feat: show red warning when sending to address with zero tx history

On the confirm-tx screen, asynchronously check the recipient address
via Blockscout API. If the address has never sent or received any
transactions (normal or ERC-20), display a prominent red warning.

Fails open: network errors silently skip the warning to avoid
blocking legitimate sends.

Closes #82

src/popup/styles/main.css

@@ -15,21 +15,6 @@
     --color-section: #dddddd;
 }
 
-@keyframes copy-flash {
-    0% {
-        background-color: var(--color-fg);
-        color: var(--color-bg);
-    }
-    100% {
-        background-color: transparent;
-        color: inherit;
-    }
-}
-
-.copy-flash {
-    animation: copy-flash 500ms ease-out;
-}
-
 body {
     width: 396px;
     overflow-x: hidden;

src/popup/views/addressDetail.js

@@ -2,7 +2,6 @@ const {
     $,
     showView,
     showFlash,
-    flashCopyElement,
     balanceLinesForAddress,
     addressDotHtml,
     addressTitle,
@@ -238,11 +237,9 @@ function renderTransactions(txs) {
 function init(_ctx) {
     ctx = _ctx;
     $("address-full").addEventListener("click", () => {
-        const el = $("address-full");
+        const addr = $("address-full").dataset.full;
-        const addr = el.dataset.full;
         if (addr) {
             navigator.clipboard.writeText(addr);
-            flashCopyElement(el);
             showFlash("Copied!");
         }
     });
@@ -357,21 +354,17 @@ function init(_ctx) {
     });
 
     $("export-privkey-value").addEventListener("click", () => {
-        const el = $("export-privkey-value");
+        const key = $("export-privkey-value").textContent;
-        const key = el.textContent;
         if (key) {
             navigator.clipboard.writeText(key);
-            flashCopyElement(el);
             showFlash("Copied!");
         }
     });
 
     $("export-privkey-address").addEventListener("click", () => {
-        const el = $("export-privkey-address");
+        const full = $("export-privkey-address").dataset.full;
-        const full = el.dataset.full;
         if (full) {
             navigator.clipboard.writeText(full);
-            flashCopyElement(el);
             showFlash("Copied!");
         }
     });

src/popup/views/addressToken.js

@@ -5,7 +5,6 @@ const {
     $,
     showView,
     showFlash,
-    flashCopyElement,
     addressDotHtml,
     addressTitle,
     escapeHtml,
@@ -314,11 +313,9 @@ function renderTransactions(txs) {
 function init(_ctx) {
     ctx = _ctx;
     $("address-token-full").addEventListener("click", () => {
-        const el = $("address-token-full");
+        const addr = $("address-token-full").dataset.full;
-        const addr = el.dataset.full;
         if (addr) {
             navigator.clipboard.writeText(addr);
-            flashCopyElement(el);
             showFlash("Copied!");
         }
     });
@@ -327,7 +324,6 @@ function init(_ctx) {
         const copyEl = e.target.closest("[data-copy]");
         if (copyEl) {
             navigator.clipboard.writeText(copyEl.dataset.copy);
-            flashCopyElement(copyEl);
             showFlash("Copied!");
         }
     });
@@ -376,7 +372,6 @@ function init(_ctx) {
         if (copyEl) {
             copyEl.addEventListener("click", () => {
                 navigator.clipboard.writeText(copyEl.dataset.copy);
-                flashCopyElement(copyEl);
                 showFlash("Copied!");
             });
         }

src/popup/views/confirmTx.js

@@ -15,7 +15,6 @@ const {
     hideError,
     showView,
     showFlash,
-    flashCopyElement,
     addressTitle,
     addressDotHtml,
     escapeHtml,
@@ -26,6 +25,7 @@ const { decryptWithPassword } = require("../../shared/vault");
 const { formatUsd, getPrice } = require("../../shared/prices");
 const { getProvider } = require("../../shared/balances");
 const { isScamAddress } = require("../../shared/scamlist");
+const { hasZeroTransactionHistory } = require("../../shared/transactions");
 const { ERC20_ABI } = require("../../shared/constants");
 const { log } = require("../../shared/log");
 const makeBlockie = require("ethereum-blockies-base64");
@@ -117,7 +117,6 @@ function show(txInfo) {
         if (copyEl) {
             copyEl.onclick = () => {
                 navigator.clipboard.writeText(copyEl.dataset.copy);
-                flashCopyElement(copyEl);
                 showFlash("Copied!");
             };
         }
@@ -246,6 +245,7 @@ function show(txInfo) {
     showView("confirm-tx");
 
     estimateGas(txInfo);
+    checkRecipientHistory(txInfo);
 }
 
 async function estimateGas(txInfo) {
@@ -288,6 +288,23 @@ async function estimateGas(txInfo) {
     }
 }
 
+async function checkRecipientHistory(txInfo) {
+    const isNew = await hasZeroTransactionHistory(
+        txInfo.to,
+        state.blockscoutUrl,
+    );
+    if (!isNew) return;
+
+    const warningsEl = $("confirm-warnings");
+    const warningHtml =
+        `<div class="border border-red-500 border-dashed p-2 mb-1 text-xs font-bold text-red-500">` +
+        `WARNING: This address has ZERO transaction history. ` +
+        `It has never sent or received any funds. ` +
+        `Double-check the address before sending.</div>`;
+    warningsEl.innerHTML = warningHtml + warningsEl.innerHTML;
+    warningsEl.classList.remove("hidden");
+}
+
 function init(ctx) {
     $("btn-confirm-send").addEventListener("click", async () => {
         const password = $("confirm-tx-password").value;

src/popup/views/helpers.js

@@ -76,18 +76,6 @@ function clearFlash() {
     $("flash-msg").textContent = "";
 }
 
-function flashCopyElement(el) {
-    el.classList.remove("copy-flash");
-    // Force reflow so re-adding the class restarts the animation.
-    void el.offsetWidth;
-    el.classList.add("copy-flash");
-    el.addEventListener(
-        "animationend",
-        () => el.classList.remove("copy-flash"),
-        { once: true },
-    );
-}
-
 function showFlash(msg, duration = 2000) {
     clearFlash();
     $("flash-msg").textContent = msg;
@@ -277,7 +265,6 @@ module.exports = {
     hideError,
     showView,
     showFlash,
-    flashCopyElement,
     balanceLine,
     balanceLinesForAddress,
     addressColor,

src/popup/views/home.js

@@ -2,7 +2,6 @@ const {
     $,
     showView,
     showFlash,
-    flashCopyElement,
     balanceLinesForAddress,
     isoDate,
     timeAgo,
@@ -86,9 +85,8 @@ function renderActiveAddress() {
         el.innerHTML =
             `<span class="underline decoration-dashed cursor-pointer" id="active-addr-copy">${dot}${escapeHtml(addr)}</span>` +
             `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
-        $("active-addr-copy").addEventListener("click", (e) => {
+        $("active-addr-copy").addEventListener("click", () => {
             navigator.clipboard.writeText(addr);
-            flashCopyElement(e.currentTarget);
             showFlash("Copied!");
         });
     } else {

src/popup/views/receive.js

@@ -2,7 +2,6 @@ const {
     $,
     showView,
     showFlash,
-    flashCopyElement,
     formatAddressHtml,
     addressTitle,
 } = require("./helpers");
@@ -62,21 +61,17 @@ function show() {
 
 function init(ctx) {
     $("receive-address-block").addEventListener("click", () => {
-        const el = $("receive-address-block");
+        const addr = $("receive-address-block").dataset.full;
-        const addr = el.dataset.full;
         if (addr) {
             navigator.clipboard.writeText(addr);
-            flashCopyElement(el);
             showFlash("Copied!");
         }
     });
 
     $("btn-receive-copy").addEventListener("click", () => {
-        const block = $("receive-address-block");
+        const addr = $("receive-address-block").dataset.full;
-        const addr = block.dataset.full;
         if (addr) {
             navigator.clipboard.writeText(addr);
-            flashCopyElement(block);
             showFlash("Copied!");
         }
     });

src/popup/views/transactionDetail.js

@@ -5,7 +5,6 @@ const {
     $,
     showView,
     showFlash,
-    flashCopyElement,
     addressDotHtml,
     addressTitle,
     escapeHtml,
@@ -159,9 +158,8 @@ function render() {
         loadCalldata(tx.hash, tx.to);
     }
 
-    const isoStr = isoDate(tx.timestamp);
+    $("tx-detail-time").textContent =
-    $("tx-detail-time").innerHTML =
+        isoDate(tx.timestamp) + " (" + timeAgo(tx.timestamp) + ")";
-        copyableHtml(isoStr) + " (" + escapeHtml(timeAgo(tx.timestamp)) + ")";
     $("tx-detail-status").textContent = tx.isError ? "Failed" : "Success";
     showView("transaction");
 
@@ -171,7 +169,6 @@ function render() {
         .forEach((el) => {
             el.onclick = () => {
                 navigator.clipboard.writeText(el.dataset.copy);
-                flashCopyElement(el);
                 showFlash("Copied!");
             };
         });
@@ -249,7 +246,6 @@ async function loadCalldata(txHash, toAddress) {
             container.querySelectorAll("[data-copy]").forEach((el) => {
                 el.onclick = () => {
                     navigator.clipboard.writeText(el.dataset.copy);
-                    flashCopyElement(el);
                     showFlash("Copied!");
                 };
             });

src/popup/views/txStatus.js

@@ -4,7 +4,6 @@ const {
     $,
     showView,
     showFlash,
-    flashCopyElement,
     addressDotHtml,
     addressTitle,
     escapeHtml,
@@ -60,16 +59,6 @@ function txHashHtml(hash) {
     );
 }
 
-function blockNumberHtml(blockNumber) {
-    const num = String(blockNumber);
-    const link = `https://etherscan.io/block/${num}`;
-    const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
-    return (
-        `<span class="underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(num)}">${escapeHtml(num)}</span>` +
-        extLink
-    );
-}
-
 function attachCopyHandlers(viewId) {
     document
         .getElementById(viewId)
@@ -77,7 +66,6 @@ function attachCopyHandlers(viewId) {
         .forEach((el) => {
             el.onclick = () => {
                 navigator.clipboard.writeText(el.dataset.copy);
-                flashCopyElement(el);
                 showFlash("Copied!");
             };
         });
@@ -201,7 +189,7 @@ function renderSuccess() {
         $("success-tx-to").innerHTML = toAddressHtml(d.to);
     }
 
-    $("success-tx-block").innerHTML = blockNumberHtml(d.blockNumber);
+    $("success-tx-block").textContent = String(d.blockNumber);
     $("success-tx-hash").innerHTML = txHashHtml(d.hash);
 
     // Show decoded calldata details if present

src/shared/transactions.js

@@ -251,4 +251,40 @@ function filterTransactions(txs, filters = {}) {
     return { transactions: filtered, newFraudContracts: newFraud };
 }
 
-module.exports = { fetchRecentTransactions, filterTransactions };
+/**
+ * Check whether an address has any on-chain transaction history.
+ * Returns true if the address has zero normal transactions AND zero
+ * token transfers on the configured Blockscout instance.
+ * Returns false on network errors (fail-open: don't block sends).
+ */
+async function hasZeroTransactionHistory(address, blockscoutUrl) {
+    try {
+        const resp = await debugFetch(
+            blockscoutUrl + "/addresses/" + address + "/transactions?limit=1",
+        );
+        if (!resp.ok) return false;
+        const json = await resp.json();
+        if ((json.items || []).length > 0) return false;
+
+        // Also check token transfers — an address may have only received
+        // ERC-20 tokens without any native ETH transactions.
+        const ttResp = await debugFetch(
+            blockscoutUrl +
+                "/addresses/" +
+                address +
+                "/token-transfers?type=ERC-20&limit=1",
+        );
+        if (!ttResp.ok) return false;
+        const ttJson = await ttResp.json();
+        return (ttJson.items || []).length === 0;
+    } catch (e) {
+        log.errorf("hasZeroTransactionHistory check failed:", e.message);
+        return false;
+    }
+}
+
+module.exports = {
+    fetchRecentTransactions,
+    filterTransactions,
+    hasZeroTransactionHistory,
+};