sneak/AutistMask
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: sneak:feature/issue-82-new-address-warning
Branches Tags
sneak:main sneak:feat/issue-144-settings-about sneak:feat/issue-131-transaction-view-layout sneak:fix/116-timestamps-include-timezone sneak:feature/expanded-warnings sneak:fix/cross-wallet-duplicate-detection sneak:feature/copy-flash-feedback sneak:feature/issue-82-new-address-warning sneak:feature/82-warn-new-address sneak:issue-99-block-number-external-link sneak:issue-99-block-number-styling sneak:feature/82-zero-history-warning sneak:fix/issue-99-block-number-link-copy sneak:fix/99-block-number-clickable sneak:fix/87-consistent-error-display-v2 sneak:fix/87-consistent-error-display sneak:fix/consistent-error-display sneak:fix/77-confirm-tx-persist sneak:fix/issue-72-address-token-tx-history sneak:fix/70-confirm-tx-contract-display sneak:fix/issue-58-receive-address-consistency sneak:fix/59-transaction-view-ui-policies sneak:fix/55-swap-show-own-address sneak:feature/show-private-key sneak:feat/message-signing
sneak:v0.1.0
..
compare: sneak:c8d1f96770ec7333098d7d8c70075fe2867edcb3
Branches Tags
sneak:feat/issue-144-settings-about sneak:main sneak:feat/issue-131-transaction-view-layout sneak:fix/116-timestamps-include-timezone sneak:feature/expanded-warnings sneak:fix/cross-wallet-duplicate-detection sneak:feature/copy-flash-feedback sneak:feature/issue-82-new-address-warning sneak:feature/82-warn-new-address sneak:issue-99-block-number-external-link sneak:issue-99-block-number-styling sneak:feature/82-zero-history-warning sneak:fix/issue-99-block-number-link-copy sneak:fix/99-block-number-clickable sneak:fix/87-consistent-error-display-v2 sneak:fix/87-consistent-error-display sneak:fix/consistent-error-display sneak:fix/77-confirm-tx-persist sneak:fix/issue-72-address-token-tx-history sneak:fix/70-confirm-tx-contract-display sneak:fix/issue-58-receive-address-consistency sneak:fix/59-transaction-view-ui-policies sneak:fix/55-swap-show-own-address sneak:feature/show-private-key sneak:feat/message-signing
sneak:v0.1.0

1 Commits
feature/is ... c8d1f96770

Author SHA1 Message Date
user
c8d1f96770 feat: show red warning when sending to address with zero tx history
All checks were successful
check / check (push) Successful in 21s
Details 
On the confirm-tx view, asynchronously check the recipient address
transaction count via getTransactionCount(). If zero, display a
prominent red warning advising the user to double-check the address.

Closes #82
 2026-02-28 13:44:14 -08:00
5 changed files with 32 additions and 99 deletions
Expand all files Collapse all files

12
src/popup/views/approval.js
View File

@@ -172,8 +172,6 @@ function showTxApproval(details) {
// If this is an ERC-20 call, try to extract the real recipient and amount
const decoded = decodeCalldata(details.txParams.data, toAddr || "");
if (decoded && decoded.details) {
let decodedTokenAddr = null;
let decodedTokenSymbol = null;
for (const d of decoded.details) {
if (d.label === "Recipient" && d.address) {
pendingTxDetails.to = d.address;
@@ -181,20 +179,10 @@ function showTxApproval(details) {
if (d.label === "Amount") {
pendingTxDetails.amount = d.rawValue || d.value;
}
if (d.label === "Token In" && d.isToken && d.address) {
const t = TOKEN_BY_ADDRESS.get(d.address.toLowerCase());
if (t) {
decodedTokenAddr = d.address;
decodedTokenSymbol = t.symbol;
}
}
}
if (token) {
pendingTxDetails.token = toAddr;
pendingTxDetails.tokenSymbol = token.symbol;
} else if (decodedTokenAddr) {
pendingTxDetails.token = decodedTokenAddr;
pendingTxDetails.tokenSymbol = decodedTokenSymbol;
}
}

34
src/popup/views/confirmTx.js
View File

@@ -25,7 +25,6 @@ const { decryptWithPassword } = require("../../shared/vault");
const { formatUsd, getPrice } = require("../../shared/prices");
const { getProvider } = require("../../shared/balances");
const { isScamAddress } = require("../../shared/scamlist");
const { hasZeroTransactionHistory } = require("../../shared/transactions");
const { ERC20_ABI } = require("../../shared/constants");
const { log } = require("../../shared/log");
const makeBlockie = require("ethereum-blockies-base64");
@@ -289,20 +288,25 @@ async function estimateGas(txInfo) {
}
async function checkRecipientHistory(txInfo) {
const isNew = await hasZeroTransactionHistory(
txInfo.to,
state.blockscoutUrl,
);
if (!isNew) return;
const warningsEl = $("confirm-warnings");
const warningHtml =
`<div class="border border-red-500 border-dashed p-2 mb-1 text-xs font-bold text-red-500">` +
`WARNING: This address has ZERO transaction history. ` +
`It has never sent or received any funds. ` +
`Double-check the address before sending.</div>`;
warningsEl.innerHTML = warningHtml + warningsEl.innerHTML;
warningsEl.classList.remove("hidden");
try {
const provider = getProvider(state.rpcUrl);
const txCount = await provider.getTransactionCount(txInfo.to);
if (txCount === 0) {
const warningsEl = $("confirm-warnings");
const warning =
`<div class="border border-red-500 border-dashed p-2 mb-1 text-xs font-bold text-red-500">` +
`WARNING: The recipient address has ZERO transaction history. ` +
`This may indicate a fresh or unused address. Double-check the address before sending.</div>`;
if (warningsEl.classList.contains("hidden")) {
warningsEl.innerHTML = warning;
warningsEl.classList.remove("hidden");
} else {
warningsEl.innerHTML += warning;
}
}
} catch (e) {
log.errorf("recipient history check failed:", e.message);
}
}
function init(ctx) {

29
src/popup/views/txStatus.js
View File

@@ -43,11 +43,10 @@ function toAddressHtml(address) {
if (title) {
return (
`<div class="flex items-center font-bold">${dot}${escapeHtml(title)}</div>` +
`<div class="break-all underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(address)}">${escapeHtml(address)}</div>` +
extLink
`<div class="break-all">${escapeHtml(address)}${extLink}</div>`
);
}
return `<div class="flex items-center">${dot}<span class="break-all underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(address)}">${escapeHtml(address)}</span>${extLink}</div>`;
return `<div class="flex items-center">${dot}<span class="break-all">${escapeHtml(address)}</span>${extLink}</div>`;
}
function txHashHtml(hash) {
@@ -140,7 +139,7 @@ function etherscanTokenLink(address) {
function decodedDetailsHtml(decoded) {
if (!decoded || !decoded.details) return "";
let html = `<div class="border border-border border-dashed p-2 mb-3">`;
let html = "";
if (decoded.name) {
html += `<div class="mb-2"><div class="text-xs text-muted mb-1">Action</div>`;
html += `<div class="font-bold">${escapeHtml(decoded.name)}</div></div>`;
@@ -165,36 +164,20 @@ function decodedDetailsHtml(decoded) {
}
html += `</div>`;
}
html += `</div>`;
return html;
}
function renderSuccess() {
const d = state.viewData;
if (!d || !d.hash) return;
const hasDecoded = d.decoded && d.decoded.details;
// When decoded details are present, the Amount and To are already
// shown inside the decoded well — hide the top-level duplicates.
const summarySection = $("success-tx-summary").parentElement;
const toSection = $("success-tx-to").parentElement;
if (hasDecoded) {
summarySection.classList.add("hidden");
toSection.classList.add("hidden");
} else {
summarySection.classList.remove("hidden");
toSection.classList.remove("hidden");
$("success-tx-summary").textContent = d.amount + " " + d.symbol;
$("success-tx-to").innerHTML = toAddressHtml(d.to);
}
$("success-tx-summary").textContent = d.amount + " " + d.symbol;
$("success-tx-to").innerHTML = toAddressHtml(d.to);
$("success-tx-block").textContent = String(d.blockNumber);
$("success-tx-hash").innerHTML = txHashHtml(d.hash);
// Show decoded calldata details if present
const decodedEl = $("success-tx-decoded");
if (decodedEl && hasDecoded) {
if (decodedEl && d.decoded) {
decodedEl.innerHTML = decodedDetailsHtml(d.decoded);
decodedEl.classList.remove("hidden");
} else if (decodedEl) {

38
src/shared/transactions.js
View File

@@ -251,40 +251,4 @@ function filterTransactions(txs, filters = {}) {
return { transactions: filtered, newFraudContracts: newFraud };
}
/**
* Check whether an address has any on-chain transaction history.
* Returns true if the address has zero normal transactions AND zero
* token transfers on the configured Blockscout instance.
* Returns false on network errors (fail-open: don't block sends).
*/
async function hasZeroTransactionHistory(address, blockscoutUrl) {
try {
const resp = await debugFetch(
blockscoutUrl + "/addresses/" + address + "/transactions?limit=1",
);
if (!resp.ok) return false;
const json = await resp.json();
if ((json.items || []).length > 0) return false;
// Also check token transfers — an address may have only received
// ERC-20 tokens without any native ETH transactions.
const ttResp = await debugFetch(
blockscoutUrl +
"/addresses/" +
address +
"/token-transfers?type=ERC-20&limit=1",
);
if (!ttResp.ok) return false;
const ttJson = await ttResp.json();
return (ttJson.items || []).length === 0;
} catch (e) {
log.errorf("hasZeroTransactionHistory check failed:", e.message);
return false;
}
}
module.exports = {
fetchRecentTransactions,
filterTransactions,
hasZeroTransactionHistory,
};
module.exports = { fetchRecentTransactions, filterTransactions };

18
src/shared/uniswap.js
View File

@@ -445,18 +445,12 @@ function decode(data, toAddress) {
const maxUint160 = BigInt(
"0xffffffffffffffffffffffffffffffffffffffff",
);
const isUnlimited = inputAmount >= maxUint160;
const amountRaw = isUnlimited
? "Unlimited"
: formatAmount(inputAmount, inInfo.decimals);
const amountStr = isUnlimited
? "Unlimited"
: amountRaw + (inSymbol ? " " + inSymbol : "");
details.push({
label: "Amount",
value: amountStr,
rawValue: amountRaw,
});
const amountStr =
inputAmount >= maxUint160
? "Unlimited"
: formatAmount(inputAmount, inInfo.decimals) +
(inSymbol ? " " + inSymbol : "");
details.push({ label: "Amount", value: amountStr });
}
if (outSymbol) {