingDomain,
|
||||
);
|
||||
|
||||
const toAddr = details.txParams.to;
|
||||
const token = toAddr ? TOKEN_BY_ADDRESS.get(toAddr.toLowerCase()) : null;
|
||||
const ethValue = formatEther(details.txParams.value || "0");
|
||||
@@ -269,7 +285,7 @@ function showTxApproval(details) {
|
||||
}
|
||||
|
||||
$("approve-tx-password").value = "";
|
||||
$("approve-tx-error").classList.add("hidden");
|
||||
hideError("approve-tx-error");
|
||||
|
||||
showView("approve-tx");
|
||||
}
|
||||
@@ -323,6 +339,11 @@ function formatTypedDataHtml(jsonStr) {
|
||||
}
|
||||
|
||||
function showSignApproval(details) {
|
||||
showPhishingWarning(
|
||||
"approve-sign-phishing-warning",
|
||||
details.isPhishingDomain,
|
||||
);
|
||||
|
||||
const sp = details.signParams;
|
||||
|
||||
$("approve-sign-hostname").textContent = details.hostname;
|
||||
@@ -351,10 +372,10 @@ function showSignApproval(details) {
|
||||
if (warningEl) {
|
||||
if (sp.dangerWarning) {
|
||||
warningEl.textContent = sp.dangerWarning;
|
||||
warningEl.classList.remove("hidden");
|
||||
warningEl.style.visibility = "visible";
|
||||
} else {
|
||||
warningEl.textContent = "";
|
||||
warningEl.classList.add("hidden");
|
||||
warningEl.style.visibility = "hidden";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -382,6 +403,11 @@ function show(id) {
|
||||
showSignApproval(details);
|
||||
return;
|
||||
}
|
||||
// Site connection approval
|
||||
showPhishingWarning(
|
||||
"approve-site-phishing-warning",
|
||||
details.isPhishingDomain,
|
||||
);
|
||||
$("approve-hostname").textContent = details.hostname;
|
||||
$("approve-address").innerHTML = approvalAddressHtml(
|
||||
state.activeAddress,
|
||||
|
||||
@@ -15,6 +15,7 @@ const {
|
||||
hideError,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
addressTitle,
|
||||
addressDotHtml,
|
||||
escapeHtml,
|
||||
@@ -24,9 +25,11 @@ const { getSignerForAddress } = require("../../shared/wallet");
|
||||
const { decryptWithPassword } = require("../../shared/vault");
|
||||
const { formatUsd, getPrice } = require("../../shared/prices");
|
||||
const { getProvider } = require("../../shared/balances");
|
||||
const { isScamAddress } = require("../../shared/scamlist");
|
||||
const { hasTransactionHistory } = require("../../shared/transactions");
|
||||
const { ERC20_ABI } = require("../../shared/constants");
|
||||
const {
|
||||
getLocalWarnings,
|
||||
getFullWarnings,
|
||||
} = require("../../shared/addressWarnings");
|
||||
const { ERC20_ABI, isBurnAddress } = require("../../shared/constants");
|
||||
const { log } = require("../../shared/log");
|
||||
const makeBlockie = require("ethereum-blockies-base64");
|
||||
const txStatus = require("./txStatus");
|
||||
@@ -118,6 +121,7 @@ function show(txInfo) {
|
||||
copyEl.onclick = () => {
|
||||
navigator.clipboard.writeText(copyEl.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(copyEl);
|
||||
};
|
||||
}
|
||||
} else {
|
||||
@@ -166,28 +170,23 @@ function show(txInfo) {
|
||||
$("confirm-balance").textContent = valueWithUsd(bal + " ETH", balUsd);
|
||||
}
|
||||
|
||||
// Check for warnings
|
||||
const warnings = [];
|
||||
if (isScamAddress(txInfo.to)) {
|
||||
warnings.push(
|
||||
"This address is on a known scam/fraud list. Do not send funds to this address.",
|
||||
);
|
||||
}
|
||||
if (txInfo.to.toLowerCase() === txInfo.from.toLowerCase()) {
|
||||
warnings.push("You are sending to your own address.");
|
||||
}
|
||||
// Check for warnings (synchronous local checks)
|
||||
const localWarnings = getLocalWarnings(txInfo.to, {
|
||||
fromAddress: txInfo.from,
|
||||
});
|
||||
|
||||
const warningsEl = $("confirm-warnings");
|
||||
if (warnings.length > 0) {
|
||||
warningsEl.innerHTML = warnings
|
||||
if (localWarnings.length > 0) {
|
||||
warningsEl.innerHTML = localWarnings
|
||||
.map(
|
||||
(w) =>
|
||||
`<div class="border border-border border-dashed p-2 mb-1 text-xs font-bold">WARNING: ${w}</div>`,
|
||||
`<div class="border border-border border-dashed p-2 mb-1 text-xs font-bold">WARNING: ${w.message}</div>`,
|
||||
)
|
||||
.join("");
|
||||
warningsEl.classList.remove("hidden");
|
||||
warningsEl.style.visibility = "visible";
|
||||
} else {
|
||||
warningsEl.classList.add("hidden");
|
||||
warningsEl.innerHTML = "";
|
||||
warningsEl.style.visibility = "hidden";
|
||||
}
|
||||
|
||||
// Check for errors
|
||||
@@ -225,11 +224,12 @@ function show(txInfo) {
|
||||
errorsEl.innerHTML = errors
|
||||
.map((e) => `<div class="text-xs">${e}</div>`)
|
||||
.join("");
|
||||
errorsEl.classList.remove("hidden");
|
||||
errorsEl.style.visibility = "visible";
|
||||
sendBtn.disabled = true;
|
||||
sendBtn.classList.add("text-muted");
|
||||
} else {
|
||||
errorsEl.classList.add("hidden");
|
||||
errorsEl.innerHTML = "";
|
||||
errorsEl.style.visibility = "hidden";
|
||||
sendBtn.disabled = false;
|
||||
sendBtn.classList.remove("text-muted");
|
||||
}
|
||||
@@ -239,11 +239,22 @@ function show(txInfo) {
|
||||
hideError("confirm-tx-password-error");
|
||||
|
||||
// Gas estimate — show placeholder then fetch async
|
||||
$("confirm-fee").classList.remove("hidden");
|
||||
$("confirm-fee").style.visibility = "visible";
|
||||
$("confirm-fee-amount").textContent = "Estimating...";
|
||||
state.viewData = { pendingTx: txInfo };
|
||||
showView("confirm-tx");
|
||||
|
||||
// Reset async warnings to hidden (space always reserved, no layout shift)
|
||||
$("confirm-recipient-warning").style.visibility = "hidden";
|
||||
$("confirm-contract-warning").style.visibility = "hidden";
|
||||
$("confirm-burn-warning").style.visibility = "hidden";
|
||||
$("confirm-etherscan-warning").style.visibility = "hidden";
|
||||
|
||||
// Show burn warning via reserved element (in addition to inline warning)
|
||||
if (isBurnAddress(txInfo.to)) {
|
||||
$("confirm-burn-warning").style.visibility = "visible";
|
||||
}
|
||||
|
||||
estimateGas(txInfo);
|
||||
checkRecipientHistory(txInfo);
|
||||
}
|
||||
@@ -290,23 +301,20 @@ async function estimateGas(txInfo) {
|
||||
|
||||
async function checkRecipientHistory(txInfo) {
|
||||
try {
|
||||
const hasHistory = await hasTransactionHistory(
|
||||
txInfo.to,
|
||||
state.blockscoutUrl,
|
||||
);
|
||||
if (hasHistory === false) {
|
||||
const warningsEl = $("confirm-warnings");
|
||||
const warningDiv = document.createElement("div");
|
||||
warningDiv.className =
|
||||
"border border-dashed p-2 mb-1 text-xs font-bold";
|
||||
warningDiv.style.color = "#dc2626";
|
||||
warningDiv.style.borderColor = "#dc2626";
|
||||
warningDiv.textContent =
|
||||
"WARNING: This address has ZERO transaction history on-chain. " +
|
||||
"It has never sent or received any transactions. " +
|
||||
"Double-check the address before sending.";
|
||||
warningsEl.appendChild(warningDiv);
|
||||
warningsEl.classList.remove("hidden");
|
||||
const provider = getProvider(state.rpcUrl);
|
||||
const asyncWarnings = await getFullWarnings(txInfo.to, provider, {
|
||||
fromAddress: txInfo.from,
|
||||
});
|
||||
for (const w of asyncWarnings) {
|
||||
if (w.type === "contract") {
|
||||
$("confirm-contract-warning").style.visibility = "visible";
|
||||
}
|
||||
if (w.type === "new-address") {
|
||||
$("confirm-recipient-warning").style.visibility = "visible";
|
||||
}
|
||||
if (w.type === "etherscan-phishing") {
|
||||
$("confirm-etherscan-warning").style.visibility = "visible";
|
||||
}
|
||||
}
|
||||
} catch (e) {
|
||||
log.errorf("recipient history check failed:", e.message);
|
||||
|
||||
@@ -12,7 +12,7 @@ function show(walletIdx) {
|
||||
wallet.name || "Wallet " + (walletIdx + 1);
|
||||
$("delete-wallet-password").value = "";
|
||||
$("delete-wallet-flash").textContent = "";
|
||||
$("delete-wallet-flash").classList.add("hidden");
|
||||
$("delete-wallet-flash").style.visibility = "hidden";
|
||||
showView("delete-wallet-confirm");
|
||||
}
|
||||
|
||||
@@ -29,14 +29,14 @@ function init(_ctx) {
|
||||
if (!pw) {
|
||||
$("delete-wallet-flash").textContent =
|
||||
"Please enter your password.";
|
||||
$("delete-wallet-flash").classList.remove("hidden");
|
||||
$("delete-wallet-flash").style.visibility = "visible";
|
||||
return;
|
||||
}
|
||||
|
||||
if (deleteWalletIndex === null) {
|
||||
$("delete-wallet-flash").textContent =
|
||||
"No wallet selected for deletion.";
|
||||
$("delete-wallet-flash").classList.remove("hidden");
|
||||
$("delete-wallet-flash").style.visibility = "visible";
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -52,7 +52,7 @@ function init(_ctx) {
|
||||
await decryptWithPassword(wallet.encryptedSecret, pw);
|
||||
} catch (_e) {
|
||||
$("delete-wallet-flash").textContent = "Wrong password.";
|
||||
$("delete-wallet-flash").classList.remove("hidden");
|
||||
$("delete-wallet-flash").style.visibility = "visible";
|
||||
btn.disabled = false;
|
||||
btn.classList.remove("text-muted");
|
||||
return;
|
||||
|
||||
@@ -13,7 +13,6 @@ const { state, saveState } = require("../../shared/state");
|
||||
const VIEWS = [
|
||||
"welcome",
|
||||
"add-wallet",
|
||||
"import-key",
|
||||
"main",
|
||||
"address",
|
||||
"address-token",
|
||||
@@ -41,11 +40,13 @@ function $(id) {
|
||||
function showError(id, msg) {
|
||||
const el = $(id);
|
||||
el.textContent = msg;
|
||||
el.classList.remove("hidden");
|
||||
el.style.visibility = "visible";
|
||||
}
|
||||
|
||||
function hideError(id) {
|
||||
$(id).classList.add("hidden");
|
||||
const el = $(id);
|
||||
el.textContent = "";
|
||||
el.style.visibility = "hidden";
|
||||
}
|
||||
|
||||
function showView(name) {
|
||||
@@ -227,18 +228,39 @@ function formatAddressHtml(address, ensName, maxLen, title) {
|
||||
function isoDate(timestamp) {
|
||||
const d = new Date(timestamp * 1000);
|
||||
const pad = (n) => String(n).padStart(2, "0");
|
||||
if (state.utcTimestamps) {
|
||||
return (
|
||||
d.getUTCFullYear() +
|
||||
"-" +
|
||||
pad(d.getUTCMonth() + 1) +
|
||||
"-" +
|
||||
pad(d.getUTCDate()) +
|
||||
"T" +
|
||||
pad(d.getUTCHours()) +
|
||||
":" +
|
||||
pad(d.getUTCMinutes()) +
|
||||
":" +
|
||||
pad(d.getUTCSeconds()) +
|
||||
"Z"
|
||||
);
|
||||
}
|
||||
const offsetMin = -d.getTimezoneOffset();
|
||||
const sign = offsetMin >= 0 ? "+" : "-";
|
||||
const absOff = Math.abs(offsetMin);
|
||||
const tzStr = sign + pad(Math.floor(absOff / 60)) + ":" + pad(absOff % 60);
|
||||
return (
|
||||
d.getFullYear() +
|
||||
"-" +
|
||||
pad(d.getMonth() + 1) +
|
||||
"-" +
|
||||
pad(d.getDate()) +
|
||||
" " +
|
||||
"T" +
|
||||
pad(d.getHours()) +
|
||||
":" +
|
||||
pad(d.getMinutes()) +
|
||||
":" +
|
||||
pad(d.getSeconds())
|
||||
pad(d.getSeconds()) +
|
||||
tzStr
|
||||
);
|
||||
}
|
||||
|
||||
@@ -259,12 +281,26 @@ function timeAgo(timestamp) {
|
||||
return years + " year" + (years !== 1 ? "s" : "") + " ago";
|
||||
}
|
||||
|
||||
function flashCopyFeedback(el) {
|
||||
if (!el) return;
|
||||
el.classList.remove("copy-flash-fade");
|
||||
el.classList.add("copy-flash-active");
|
||||
setTimeout(() => {
|
||||
el.classList.remove("copy-flash-active");
|
||||
el.classList.add("copy-flash-fade");
|
||||
setTimeout(() => {
|
||||
el.classList.remove("copy-flash-fade");
|
||||
}, 275);
|
||||
}, 75);
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
$,
|
||||
showError,
|
||||
hideError,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
balanceLine,
|
||||
balanceLinesForAddress,
|
||||
addressColor,
|
||||
|
||||
@@ -2,6 +2,7 @@ const {
|
||||
$,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
balanceLinesForAddress,
|
||||
isoDate,
|
||||
timeAgo,
|
||||
@@ -85,9 +86,10 @@ function renderActiveAddress() {
|
||||
el.innerHTML =
|
||||
`<span class="underline decoration-dashed cursor-pointer" id="active-addr-copy">${dot}${escapeHtml(addr)}</span>` +
|
||||
`<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
|
||||
$("active-addr-copy").addEventListener("click", () => {
|
||||
$("active-addr-copy").addEventListener("click", (e) => {
|
||||
navigator.clipboard.writeText(addr);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(e.currentTarget);
|
||||
});
|
||||
} else {
|
||||
el.textContent = "";
|
||||
@@ -239,7 +241,7 @@ function render(ctx) {
|
||||
html += `<div>`;
|
||||
html += `<div class="flex justify-between items-center bg-section py-1 px-2" style="margin:0 -0.5rem">`;
|
||||
html += `<span class="font-bold cursor-pointer wallet-name underline decoration-dashed" data-wallet="${wi}">${wallet.name}</span>`;
|
||||
if (wallet.type === "hd") {
|
||||
if (wallet.type === "hd" || wallet.type === "xprv") {
|
||||
html += `<button class="btn-add-address border border-border px-1 hover:bg-fg hover:text-bg cursor-pointer text-xs" data-wallet="${wi}" title="Add another address to this wallet">+</button>`;
|
||||
}
|
||||
html += `</div>`;
|
||||
|
||||
@@ -1,69 +0,0 @@
|
||||
const { $, showView, showFlash } = require("./helpers");
|
||||
const { addressFromPrivateKey } = require("../../shared/wallet");
|
||||
const { encryptWithPassword } = require("../../shared/vault");
|
||||
const { state, saveState } = require("../../shared/state");
|
||||
|
||||
function show() {
|
||||
$("import-private-key").value = "";
|
||||
$("import-key-password").value = "";
|
||||
$("import-key-password-confirm").value = "";
|
||||
showView("import-key");
|
||||
}
|
||||
|
||||
function init(ctx) {
|
||||
$("btn-import-key-confirm").addEventListener("click", async () => {
|
||||
const key = $("import-private-key").value.trim();
|
||||
if (!key) {
|
||||
showFlash("Please enter your private key.");
|
||||
return;
|
||||
}
|
||||
let addr;
|
||||
try {
|
||||
addr = addressFromPrivateKey(key);
|
||||
} catch (e) {
|
||||
showFlash("Invalid private key.");
|
||||
return;
|
||||
}
|
||||
const pw = $("import-key-password").value;
|
||||
const pw2 = $("import-key-password-confirm").value;
|
||||
if (!pw) {
|
||||
showFlash("Please choose a password.");
|
||||
return;
|
||||
}
|
||||
if (pw.length < 12) {
|
||||
showFlash("Password must be at least 12 characters.");
|
||||
return;
|
||||
}
|
||||
if (pw !== pw2) {
|
||||
showFlash("Passwords do not match.");
|
||||
return;
|
||||
}
|
||||
const encrypted = await encryptWithPassword(key, pw);
|
||||
const walletNum = state.wallets.length + 1;
|
||||
state.wallets.push({
|
||||
type: "key",
|
||||
name: "Wallet " + walletNum,
|
||||
encryptedSecret: encrypted,
|
||||
addresses: [
|
||||
{ address: addr, balance: "0.0000", tokenBalances: [] },
|
||||
],
|
||||
});
|
||||
state.hasWallet = true;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showView("main");
|
||||
|
||||
ctx.doRefreshAndRender();
|
||||
});
|
||||
|
||||
$("btn-import-key-back").addEventListener("click", () => {
|
||||
if (!state.hasWallet) {
|
||||
showView("welcome");
|
||||
} else {
|
||||
ctx.renderWalletList();
|
||||
showView("main");
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
module.exports = { init, show };
|
||||
@@ -2,6 +2,7 @@ const {
|
||||
$,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
formatAddressHtml,
|
||||
addressTitle,
|
||||
} = require("./helpers");
|
||||
@@ -52,19 +53,21 @@ function show() {
|
||||
"This is an ERC-20 token. Only send " +
|
||||
symbol +
|
||||
" on the Ethereum network to this address. Sending tokens on other networks will result in permanent loss.";
|
||||
warningEl.classList.remove("hidden");
|
||||
warningEl.style.visibility = "visible";
|
||||
} else {
|
||||
warningEl.classList.add("hidden");
|
||||
warningEl.textContent = "";
|
||||
warningEl.style.visibility = "hidden";
|
||||
}
|
||||
showView("receive");
|
||||
}
|
||||
|
||||
function init(ctx) {
|
||||
$("receive-address-block").addEventListener("click", () => {
|
||||
$("receive-address-block").addEventListener("click", (e) => {
|
||||
const addr = $("receive-address-block").dataset.full;
|
||||
if (addr) {
|
||||
navigator.clipboard.writeText(addr);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(e.currentTarget);
|
||||
}
|
||||
});
|
||||
|
||||
@@ -73,6 +76,7 @@ function init(ctx) {
|
||||
if (addr) {
|
||||
navigator.clipboard.writeText(addr);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback($("receive-address-block"));
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
const { $, showView, showFlash, escapeHtml } = require("./helpers");
|
||||
const { applyTheme } = require("../theme");
|
||||
const { state, saveState } = require("../../shared/state");
|
||||
const { ETHEREUM_MAINNET_CHAIN_ID } = require("../../shared/constants");
|
||||
const { log, debugFetch } = require("../../shared/log");
|
||||
@@ -214,6 +215,13 @@ function init(ctx) {
|
||||
await saveState();
|
||||
});
|
||||
|
||||
$("settings-theme").value = state.theme;
|
||||
$("settings-theme").addEventListener("change", async () => {
|
||||
state.theme = $("settings-theme").value;
|
||||
await saveState();
|
||||
applyTheme(state.theme);
|
||||
});
|
||||
|
||||
$("settings-hide-low-holders").checked = state.hideLowHolderTokens;
|
||||
$("settings-hide-low-holders").addEventListener("change", async () => {
|
||||
state.hideLowHolderTokens = $("settings-hide-low-holders").checked;
|
||||
@@ -241,6 +249,12 @@ function init(ctx) {
|
||||
}
|
||||
});
|
||||
|
||||
$("settings-utc-timestamps").checked = state.utcTimestamps;
|
||||
$("settings-utc-timestamps").addEventListener("change", async () => {
|
||||
state.utcTimestamps = $("settings-utc-timestamps").checked;
|
||||
await saveState();
|
||||
});
|
||||
|
||||
$("btn-main-add-wallet").addEventListener("click", ctx.showAddWalletView);
|
||||
|
||||
$("btn-settings-add-token").addEventListener(
|
||||
|
||||
@@ -73,7 +73,8 @@ function renderDropdown() {
|
||||
|
||||
function show() {
|
||||
$("settings-addtoken-address").value = "";
|
||||
$("settings-addtoken-info").classList.add("hidden");
|
||||
$("settings-addtoken-info").textContent = "";
|
||||
$("settings-addtoken-info").style.visibility = "hidden";
|
||||
renderTop10();
|
||||
renderDropdown();
|
||||
showView("settings-addtoken");
|
||||
@@ -129,7 +130,7 @@ function init(_ctx) {
|
||||
}
|
||||
const infoEl = $("settings-addtoken-info");
|
||||
infoEl.textContent = "Looking up token...";
|
||||
infoEl.classList.remove("hidden");
|
||||
infoEl.style.visibility = "visible";
|
||||
log.debugf("Looking up token contract", addr);
|
||||
try {
|
||||
const info = await lookupTokenInfo(addr, state.rpcUrl);
|
||||
@@ -143,7 +144,8 @@ function init(_ctx) {
|
||||
await saveState();
|
||||
showFlash("Added " + info.symbol);
|
||||
$("settings-addtoken-address").value = "";
|
||||
infoEl.classList.add("hidden");
|
||||
infoEl.textContent = "";
|
||||
infoEl.style.visibility = "hidden";
|
||||
renderTop10();
|
||||
renderDropdown();
|
||||
ctx.doRefreshAndRender();
|
||||
@@ -151,7 +153,8 @@ function init(_ctx) {
|
||||
const detail = e.shortMessage || e.message || String(e);
|
||||
log.errorf("Token lookup failed for", addr, detail);
|
||||
showFlash(detail);
|
||||
infoEl.classList.add("hidden");
|
||||
infoEl.textContent = "";
|
||||
infoEl.style.visibility = "hidden";
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ const {
|
||||
$,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
addressDotHtml,
|
||||
addressTitle,
|
||||
escapeHtml,
|
||||
@@ -12,6 +13,7 @@ const {
|
||||
timeAgo,
|
||||
} = require("./helpers");
|
||||
const { state } = require("../../shared/state");
|
||||
const { formatEther, formatUnits } = require("ethers");
|
||||
const makeBlockie = require("ethereum-blockies-base64");
|
||||
const { log, debugFetch } = require("../../shared/log");
|
||||
const { decodeCalldata } = require("./approval");
|
||||
@@ -25,6 +27,25 @@ const EXT_ICON =
|
||||
|
||||
let ctx;
|
||||
|
||||
/**
|
||||
* Determine a human-readable transaction type string from tx fields.
|
||||
*/
|
||||
function getTransactionType(tx) {
|
||||
if (!tx.to) return "Contract Creation";
|
||||
if (tx.direction === "contract") {
|
||||
if (tx.directionLabel === "Swap") return "Swap";
|
||||
if (
|
||||
tx.method === "approve" ||
|
||||
tx.directionLabel === "Approve" ||
|
||||
tx.method === "setApprovalForAll"
|
||||
)
|
||||
return "Token Approval";
|
||||
return "Contract Call";
|
||||
}
|
||||
if (tx.symbol && tx.symbol !== "ETH") return "ERC-20 Token Transfer";
|
||||
return "Native ETH Transfer";
|
||||
}
|
||||
|
||||
function copyableHtml(text, extraClass) {
|
||||
const cls =
|
||||
"underline decoration-dashed cursor-pointer" +
|
||||
@@ -98,6 +119,7 @@ function show(tx) {
|
||||
direction: tx.direction || null,
|
||||
isContractCall: tx.isContractCall || false,
|
||||
method: tx.method || null,
|
||||
contractAddress: tx.contractAddress || null,
|
||||
},
|
||||
};
|
||||
render();
|
||||
@@ -134,32 +156,58 @@ function render() {
|
||||
nativeEl.parentElement.classList.add("hidden");
|
||||
}
|
||||
|
||||
// Show type label for contract interactions (Swap, Execute, etc.)
|
||||
// Always show transaction type as the first field
|
||||
const typeSection = $("tx-detail-type-section");
|
||||
const typeEl = $("tx-detail-type");
|
||||
const headingEl = $("tx-detail-heading");
|
||||
if (tx.direction === "contract" && tx.directionLabel) {
|
||||
if (typeSection) {
|
||||
typeEl.textContent = tx.directionLabel;
|
||||
typeSection.classList.remove("hidden");
|
||||
}
|
||||
} else {
|
||||
if (typeSection) typeSection.classList.add("hidden");
|
||||
if (typeSection && typeEl) {
|
||||
typeEl.textContent = getTransactionType(tx);
|
||||
typeSection.classList.remove("hidden");
|
||||
}
|
||||
if (headingEl) headingEl.textContent = "Transaction";
|
||||
|
||||
// Hide calldata and raw data sections; re-fetch if this is a contract call
|
||||
// Token contract address (for ERC-20 transfers)
|
||||
const tokenContractSection = $("tx-detail-token-contract-section");
|
||||
const tokenContractEl = $("tx-detail-token-contract");
|
||||
if (tokenContractSection && tokenContractEl) {
|
||||
if (tx.contractAddress) {
|
||||
const dot = addressDotHtml(tx.contractAddress);
|
||||
const link = `https://etherscan.io/token/${tx.contractAddress}`;
|
||||
tokenContractEl.innerHTML =
|
||||
`<div class="flex items-center">${dot}` +
|
||||
copyableHtml(tx.contractAddress, "break-all") +
|
||||
etherscanLinkHtml(link) +
|
||||
`</div>`;
|
||||
tokenContractSection.classList.remove("hidden");
|
||||
} else {
|
||||
tokenContractSection.classList.add("hidden");
|
||||
}
|
||||
}
|
||||
|
||||
// Hide calldata and raw data sections; always fetch full tx details
|
||||
const calldataSection = $("tx-detail-calldata-section");
|
||||
if (calldataSection) calldataSection.classList.add("hidden");
|
||||
const rawDataSection = $("tx-detail-rawdata-section");
|
||||
if (rawDataSection) rawDataSection.classList.add("hidden");
|
||||
|
||||
if (tx.isContractCall || tx.direction === "contract") {
|
||||
loadCalldata(tx.hash, tx.to);
|
||||
// Hide on-chain detail sections until populated
|
||||
for (const id of [
|
||||
"tx-detail-block-section",
|
||||
"tx-detail-nonce-section",
|
||||
"tx-detail-fee-section",
|
||||
"tx-detail-gasprice-section",
|
||||
"tx-detail-gasused-section",
|
||||
"tx-detail-network-section",
|
||||
]) {
|
||||
const el = $(id);
|
||||
if (el) el.classList.add("hidden");
|
||||
}
|
||||
|
||||
$("tx-detail-time").textContent =
|
||||
isoDate(tx.timestamp) + " (" + timeAgo(tx.timestamp) + ")";
|
||||
loadFullTxDetails(tx.hash, tx.to, tx.isContractCall);
|
||||
|
||||
const isoStr = isoDate(tx.timestamp);
|
||||
$("tx-detail-time").innerHTML =
|
||||
copyableHtml(isoStr) + " (" + escapeHtml(timeAgo(tx.timestamp)) + ")";
|
||||
$("tx-detail-status").textContent = tx.isError ? "Failed" : "Success";
|
||||
showView("transaction");
|
||||
|
||||
@@ -170,11 +218,110 @@ function render() {
|
||||
el.onclick = () => {
|
||||
navigator.clipboard.writeText(el.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(el);
|
||||
};
|
||||
});
|
||||
}
|
||||
|
||||
async function loadCalldata(txHash, toAddress) {
|
||||
function showDetailField(sectionId, contentId, value) {
|
||||
const section = $(sectionId);
|
||||
const el = $(contentId);
|
||||
if (!section || !el) return;
|
||||
el.innerHTML = copyableHtml(value, "");
|
||||
section.classList.remove("hidden");
|
||||
}
|
||||
|
||||
function populateOnChainDetails(txData) {
|
||||
// Block number
|
||||
if (txData.block_number != null) {
|
||||
const blockLink = `https://etherscan.io/block/${txData.block_number}`;
|
||||
const blockSection = $("tx-detail-block-section");
|
||||
const blockEl = $("tx-detail-block");
|
||||
if (blockSection && blockEl) {
|
||||
blockEl.innerHTML =
|
||||
copyableHtml(String(txData.block_number), "") +
|
||||
etherscanLinkHtml(blockLink);
|
||||
blockSection.classList.remove("hidden");
|
||||
}
|
||||
}
|
||||
|
||||
// Nonce
|
||||
if (txData.nonce != null) {
|
||||
showDetailField(
|
||||
"tx-detail-nonce-section",
|
||||
"tx-detail-nonce",
|
||||
String(txData.nonce),
|
||||
);
|
||||
}
|
||||
|
||||
// Transaction fee
|
||||
const feeWei = txData.fee?.value || txData.tx_fee;
|
||||
if (feeWei) {
|
||||
const feeEth = formatEther(String(feeWei));
|
||||
showDetailField(
|
||||
"tx-detail-fee-section",
|
||||
"tx-detail-fee",
|
||||
feeEth + " ETH",
|
||||
);
|
||||
}
|
||||
|
||||
// Gas price
|
||||
const gasPrice = txData.gas_price;
|
||||
if (gasPrice) {
|
||||
const gwei = formatUnits(String(gasPrice), "gwei");
|
||||
showDetailField(
|
||||
"tx-detail-gasprice-section",
|
||||
"tx-detail-gasprice",
|
||||
gwei + " Gwei",
|
||||
);
|
||||
}
|
||||
|
||||
// Gas used
|
||||
const gasUsed = txData.gas_used;
|
||||
if (gasUsed) {
|
||||
showDetailField(
|
||||
"tx-detail-gasused-section",
|
||||
"tx-detail-gasused",
|
||||
String(gasUsed),
|
||||
);
|
||||
}
|
||||
|
||||
// Show the network details wrapper if any child section is visible
|
||||
const networkWrapper = $("tx-detail-network-section");
|
||||
if (networkWrapper) {
|
||||
const hasVisible = [
|
||||
"tx-detail-nonce-section",
|
||||
"tx-detail-fee-section",
|
||||
"tx-detail-gasprice-section",
|
||||
"tx-detail-gasused-section",
|
||||
].some((id) => {
|
||||
const el = $(id);
|
||||
return el && !el.classList.contains("hidden");
|
||||
});
|
||||
if (hasVisible) networkWrapper.classList.remove("hidden");
|
||||
}
|
||||
|
||||
// Bind copy handlers for newly added elements
|
||||
for (const id of [
|
||||
"tx-detail-block-section",
|
||||
"tx-detail-nonce-section",
|
||||
"tx-detail-fee-section",
|
||||
"tx-detail-gasprice-section",
|
||||
"tx-detail-gasused-section",
|
||||
]) {
|
||||
const section = $(id);
|
||||
if (!section) continue;
|
||||
section.querySelectorAll("[data-copy]").forEach((el) => {
|
||||
el.onclick = () => {
|
||||
navigator.clipboard.writeText(el.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(el);
|
||||
};
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
async function loadFullTxDetails(txHash, toAddress, isContractCall) {
|
||||
const section = $("tx-detail-calldata-section");
|
||||
const actionEl = $("tx-detail-calldata-action");
|
||||
const detailsEl = $("tx-detail-calldata-details");
|
||||
@@ -189,6 +336,10 @@ async function loadCalldata(txHash, toAddress) {
|
||||
);
|
||||
if (!resp.ok) return;
|
||||
const txData = await resp.json();
|
||||
|
||||
// Populate on-chain detail fields (block, nonce, gas, fee)
|
||||
populateOnChainDetails(txData);
|
||||
|
||||
const inputData = txData.raw_input || txData.input || null;
|
||||
if (!inputData || inputData === "0x") return;
|
||||
|
||||
@@ -247,6 +398,7 @@ async function loadCalldata(txHash, toAddress) {
|
||||
el.onclick = () => {
|
||||
navigator.clipboard.writeText(el.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(el);
|
||||
};
|
||||
});
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ const {
|
||||
$,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
addressDotHtml,
|
||||
addressTitle,
|
||||
escapeHtml,
|
||||
@@ -59,6 +60,16 @@ function txHashHtml(hash) {
|
||||
);
|
||||
}
|
||||
|
||||
function blockNumberHtml(blockNumber) {
|
||||
const num = String(blockNumber);
|
||||
const link = `https://etherscan.io/block/${num}`;
|
||||
const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
|
||||
return (
|
||||
`<span class="underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(num)}">${escapeHtml(num)}</span>` +
|
||||
extLink
|
||||
);
|
||||
}
|
||||
|
||||
function attachCopyHandlers(viewId) {
|
||||
document
|
||||
.getElementById(viewId)
|
||||
@@ -67,6 +78,7 @@ function attachCopyHandlers(viewId) {
|
||||
el.onclick = () => {
|
||||
navigator.clipboard.writeText(el.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(el);
|
||||
};
|
||||
});
|
||||
}
|
||||
@@ -189,7 +201,7 @@ function renderSuccess() {
|
||||
$("success-tx-to").innerHTML = toAddressHtml(d.to);
|
||||
}
|
||||
|
||||
$("success-tx-block").textContent = String(d.blockNumber);
|
||||
$("success-tx-block").innerHTML = blockNumberHtml(d.blockNumber);
|
||||
$("success-tx-hash").innerHTML = txHashHtml(d.hash);
|
||||
|
||||
// Show decoded calldata details if present
|
||||
|
||||
114
src/shared/addressWarnings.js
Normal file
114
src/shared/addressWarnings.js
Normal file
@@ -0,0 +1,114 @@
|
||||
// Address warning module.
|
||||
// Provides local and async (RPC-based) warning checks for Ethereum addresses.
|
||||
// Returns arrays of {type, message, severity} objects.
|
||||
|
||||
const { isScamAddress } = require("./scamlist");
|
||||
const { isBurnAddress } = require("./constants");
|
||||
const { checkEtherscanLabel } = require("./etherscanLabels");
|
||||
const { log } = require("./log");
|
||||
|
||||
/**
|
||||
* Check an address against local-only lists (scam, burn, self-send).
|
||||
* Synchronous — no network calls.
|
||||
*
|
||||
* @param {string} address - The target address to check.
|
||||
* @param {object} [options] - Optional context.
|
||||
* @param {string} [options.fromAddress] - Sender address (for self-send check).
|
||||
* @returns {Array<{type: string, message: string, severity: string}>}
|
||||
*/
|
||||
function getLocalWarnings(address, options = {}) {
|
||||
const warnings = [];
|
||||
const addr = address.toLowerCase();
|
||||
|
||||
if (isScamAddress(addr)) {
|
||||
warnings.push({
|
||||
type: "scam",
|
||||
message:
|
||||
"This address is on a known scam/fraud list. Do not send funds to this address.",
|
||||
severity: "critical",
|
||||
});
|
||||
}
|
||||
|
||||
if (isBurnAddress(addr)) {
|
||||
warnings.push({
|
||||
type: "burn",
|
||||
message:
|
||||
"This is a known null/burn address. Funds sent here are permanently destroyed and cannot be recovered.",
|
||||
severity: "critical",
|
||||
});
|
||||
}
|
||||
|
||||
if (options.fromAddress && addr === options.fromAddress.toLowerCase()) {
|
||||
warnings.push({
|
||||
type: "self-send",
|
||||
message: "You are sending to your own address.",
|
||||
severity: "warning",
|
||||
});
|
||||
}
|
||||
|
||||
return warnings;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check an address against local lists AND via RPC queries.
|
||||
* Async — performs network calls to check contract status and tx history.
|
||||
*
|
||||
* @param {string} address - The target address to check.
|
||||
* @param {object} provider - An ethers.js provider instance.
|
||||
* @param {object} [options] - Optional context.
|
||||
* @param {string} [options.fromAddress] - Sender address (for self-send check).
|
||||
* @returns {Promise<Array<{type: string, message: string, severity: string}>>}
|
||||
*/
|
||||
async function getFullWarnings(address, provider, options = {}) {
|
||||
const warnings = getLocalWarnings(address, options);
|
||||
|
||||
let isContract = false;
|
||||
try {
|
||||
const code = await provider.getCode(address);
|
||||
if (code && code !== "0x") {
|
||||
isContract = true;
|
||||
warnings.push({
|
||||
type: "contract",
|
||||
message:
|
||||
"This address is a smart contract, not a regular wallet.",
|
||||
severity: "warning",
|
||||
});
|
||||
}
|
||||
} catch (e) {
|
||||
log.errorf("contract check failed:", e.message);
|
||||
}
|
||||
|
||||
// Skip tx count check for contracts — they may legitimately have
|
||||
// zero inbound EOA transactions.
|
||||
if (!isContract) {
|
||||
try {
|
||||
const txCount = await provider.getTransactionCount(address);
|
||||
if (txCount === 0) {
|
||||
warnings.push({
|
||||
type: "new-address",
|
||||
message:
|
||||
"This address has never sent a transaction. Double-check it is correct.",
|
||||
severity: "info",
|
||||
});
|
||||
}
|
||||
} catch (e) {
|
||||
log.errorf("tx count check failed:", e.message);
|
||||
}
|
||||
}
|
||||
|
||||
// Etherscan label check (best-effort async — network failures are silent).
|
||||
// Runs for ALL addresses including contracts, since many dangerous
|
||||
// flagged addresses on Etherscan (drainers, phishing contracts) are contracts.
|
||||
try {
|
||||
const etherscanWarning = await checkEtherscanLabel(address);
|
||||
if (etherscanWarning) {
|
||||
warnings.push(etherscanWarning);
|
||||
}
|
||||
} catch (e) {
|
||||
log.errorf("etherscan label check failed:", e.message);
|
||||
}
|
||||
|
||||
return warnings;
|
||||
}
|
||||
|
||||
module.exports = { getLocalWarnings, getFullWarnings };
|
||||
@@ -20,6 +20,19 @@ const ERC20_ABI = [
|
||||
"function approve(address spender, uint256 amount) returns (bool)",
|
||||
];
|
||||
|
||||
// Known null/burn addresses that permanently destroy funds.
|
||||
const BURN_ADDRESSES = new Set([
|
||||
"0x0000000000000000000000000000000000000000",
|
||||
"0x0000000000000000000000000000000000000001",
|
||||
"0x000000000000000000000000000000000000dead",
|
||||
"0xdead000000000000000000000000000000000000",
|
||||
"0x00000000000000000000000000000000deadbeef",
|
||||
]);
|
||||
|
||||
function isBurnAddress(address) {
|
||||
return BURN_ADDRESSES.has(address.toLowerCase());
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
DEBUG,
|
||||
DEBUG_MNEMONIC,
|
||||
@@ -28,4 +41,6 @@ module.exports = {
|
||||
DEFAULT_BLOCKSCOUT_URL,
|
||||
BIP44_ETH_PATH,
|
||||
ERC20_ABI,
|
||||
BURN_ADDRESSES,
|
||||
isBurnAddress,
|
||||
};
|
||||
|
||||
102
src/shared/etherscanLabels.js
Normal file
102
src/shared/etherscanLabels.js
Normal file
@@ -0,0 +1,102 @@
|
||||
// Etherscan address label lookup via page scraping.
|
||||
// Extension users make the requests directly to Etherscan — no proxy needed.
|
||||
// This is a best-effort enrichment: network failures return null silently.
|
||||
|
||||
const ETHERSCAN_BASE = "https://etherscan.io/address/";
|
||||
|
||||
// Patterns in the page title that indicate a flagged address.
|
||||
// Title format: "Fake_Phishing184810 | Address: 0x... | Etherscan"
|
||||
const PHISHING_LABEL_PATTERNS = [/^Fake_Phishing/i, /^Phish:/i, /^Exploiter/i];
|
||||
|
||||
// Patterns in the page body that indicate a scam/phishing warning.
|
||||
const SCAM_BODY_PATTERNS = [
|
||||
/used in a\s+(?:\w+\s+)?phishing scam/i,
|
||||
/used in a\s+(?:\w+\s+)?scam/i,
|
||||
/wallet\s+drainer/i,
|
||||
];
|
||||
|
||||
/**
|
||||
* Parse the Etherscan address page HTML to extract label info.
|
||||
* Exported for unit testing (no fetch needed).
|
||||
*
|
||||
* @param {string} html - Raw HTML of the Etherscan address page.
|
||||
* @returns {{ label: string|null, isPhishing: boolean, warning: string|null }}
|
||||
*/
|
||||
function parseEtherscanPage(html) {
|
||||
// Extract <title> content
|
||||
const titleMatch = html.match(/<title[^>]*>([^<]+)<\/title>/i);
|
||||
let label = null;
|
||||
let isPhishing = false;
|
||||
let warning = null;
|
||||
|
||||
if (titleMatch) {
|
||||
const title = titleMatch[1].trim();
|
||||
// Title: "LABEL | Address: 0x... | Etherscan" or "Address: 0x... | Etherscan"
|
||||
const labelMatch = title.match(/^(.+?)\s*\|\s*Address:/);
|
||||
if (labelMatch) {
|
||||
const candidate = labelMatch[1].trim();
|
||||
// Only treat as a label if it's not just "Address" (unlabeled addresses)
|
||||
if (candidate.toLowerCase() !== "address") {
|
||||
label = candidate;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Check label against phishing patterns
|
||||
if (label) {
|
||||
for (const pat of PHISHING_LABEL_PATTERNS) {
|
||||
if (pat.test(label)) {
|
||||
isPhishing = true;
|
||||
warning = `Etherscan labels this address as "${label}" (Phish/Hack).`;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Check page body for scam warning banners
|
||||
if (!isPhishing) {
|
||||
for (const pat of SCAM_BODY_PATTERNS) {
|
||||
if (pat.test(html)) {
|
||||
isPhishing = true;
|
||||
warning = label
|
||||
? `Etherscan labels this address as "${label}" and reports it was used in a scam.`
|
||||
: "Etherscan reports this address was flagged for phishing/scam activity.";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return { label, isPhishing, warning };
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch an address page from Etherscan and check for scam/phishing labels.
|
||||
* Returns a warning object if the address is flagged, or null.
|
||||
* Network failures return null silently (best-effort check).
|
||||
*
|
||||
* @param {string} address - Ethereum address to check.
|
||||
* @returns {Promise<{type: string, message: string, severity: string}|null>}
|
||||
*/
|
||||
async function checkEtherscanLabel(address) {
|
||||
try {
|
||||
const resp = await fetch(ETHERSCAN_BASE + address, {
|
||||
headers: { Accept: "text/html" },
|
||||
});
|
||||
if (!resp.ok) return null;
|
||||
const html = await resp.text();
|
||||
const result = parseEtherscanPage(html);
|
||||
if (result.isPhishing) {
|
||||
return {
|
||||
type: "etherscan-phishing",
|
||||
message: result.warning,
|
||||
severity: "critical",
|
||||
};
|
||||
}
|
||||
return null;
|
||||
} catch {
|
||||
// Network errors are expected — Etherscan may rate-limit or block.
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = { parseEtherscanPage, checkEtherscanLabel };
|
||||
231418
src/shared/phishingBlocklist.json
Normal file
231418
src/shared/phishingBlocklist.json
Normal file
File diff suppressed because it is too large
Load Diff
215
src/shared/phishingDomains.js
Normal file
215
src/shared/phishingDomains.js
Normal file
@@ -0,0 +1,215 @@
|
||||
// Domain-based phishing detection using a vendored blocklist with delta updates.
|
||||
//
|
||||
// A community-maintained phishing domain blocklist is vendored in
|
||||
// phishingBlocklist.json and bundled at build time. At runtime, we fetch
|
||||
// the live list periodically and keep only the delta (new entries not in
|
||||
// the vendored list) in memory. This keeps runtime memory usage small.
|
||||
//
|
||||
// The domain-checker checks the in-memory delta first (fresh/recent scam
|
||||
// sites), then falls back to the vendored list.
|
||||
//
|
||||
// If the delta is under 256 KiB it is persisted to localStorage so it
|
||||
// survives extension/service-worker restarts.
|
||||
|
||||
const vendoredConfig = require("./phishingBlocklist.json");
|
||||
|
||||
const BLOCKLIST_URL =
|
||||
"https://raw.githubusercontent.com/MetaMask/eth-phishing-detect/main/src/config.json";
|
||||
|
||||
const CACHE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
|
||||
const REFRESH_INTERVAL_MS = 24 * 60 * 60 * 1000; // 24 hours
|
||||
const DELTA_STORAGE_KEY = "phishing-delta";
|
||||
const MAX_DELTA_BYTES = 256 * 1024; // 256 KiB
|
||||
|
||||
// Vendored set — built once from the bundled JSON.
|
||||
const vendoredBlacklist = new Set(
|
||||
(vendoredConfig.blacklist || []).map((d) => d.toLowerCase()),
|
||||
);
|
||||
|
||||
// Delta set — only entries from live list that are NOT in vendored.
|
||||
let deltaBlacklist = new Set();
|
||||
let lastFetchTime = 0;
|
||||
let fetchPromise = null;
|
||||
let refreshTimer = null;
|
||||
|
||||
/**
|
||||
* Load delta entries from localStorage on startup.
|
||||
* Called once during module initialization in the background script.
|
||||
*/
|
||||
function loadDeltaFromStorage() {
|
||||
try {
|
||||
const raw = localStorage.getItem(DELTA_STORAGE_KEY);
|
||||
if (!raw) return;
|
||||
const data = JSON.parse(raw);
|
||||
if (data.blacklist && Array.isArray(data.blacklist)) {
|
||||
deltaBlacklist = new Set(
|
||||
data.blacklist.map((d) => d.toLowerCase()),
|
||||
);
|
||||
}
|
||||
} catch {
|
||||
// localStorage unavailable or corrupt — start empty
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Persist delta to localStorage if it fits within MAX_DELTA_BYTES.
|
||||
*/
|
||||
function saveDeltaToStorage() {
|
||||
try {
|
||||
const data = {
|
||||
blacklist: Array.from(deltaBlacklist),
|
||||
};
|
||||
const json = JSON.stringify(data);
|
||||
if (json.length < MAX_DELTA_BYTES) {
|
||||
localStorage.setItem(DELTA_STORAGE_KEY, json);
|
||||
} else {
|
||||
// Too large — remove stale key if present
|
||||
localStorage.removeItem(DELTA_STORAGE_KEY);
|
||||
}
|
||||
} catch {
|
||||
// localStorage unavailable — skip silently
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Load a pre-parsed config and compute the delta against the vendored list.
|
||||
* Used for both live fetches and testing.
|
||||
*
|
||||
* @param {{ blacklist?: string[] }} config
|
||||
*/
|
||||
function loadConfig(config) {
|
||||
const liveBlacklist = (config.blacklist || []).map((d) => d.toLowerCase());
|
||||
|
||||
// Delta = entries in the live list that are NOT in the vendored list
|
||||
deltaBlacklist = new Set(
|
||||
liveBlacklist.filter((d) => !vendoredBlacklist.has(d)),
|
||||
);
|
||||
|
||||
lastFetchTime = Date.now();
|
||||
saveDeltaToStorage();
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate hostname variants for subdomain matching.
|
||||
* "sub.evil.com" yields ["sub.evil.com", "evil.com"].
|
||||
*
|
||||
* @param {string} hostname
|
||||
* @returns {string[]}
|
||||
*/
|
||||
function hostnameVariants(hostname) {
|
||||
const h = hostname.toLowerCase();
|
||||
const variants = [h];
|
||||
const parts = h.split(".");
|
||||
// Parent domains: a.b.c.d -> b.c.d, c.d
|
||||
for (let i = 1; i < parts.length - 1; i++) {
|
||||
variants.push(parts.slice(i).join("."));
|
||||
}
|
||||
return variants;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a hostname is on the phishing blocklist.
|
||||
* Checks delta first (fresh/recent scam sites), then vendored list.
|
||||
*
|
||||
* @param {string} hostname - The hostname to check.
|
||||
* @returns {boolean}
|
||||
*/
|
||||
function isPhishingDomain(hostname) {
|
||||
if (!hostname) return false;
|
||||
const variants = hostnameVariants(hostname);
|
||||
|
||||
// Check delta blacklist first (fresh/recent scam sites), then vendored
|
||||
for (const v of variants) {
|
||||
if (deltaBlacklist.has(v) || vendoredBlacklist.has(v)) return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch the latest blocklist and compute delta against vendored data.
|
||||
* De-duplicates concurrent fetches. Results are cached for CACHE_TTL_MS.
|
||||
*
|
||||
* @returns {Promise<void>}
|
||||
*/
|
||||
async function updatePhishingList() {
|
||||
// Skip if recently fetched
|
||||
if (Date.now() - lastFetchTime < CACHE_TTL_MS && lastFetchTime > 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
// De-duplicate concurrent calls
|
||||
if (fetchPromise) return fetchPromise;
|
||||
|
||||
fetchPromise = (async () => {
|
||||
try {
|
||||
const resp = await fetch(BLOCKLIST_URL);
|
||||
if (!resp.ok) throw new Error("HTTP " + resp.status);
|
||||
const config = await resp.json();
|
||||
loadConfig(config);
|
||||
} catch {
|
||||
// Silently fail — vendored list still provides coverage.
|
||||
// We'll retry next time.
|
||||
} finally {
|
||||
fetchPromise = null;
|
||||
}
|
||||
})();
|
||||
|
||||
return fetchPromise;
|
||||
}
|
||||
|
||||
/**
|
||||
* Start periodic refresh of the phishing list.
|
||||
* Should be called once from the background script on startup.
|
||||
*/
|
||||
function startPeriodicRefresh() {
|
||||
if (refreshTimer) return;
|
||||
refreshTimer = setInterval(updatePhishingList, REFRESH_INTERVAL_MS);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the total blocklist size (vendored + delta) for diagnostics.
|
||||
*
|
||||
* @returns {number}
|
||||
*/
|
||||
function getBlocklistSize() {
|
||||
return vendoredBlacklist.size + deltaBlacklist.size;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the delta blocklist size for diagnostics.
|
||||
*
|
||||
* @returns {number}
|
||||
*/
|
||||
function getDeltaSize() {
|
||||
return deltaBlacklist.size;
|
||||
}
|
||||
|
||||
/**
|
||||
* Reset internal state (for testing).
|
||||
*/
|
||||
function _reset() {
|
||||
deltaBlacklist = new Set();
|
||||
lastFetchTime = 0;
|
||||
fetchPromise = null;
|
||||
if (refreshTimer) {
|
||||
clearInterval(refreshTimer);
|
||||
refreshTimer = null;
|
||||
}
|
||||
}
|
||||
|
||||
// Load persisted delta on module initialization
|
||||
loadDeltaFromStorage();
|
||||
|
||||
module.exports = {
|
||||
isPhishingDomain,
|
||||
updatePhishingList,
|
||||
startPeriodicRefresh,
|
||||
loadConfig,
|
||||
getBlocklistSize,
|
||||
getDeltaSize,
|
||||
hostnameVariants,
|
||||
_reset,
|
||||
// Exposed for testing only
|
||||
_getVendoredBlacklistSize: () => vendoredBlacklist.size,
|
||||
_getDeltaBlacklist: () => deltaBlacklist,
|
||||
};
|
||||
File diff suppressed because it is too large
Load Diff
@@ -23,8 +23,10 @@ const DEFAULT_STATE = {
|
||||
hideFraudContracts: true,
|
||||
hideDustTransactions: true,
|
||||
dustThresholdGwei: 100000,
|
||||
utcTimestamps: false,
|
||||
fraudContracts: [],
|
||||
tokenHolderCache: {},
|
||||
theme: "system",
|
||||
};
|
||||
|
||||
const state = {
|
||||
@@ -53,8 +55,10 @@ async function saveState() {
|
||||
hideFraudContracts: state.hideFraudContracts,
|
||||
hideDustTransactions: state.hideDustTransactions,
|
||||
dustThresholdGwei: state.dustThresholdGwei,
|
||||
utcTimestamps: state.utcTimestamps,
|
||||
fraudContracts: state.fraudContracts,
|
||||
tokenHolderCache: state.tokenHolderCache,
|
||||
theme: state.theme,
|
||||
currentView: state.currentView,
|
||||
selectedWallet: state.selectedWallet,
|
||||
selectedAddress: state.selectedAddress,
|
||||
@@ -108,8 +112,11 @@ async function loadState() {
|
||||
saved.dustThresholdGwei !== undefined
|
||||
? saved.dustThresholdGwei
|
||||
: 100000;
|
||||
state.utcTimestamps =
|
||||
saved.utcTimestamps !== undefined ? saved.utcTimestamps : false;
|
||||
state.fraudContracts = saved.fraudContracts || [];
|
||||
state.tokenHolderCache = saved.tokenHolderCache || {};
|
||||
state.theme = saved.theme || "system";
|
||||
state.currentView = saved.currentView || null;
|
||||
state.selectedWallet =
|
||||
saved.selectedWallet !== undefined ? saved.selectedWallet : null;
|
||||
|
||||
@@ -153,24 +153,38 @@ async function fetchRecentTransactions(address, blockscoutUrl, count = 25) {
|
||||
|
||||
// When a token transfer shares a hash with a normal tx, the normal tx
|
||||
// is the contract call (0 ETH) and the token transfer has the real
|
||||
// amount and symbol. A single transaction (e.g. a swap) can produce
|
||||
// multiple token transfers (one per token involved), so we key token
|
||||
// transfers by hash + contract address to keep all of them. We also
|
||||
// preserve contract-call metadata (direction, label, method) from the
|
||||
// matching normal tx so swaps display correctly.
|
||||
// amount and symbol. For contract calls (swaps), a single transaction
|
||||
// can produce multiple token transfers (input, intermediates, output).
|
||||
// We consolidate these into the original tx entry using the token
|
||||
// transfer where the user *receives* tokens (the swap output), so
|
||||
// the transaction list shows the final result rather than confusing
|
||||
// intermediate hops. We preserve the original tx's from/to so the
|
||||
// user sees their own address, not a router or Permit2 contract.
|
||||
for (const tt of ttJson.items || []) {
|
||||
const parsed = parseTokenTransfer(tt, addrLower);
|
||||
const existing = txsByHash.get(parsed.hash);
|
||||
if (existing && existing.direction === "contract") {
|
||||
parsed.direction = "contract";
|
||||
parsed.directionLabel = existing.directionLabel;
|
||||
parsed.isContractCall = true;
|
||||
parsed.method = existing.method;
|
||||
// Remove the bare-hash normal tx so it doesn't appear as a
|
||||
// duplicate with empty value; token transfers replace it.
|
||||
txsByHash.delete(parsed.hash);
|
||||
// For contract calls (swaps), consolidate into the original
|
||||
// tx entry. Prefer the "received" transfer (swap output)
|
||||
// for the display amount. If no received transfer exists,
|
||||
// fall back to the first "sent" transfer (swap input).
|
||||
const isReceived = parsed.direction === "received";
|
||||
const needsAmount = !existing.exactValue;
|
||||
if (isReceived || needsAmount) {
|
||||
existing.value = parsed.value;
|
||||
existing.exactValue = parsed.exactValue;
|
||||
existing.rawAmount = parsed.rawAmount;
|
||||
existing.rawUnit = parsed.rawUnit;
|
||||
existing.symbol = parsed.symbol;
|
||||
existing.contractAddress = parsed.contractAddress;
|
||||
existing.holders = parsed.holders;
|
||||
}
|
||||
// Keep the original tx's from/to (the user's address and the
|
||||
// contract they called), not the token transfer's from/to
|
||||
// which may be a router or Permit2 contract.
|
||||
continue;
|
||||
}
|
||||
// Use composite key so multiple token transfers per tx are kept.
|
||||
// Non-contract token transfers get their own entries.
|
||||
const ttKey = parsed.hash + ":" + (parsed.contractAddress || "");
|
||||
txsByHash.set(ttKey, parsed);
|
||||
}
|
||||
@@ -251,36 +265,4 @@ function filterTransactions(txs, filters = {}) {
|
||||
return { transactions: filtered, newFraudContracts: newFraud };
|
||||
}
|
||||
|
||||
async function hasTransactionHistory(address, blockscoutUrl) {
|
||||
try {
|
||||
const resp = await debugFetch(blockscoutUrl + "/addresses/" + address);
|
||||
if (!resp.ok) {
|
||||
// If Blockscout returns 404, the address has never been seen on-chain.
|
||||
if (resp.status === 404) return false;
|
||||
log.errorf(
|
||||
"blockscout address check:",
|
||||
resp.status,
|
||||
resp.statusText,
|
||||
);
|
||||
return null; // unknown
|
||||
}
|
||||
const data = await resp.json();
|
||||
// Blockscout v2 address endpoint returns tx counts.
|
||||
// An address with no history may still exist (e.g. received ETH once
|
||||
// but shows 0 outgoing). We check both transactions_count and
|
||||
// token_transfers_count to be thorough.
|
||||
const txCount =
|
||||
(parseInt(data.transactions_count, 10) || 0) +
|
||||
(parseInt(data.token_transfers_count, 10) || 0);
|
||||
return txCount > 0;
|
||||
} catch (e) {
|
||||
log.errorf("hasTransactionHistory error:", e.message);
|
||||
return null; // unknown, don't block the user
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
fetchRecentTransactions,
|
||||
filterTransactions,
|
||||
hasTransactionHistory,
|
||||
};
|
||||
module.exports = { fetchRecentTransactions, filterTransactions };
|
||||
|
||||
@@ -359,9 +359,12 @@ function decode(data, toAddress) {
|
||||
const s = decodeV3SwapExactIn(inputs[i]);
|
||||
if (s) {
|
||||
if (!inputToken) inputToken = s.tokenIn;
|
||||
if (!outputToken) outputToken = s.tokenOut;
|
||||
if (!inputAmount) inputAmount = s.amountIn;
|
||||
if (!minOutput) minOutput = s.amountOutMin;
|
||||
// Always update output: in multi-step swaps (V3 → V4),
|
||||
// the last swap step determines the final output token
|
||||
// and minimum received amount.
|
||||
outputToken = s.tokenOut;
|
||||
minOutput = s.amountOutMin;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -369,9 +372,9 @@ function decode(data, toAddress) {
|
||||
const s = decodeV2SwapExactIn(inputs[i]);
|
||||
if (s) {
|
||||
if (!inputToken) inputToken = s.tokenIn;
|
||||
if (!outputToken) outputToken = s.tokenOut;
|
||||
if (!inputAmount) inputAmount = s.amountIn;
|
||||
if (!minOutput) minOutput = s.amountOutMin;
|
||||
outputToken = s.tokenOut;
|
||||
minOutput = s.amountOutMin;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -388,12 +391,11 @@ function decode(data, toAddress) {
|
||||
const v4 = decodeV4Swap(inputs[i]);
|
||||
if (v4) {
|
||||
if (!inputToken && v4.tokenIn) inputToken = v4.tokenIn;
|
||||
if (!outputToken && v4.tokenOut)
|
||||
outputToken = v4.tokenOut;
|
||||
if (!inputAmount && v4.amountIn)
|
||||
inputAmount = v4.amountIn;
|
||||
if (!minOutput && v4.amountOutMin)
|
||||
minOutput = v4.amountOutMin;
|
||||
// Always update output: last swap step wins
|
||||
if (v4.tokenOut) outputToken = v4.tokenOut;
|
||||
if (v4.amountOutMin) minOutput = v4.amountOutMin;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -24,6 +24,26 @@ function hdWalletFromMnemonic(mnemonic) {
|
||||
return { xpub, firstAddress };
|
||||
}
|
||||
|
||||
function hdWalletFromXprv(xprv) {
|
||||
const root = HDNodeWallet.fromExtendedKey(xprv);
|
||||
if (!root.privateKey) {
|
||||
throw new Error("Not an extended private key (xprv).");
|
||||
}
|
||||
const node = root.derivePath("44'/60'/0'/0");
|
||||
const xpub = node.neuter().extendedKey;
|
||||
const firstAddress = node.deriveChild(0).address;
|
||||
return { xpub, firstAddress };
|
||||
}
|
||||
|
||||
function isValidXprv(key) {
|
||||
try {
|
||||
const node = HDNodeWallet.fromExtendedKey(key);
|
||||
return !!node.privateKey;
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function addressFromPrivateKey(key) {
|
||||
const w = new Wallet(key);
|
||||
return w.address;
|
||||
@@ -38,6 +58,11 @@ function getSignerForAddress(walletData, addrIndex, decryptedSecret) {
|
||||
);
|
||||
return node.deriveChild(addrIndex);
|
||||
}
|
||||
if (walletData.type === "xprv") {
|
||||
const root = HDNodeWallet.fromExtendedKey(decryptedSecret);
|
||||
const node = root.derivePath("44'/60'/0'/0");
|
||||
return node.deriveChild(addrIndex);
|
||||
}
|
||||
return new Wallet(decryptedSecret);
|
||||
}
|
||||
|
||||
@@ -49,6 +74,8 @@ module.exports = {
|
||||
generateMnemonic,
|
||||
deriveAddressFromXpub,
|
||||
hdWalletFromMnemonic,
|
||||
hdWalletFromXprv,
|
||||
isValidXprv,
|
||||
addressFromPrivateKey,
|
||||
getSignerForAddress,
|
||||
isValidMnemonic,
|
||||
|
||||
100
tests/etherscanLabels.test.js
Normal file
100
tests/etherscanLabels.test.js
Normal file
@@ -0,0 +1,100 @@
|
||||
const { parseEtherscanPage } = require("../src/shared/etherscanLabels");
|
||||
|
||||
describe("etherscanLabels", () => {
|
||||
describe("parseEtherscanPage", () => {
|
||||
test("detects Fake_Phishing label in title", () => {
|
||||
const html = `<html><head><title>Fake_Phishing184810 | Address: 0x00000c07...3ea470000 | Etherscan</title></head><body></body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("Fake_Phishing184810");
|
||||
expect(result.isPhishing).toBe(true);
|
||||
expect(result.warning).toContain("Fake_Phishing184810");
|
||||
expect(result.warning).toContain("Phish/Hack");
|
||||
});
|
||||
|
||||
test("detects Fake_Phishing with different number", () => {
|
||||
const html = `<html><head><title>Fake_Phishing5169 | Address: 0x3e0defb8...99a7a8a74 | Etherscan</title></head><body></body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("Fake_Phishing5169");
|
||||
expect(result.isPhishing).toBe(true);
|
||||
});
|
||||
|
||||
test("detects Exploiter label", () => {
|
||||
const html = `<html><head><title>Exploiter 42 | Address: 0xabcdef...1234 | Etherscan</title></head><body></body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("Exploiter 42");
|
||||
expect(result.isPhishing).toBe(true);
|
||||
});
|
||||
|
||||
test("detects scam warning in body text", () => {
|
||||
const html =
|
||||
`<html><head><title>Address: 0xabcdef...1234 | Etherscan</title></head>` +
|
||||
`<body>There are reports that this address was used in a Phishing scam.</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBeNull();
|
||||
expect(result.isPhishing).toBe(true);
|
||||
expect(result.warning).toContain("phishing/scam");
|
||||
});
|
||||
|
||||
test("detects scam warning with label in body", () => {
|
||||
const html =
|
||||
`<html><head><title>SomeScammer | Address: 0xabcdef...1234 | Etherscan</title></head>` +
|
||||
`<body>There are reports that this address was used in a scam.</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("SomeScammer");
|
||||
expect(result.isPhishing).toBe(true);
|
||||
expect(result.warning).toContain("SomeScammer");
|
||||
});
|
||||
|
||||
test("returns clean result for legitimate address", () => {
|
||||
const html = `<html><head><title>vitalik.eth | Address: 0xd8dA6BF2...37aA96045 | Etherscan</title></head><body>Overview</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("vitalik.eth");
|
||||
expect(result.isPhishing).toBe(false);
|
||||
expect(result.warning).toBeNull();
|
||||
});
|
||||
|
||||
test("returns clean result for unlabeled address", () => {
|
||||
const html = `<html><head><title>Address: 0x1234567890...abcdef | Etherscan</title></head><body>Overview</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBeNull();
|
||||
expect(result.isPhishing).toBe(false);
|
||||
expect(result.warning).toBeNull();
|
||||
});
|
||||
|
||||
test("handles exchange labels correctly (not phishing)", () => {
|
||||
const html = `<html><head><title>Coinbase 10 | Address: 0xa9d1e08c...b81d3e43 | Etherscan</title></head><body>Overview</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("Coinbase 10");
|
||||
expect(result.isPhishing).toBe(false);
|
||||
});
|
||||
|
||||
test("handles contract names correctly (not phishing)", () => {
|
||||
const html = `<html><head><title>Beacon Deposit Contract | Address: 0x00000000...03d7705Fa | Etherscan</title></head><body>Overview</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("Beacon Deposit Contract");
|
||||
expect(result.isPhishing).toBe(false);
|
||||
});
|
||||
|
||||
test("handles empty HTML gracefully", () => {
|
||||
const result = parseEtherscanPage("");
|
||||
expect(result.label).toBeNull();
|
||||
expect(result.isPhishing).toBe(false);
|
||||
expect(result.warning).toBeNull();
|
||||
});
|
||||
|
||||
test("handles malformed title tag", () => {
|
||||
const html = `<html><head><title></title></head><body></body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBeNull();
|
||||
expect(result.isPhishing).toBe(false);
|
||||
});
|
||||
|
||||
test("detects wallet drainer warning", () => {
|
||||
const html =
|
||||
`<html><head><title>Address: 0xabc...def | Etherscan</title></head>` +
|
||||
`<body>This is a known wallet drainer contract.</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.isPhishing).toBe(true);
|
||||
});
|
||||
});
|
||||
});
|
||||
205
tests/phishingDomains.test.js
Normal file
205
tests/phishingDomains.test.js
Normal file
@@ -0,0 +1,205 @@
|
||||
// Provide a localStorage mock for Node.js test environment.
|
||||
// Must be set before requiring the module since it calls loadDeltaFromStorage()
|
||||
// at module load time.
|
||||
const localStorageStore = {};
|
||||
global.localStorage = {
|
||||
getItem: (key) =>
|
||||
Object.prototype.hasOwnProperty.call(localStorageStore, key)
|
||||
? localStorageStore[key]
|
||||
: null,
|
||||
setItem: (key, value) => {
|
||||
localStorageStore[key] = String(value);
|
||||
},
|
||||
removeItem: (key) => {
|
||||
delete localStorageStore[key];
|
||||
},
|
||||
};
|
||||
|
||||
const {
|
||||
isPhishingDomain,
|
||||
loadConfig,
|
||||
getBlocklistSize,
|
||||
getDeltaSize,
|
||||
hostnameVariants,
|
||||
_reset,
|
||||
_getVendoredBlacklistSize,
|
||||
_getDeltaBlacklist,
|
||||
} = require("../src/shared/phishingDomains");
|
||||
|
||||
// Reset delta state before each test to avoid cross-test contamination.
|
||||
// Note: vendored sets are immutable and always present.
|
||||
beforeEach(() => {
|
||||
_reset();
|
||||
// Clear localStorage mock between tests
|
||||
for (const key of Object.keys(localStorageStore)) {
|
||||
delete localStorageStore[key];
|
||||
}
|
||||
});
|
||||
|
||||
describe("phishingDomains", () => {
|
||||
describe("vendored blocklist", () => {
|
||||
test("vendored blacklist is loaded from bundled JSON", () => {
|
||||
// The vendored blocklist should have a large number of entries
|
||||
expect(_getVendoredBlacklistSize()).toBeGreaterThan(100000);
|
||||
});
|
||||
|
||||
test("detects domains from vendored blacklist", () => {
|
||||
// These are well-known phishing domains in the vendored list
|
||||
expect(isPhishingDomain("hopprotocol.pro")).toBe(true);
|
||||
expect(isPhishingDomain("blast-pools.pages.dev")).toBe(true);
|
||||
});
|
||||
|
||||
test("getBlocklistSize includes vendored entries", () => {
|
||||
expect(getBlocklistSize()).toBeGreaterThan(100000);
|
||||
});
|
||||
});
|
||||
|
||||
describe("hostnameVariants", () => {
|
||||
test("returns exact hostname plus parent domains", () => {
|
||||
const variants = hostnameVariants("sub.evil.com");
|
||||
expect(variants).toEqual(["sub.evil.com", "evil.com"]);
|
||||
});
|
||||
|
||||
test("returns just the hostname for a bare domain", () => {
|
||||
const variants = hostnameVariants("example.com");
|
||||
expect(variants).toEqual(["example.com"]);
|
||||
});
|
||||
|
||||
test("handles deep subdomain chains", () => {
|
||||
const variants = hostnameVariants("a.b.c.d.com");
|
||||
expect(variants).toEqual([
|
||||
"a.b.c.d.com",
|
||||
"b.c.d.com",
|
||||
"c.d.com",
|
||||
"d.com",
|
||||
]);
|
||||
});
|
||||
|
||||
test("lowercases hostnames", () => {
|
||||
const variants = hostnameVariants("Evil.COM");
|
||||
expect(variants).toEqual(["evil.com"]);
|
||||
});
|
||||
});
|
||||
|
||||
describe("delta computation via loadConfig", () => {
|
||||
test("loadConfig computes delta of new entries not in vendored list", () => {
|
||||
loadConfig({
|
||||
blacklist: [
|
||||
"brand-new-scam-site-xyz123.com",
|
||||
"hopprotocol.pro", // already in vendored
|
||||
],
|
||||
});
|
||||
// Only the new domain should be in the delta
|
||||
expect(
|
||||
_getDeltaBlacklist().has("brand-new-scam-site-xyz123.com"),
|
||||
).toBe(true);
|
||||
expect(_getDeltaBlacklist().has("hopprotocol.pro")).toBe(false);
|
||||
expect(getDeltaSize()).toBe(1);
|
||||
});
|
||||
|
||||
test("re-loading config replaces previous delta", () => {
|
||||
loadConfig({
|
||||
blacklist: ["first-scam-xyz.com"],
|
||||
});
|
||||
expect(isPhishingDomain("first-scam-xyz.com")).toBe(true);
|
||||
|
||||
loadConfig({
|
||||
blacklist: ["second-scam-xyz.com"],
|
||||
});
|
||||
expect(isPhishingDomain("first-scam-xyz.com")).toBe(false);
|
||||
expect(isPhishingDomain("second-scam-xyz.com")).toBe(true);
|
||||
});
|
||||
|
||||
test("getBlocklistSize includes both vendored and delta", () => {
|
||||
const baseSize = getBlocklistSize();
|
||||
loadConfig({
|
||||
blacklist: ["delta-only-scam-xyz.com"],
|
||||
});
|
||||
expect(getBlocklistSize()).toBe(baseSize + 1);
|
||||
});
|
||||
});
|
||||
|
||||
describe("isPhishingDomain with delta + vendored", () => {
|
||||
test("detects domain from delta blacklist", () => {
|
||||
loadConfig({
|
||||
blacklist: ["fresh-scam-xyz.com"],
|
||||
});
|
||||
expect(isPhishingDomain("fresh-scam-xyz.com")).toBe(true);
|
||||
});
|
||||
|
||||
test("detects domain from vendored blacklist", () => {
|
||||
// No delta loaded — vendored still works
|
||||
expect(isPhishingDomain("hopprotocol.pro")).toBe(true);
|
||||
});
|
||||
|
||||
test("returns false for clean domains", () => {
|
||||
expect(isPhishingDomain("etherscan.io")).toBe(false);
|
||||
expect(isPhishingDomain("example.com")).toBe(false);
|
||||
});
|
||||
|
||||
test("detects subdomain of blacklisted domain (vendored)", () => {
|
||||
expect(isPhishingDomain("app.hopprotocol.pro")).toBe(true);
|
||||
});
|
||||
|
||||
test("detects subdomain of blacklisted domain (delta)", () => {
|
||||
loadConfig({
|
||||
blacklist: ["delta-phish-xyz.com"],
|
||||
});
|
||||
expect(isPhishingDomain("sub.delta-phish-xyz.com")).toBe(true);
|
||||
});
|
||||
|
||||
test("case-insensitive matching", () => {
|
||||
loadConfig({
|
||||
blacklist: ["Delta-Scam-XYZ.COM"],
|
||||
});
|
||||
expect(isPhishingDomain("delta-scam-xyz.com")).toBe(true);
|
||||
expect(isPhishingDomain("DELTA-SCAM-XYZ.COM")).toBe(true);
|
||||
});
|
||||
|
||||
test("returns false for empty/null hostname", () => {
|
||||
expect(isPhishingDomain("")).toBe(false);
|
||||
expect(isPhishingDomain(null)).toBe(false);
|
||||
});
|
||||
|
||||
test("handles config with no blacklist key", () => {
|
||||
loadConfig({});
|
||||
expect(getDeltaSize()).toBe(0);
|
||||
// Vendored list still works
|
||||
expect(isPhishingDomain("hopprotocol.pro")).toBe(true);
|
||||
});
|
||||
});
|
||||
|
||||
describe("localStorage persistence", () => {
|
||||
test("saveDeltaToStorage persists delta under 256KiB", () => {
|
||||
loadConfig({
|
||||
blacklist: ["persisted-scam-xyz.com"],
|
||||
});
|
||||
const stored = localStorage.getItem("phishing-delta");
|
||||
expect(stored).not.toBeNull();
|
||||
const data = JSON.parse(stored);
|
||||
expect(data.blacklist).toContain("persisted-scam-xyz.com");
|
||||
});
|
||||
|
||||
test("delta is cleared on _reset", () => {
|
||||
loadConfig({
|
||||
blacklist: ["temp-scam-xyz.com"],
|
||||
});
|
||||
expect(getDeltaSize()).toBe(1);
|
||||
_reset();
|
||||
expect(getDeltaSize()).toBe(0);
|
||||
});
|
||||
});
|
||||
|
||||
describe("real-world blocklist patterns", () => {
|
||||
test("detects known phishing domains from vendored list", () => {
|
||||
expect(isPhishingDomain("uniswap-trade.web.app")).toBe(true);
|
||||
expect(isPhishingDomain("hopprotocol.pro")).toBe(true);
|
||||
expect(isPhishingDomain("blast-pools.pages.dev")).toBe(true);
|
||||
});
|
||||
|
||||
test("does not flag legitimate domains", () => {
|
||||
expect(isPhishingDomain("opensea.io")).toBe(false);
|
||||
expect(isPhishingDomain("etherscan.io")).toBe(false);
|
||||
});
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user