fix: zero-tx warning layout shift and contract address false positive

- Reserve space for the warning upfront using visibility:hidden instead
  of display:none, preventing layout shift per README policy
- Move warning HTML to index.html as a static element rather than
  injecting dynamically
- Skip warning for contract addresses (check getCode first) since
  getTransactionCount only returns outgoing tx nonce
- Collapse reserved space when warning is not needed (address has
  history, is a contract, or on RPC error)

src/popup/index.html

@@ -577,6 +577,19 @@
                     <div id="confirm-fee-amount" class="text-xs"></div>
                 </div>
                 <div id="confirm-warnings" class="mb-2 hidden"></div>
+                <div
+                    id="confirm-recipient-warning"
+                    class="mb-2"
+                    style="visibility: hidden"
+                >
+                    <div
+                        class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
+                    >
+                        WARNING: The recipient address has ZERO transaction
+                        history. This may indicate a fresh or unused address.
+                        Double-check the address before sending.
+                    </div>
+                </div>
                 <div
                     id="confirm-errors"
                     class="mb-2 border border-border border-dashed p-2 hidden"

src/popup/views/confirmTx.js

@@ -25,7 +25,6 @@ const { decryptWithPassword } = require("../../shared/vault");
 const { formatUsd, getPrice } = require("../../shared/prices");
 const { getProvider } = require("../../shared/balances");
 const { isScamAddress } = require("../../shared/scamlist");
-const { hasZeroTransactionHistory } = require("../../shared/transactions");
 const { ERC20_ABI } = require("../../shared/constants");
 const { log } = require("../../shared/log");
 const makeBlockie = require("ethereum-blockies-base64");
@@ -244,6 +243,12 @@ function show(txInfo) {
     state.viewData = { pendingTx: txInfo };
     showView("confirm-tx");
 
+    // Reset recipient warning: reserve space (visibility:hidden) while
+    // the async check runs, preventing layout shift per README policy.
+    const recipientWarning = $("confirm-recipient-warning");
+    recipientWarning.style.display = "";
+    recipientWarning.style.visibility = "hidden";
+
     estimateGas(txInfo);
     checkRecipientHistory(txInfo);
 }
@@ -289,20 +294,31 @@ async function estimateGas(txInfo) {
 }
 
 async function checkRecipientHistory(txInfo) {
-    const isNew = await hasZeroTransactionHistory(
+    const el = $("confirm-recipient-warning");
-        txInfo.to,
+    try {
-        state.blockscoutUrl,
+        const provider = getProvider(state.rpcUrl);
-    );
+        // Skip warning for contract addresses — they may legitimately
-    if (!isNew) return;
+        // have zero outgoing transactions (getTransactionCount returns
-
+        // the nonce, i.e. sent-tx count only).
-    const warningsEl = $("confirm-warnings");
+        const code = await provider.getCode(txInfo.to);
-    const warningHtml =
+        if (code && code !== "0x") {
-        `<div class="border border-red-500 border-dashed p-2 mb-1 text-xs font-bold text-red-500">` +
+            // Contract address — hide the reserved space entirely
-        `WARNING: This address has ZERO transaction history. ` +
+            el.style.display = "none";
-        `It has never sent or received any funds. ` +
+            return;
-        `Double-check the address before sending.</div>`;
+        }
-    warningsEl.innerHTML = warningHtml + warningsEl.innerHTML;
+        const txCount = await provider.getTransactionCount(txInfo.to);
-    warningsEl.classList.remove("hidden");
+        if (txCount === 0) {
+            el.style.visibility = "visible";
+        } else {
+            // Address has history — collapse the reserved space
+            el.style.display = "none";
+        }
+    } catch (e) {
+        log.errorf("recipient history check failed:", e.message);
+        // On error, collapse the reserved space rather than showing a
+        // false warning or leaving an empty gap
+        el.style.display = "none";
+    }
 }
 
 function init(ctx) {

src/shared/transactions.js

@@ -251,40 +251,4 @@ function filterTransactions(txs, filters = {}) {
     return { transactions: filtered, newFraudContracts: newFraud };
 }
 
-/**
+module.exports = { fetchRecentTransactions, filterTransactions };
- * Check whether an address has any on-chain transaction history.
- * Returns true if the address has zero normal transactions AND zero
- * token transfers on the configured Blockscout instance.
- * Returns false on network errors (fail-open: don't block sends).
- */
-async function hasZeroTransactionHistory(address, blockscoutUrl) {
-    try {
-        const resp = await debugFetch(
-            blockscoutUrl + "/addresses/" + address + "/transactions?limit=1",
-        );
-        if (!resp.ok) return false;
-        const json = await resp.json();
-        if ((json.items || []).length > 0) return false;
-
-        // Also check token transfers — an address may have only received
-        // ERC-20 tokens without any native ETH transactions.
-        const ttResp = await debugFetch(
-            blockscoutUrl +
-                "/addresses/" +
-                address +
-                "/token-transfers?type=ERC-20&limit=1",
-        );
-        if (!ttResp.ok) return false;
-        const ttJson = await ttResp.json();
-        return (ttJson.items || []).length === 0;
-    } catch (e) {
-        log.errorf("hasZeroTransactionHistory check failed:", e.message);
-        return false;
-    }
-}
-
-module.exports = {
-    fetchRecentTransactions,
-    filterTransactions,
-    hasZeroTransactionHistory,
-};