Compare commits
15 Commits
feature/sh
...
fix/59-tra
| Author | SHA1 | Date | |
|---|---|---|---|
|
1df770d3b6 | ||
|
607d2349b0 | ||
|
3c2d553070 | ||
|
|
55346b484b | ||
|
|
93565c7196 | ||
|
71ef08fe85 | ||
|
8d230aceb6 | ||
| 6031c3e76c | |||
|
|
436fe22296 | ||
| 82a7db63b5 | |||
| 7c53c48cb1 | |||
| 4d9a8a49b9 | |||
|
|
996003fd79 | ||
|
|
2c9a34aff6 | ||
|
|
173d75c57a |
1
.gitignore
vendored
1
.gitignore
vendored
@@ -25,3 +25,4 @@ dist/
|
||||
|
||||
# Yarn
|
||||
.yarn-integrity
|
||||
package-lock.json
|
||||
|
||||
35
README.md
35
README.md
@@ -213,22 +213,6 @@ create an address with the same visible characters and trick the user into
|
||||
sending funds to it. Showing the complete identifier defeats this class of
|
||||
attack.
|
||||
|
||||
#### Clipboard Policy
|
||||
|
||||
AutistMask never clears or overwrites the user's clipboard. When sensitive data
|
||||
such as a private key is copied, it is the user's responsibility to manage their
|
||||
clipboard afterwards. We deliberately avoid auto-clearing the clipboard for two
|
||||
reasons:
|
||||
|
||||
1. **User expectations**: silently modifying the clipboard violates the
|
||||
principle of least surprise. The user initiated the copy and knows the
|
||||
content is sensitive.
|
||||
2. **Data safety**: the user may have copied something else important in the
|
||||
intervening time. A timed clipboard clear would destroy that unrelated data.
|
||||
|
||||
The warning shown before revealing a private key makes it clear that the key is
|
||||
sensitive and that clipboard management is the user's responsibility.
|
||||
|
||||
#### Data Model
|
||||
|
||||
The core hierarchy is **Wallets → Addresses**:
|
||||
@@ -332,34 +316,15 @@ transitions.
|
||||
- Balance list: ETH + tracked ERC-20 tokens (4 decimal places, USD inline).
|
||||
Each balance row is clickable → **AddressToken**
|
||||
- Send / Receive / + Token buttons
|
||||
- "Show private key" button
|
||||
- Transaction list (with ENS resolution for counterparties)
|
||||
- **Transitions**:
|
||||
- Tap balance row → **AddressToken** (for that token)
|
||||
- "Send" → **Send**
|
||||
- "Receive" → **Receive**
|
||||
- "+ Token" → **AddToken**
|
||||
- "Show private key" → **ShowPrivateKey**
|
||||
- Tap transaction row → **TransactionDetail**
|
||||
- "Back" → **Home**
|
||||
|
||||
#### ShowPrivateKey
|
||||
|
||||
- **When**: User clicked "Show private key" on AddressDetail.
|
||||
- **Elements**:
|
||||
- "Back" button
|
||||
- Title: "Display Private Key"
|
||||
- Warning box (lock + money icons) explaining the key controls funds and
|
||||
that the user is responsible for clipboard management
|
||||
- Password input
|
||||
- "Display Private Key" button (with lock + money icons)
|
||||
- After reveal: private key in a read-only well (monospace, select-all),
|
||||
Copy button, Done button
|
||||
- **Transitions**:
|
||||
- "Display Private Key" (correct password) → reveals key in-place
|
||||
- "Copy" → copies key to clipboard
|
||||
- "Done" / "Back" → **AddressDetail** (key cleared from DOM)
|
||||
|
||||
#### AddressToken
|
||||
|
||||
- **When**: User clicked a specific token balance on AddressDetail.
|
||||
|
||||
@@ -307,15 +307,6 @@
|
||||
</button>
|
||||
</div>
|
||||
|
||||
<div class="mb-3">
|
||||
<button
|
||||
id="btn-show-private-key"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer text-xs"
|
||||
>
|
||||
🔒 Show private key
|
||||
</button>
|
||||
</div>
|
||||
|
||||
<!-- transactions -->
|
||||
<div class="mt-3">
|
||||
<div class="border-b border-border pb-1 mb-1">
|
||||
@@ -327,77 +318,6 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ============ SHOW PRIVATE KEY ============ -->
|
||||
<div id="view-show-private-key" class="view hidden">
|
||||
<button
|
||||
id="btn-show-pk-back"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer mb-2"
|
||||
>
|
||||
< Back
|
||||
</button>
|
||||
<h2 class="font-bold mb-2">Display Private Key</h2>
|
||||
|
||||
<!-- password prompt section -->
|
||||
<div id="show-pk-prompt">
|
||||
<div
|
||||
class="border border-border border-dashed p-3 mb-3 text-xs"
|
||||
>
|
||||
<p class="mb-1">
|
||||
🔒💰 Your private key controls this
|
||||
address and all its funds. Anyone who has it can
|
||||
spend your tokens.
|
||||
</p>
|
||||
<p>
|
||||
Do not share it. Do not paste it into websites. If
|
||||
you copy it, you are responsible for clearing your
|
||||
clipboard when you are done.
|
||||
</p>
|
||||
</div>
|
||||
<div class="mb-2">
|
||||
<label class="block mb-1">Password</label>
|
||||
<input
|
||||
type="password"
|
||||
id="show-pk-password"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
placeholder="Enter your password"
|
||||
/>
|
||||
</div>
|
||||
<div
|
||||
id="show-pk-error"
|
||||
class="text-xs mb-2 border border-border border-dashed p-1 hidden"
|
||||
></div>
|
||||
<button
|
||||
id="btn-show-pk-reveal"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
|
||||
>
|
||||
🔒💰 Display Private Key
|
||||
</button>
|
||||
</div>
|
||||
|
||||
<!-- revealed key section -->
|
||||
<div id="show-pk-key-well" class="hidden">
|
||||
<div
|
||||
class="bg-well p-3 mx-1 mb-3 break-all font-mono text-xs select-all"
|
||||
>
|
||||
<span id="show-pk-key-value"></span>
|
||||
</div>
|
||||
<div class="flex gap-2">
|
||||
<button
|
||||
id="btn-show-pk-copy"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
|
||||
>
|
||||
Copy
|
||||
</button>
|
||||
<button
|
||||
id="btn-show-pk-done"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
|
||||
>
|
||||
Done
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ============ ADDRESS-TOKEN DETAIL VIEW ============ -->
|
||||
<div id="view-address-token" class="view hidden">
|
||||
<button
|
||||
@@ -1079,18 +999,18 @@
|
||||
class="text-xs"
|
||||
></div>
|
||||
</div>
|
||||
<div id="tx-detail-rawdata-section" class="hidden">
|
||||
<div class="text-xs text-muted mb-1">Raw data</div>
|
||||
<div
|
||||
id="tx-detail-rawdata"
|
||||
class="text-xs break-all font-mono border border-border border-dashed p-2"
|
||||
></div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="mb-4">
|
||||
<div class="text-xs text-muted mb-1">Transaction hash</div>
|
||||
<div id="tx-detail-hash" class="text-xs break-all"></div>
|
||||
</div>
|
||||
<div id="tx-detail-rawdata-section" class="mb-4 hidden">
|
||||
<div class="text-xs text-muted mb-1">Raw data</div>
|
||||
<div
|
||||
id="tx-detail-rawdata"
|
||||
class="text-xs break-all font-mono border border-border border-dashed p-2"
|
||||
></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ============ TRANSACTION APPROVAL ============ -->
|
||||
|
||||
@@ -19,7 +19,6 @@ const txStatus = require("./views/txStatus");
|
||||
const transactionDetail = require("./views/transactionDetail");
|
||||
const receive = require("./views/receive");
|
||||
const addToken = require("./views/addToken");
|
||||
const showPrivateKey = require("./views/showPrivateKey");
|
||||
const settings = require("./views/settings");
|
||||
const settingsAddToken = require("./views/settingsAddToken");
|
||||
const approval = require("./views/approval");
|
||||
@@ -57,7 +56,6 @@ const ctx = {
|
||||
showAddWalletView: () => addWallet.show(),
|
||||
showImportKeyView: () => importKey.show(),
|
||||
showAddressDetail: () => addressDetail.show(),
|
||||
showPrivateKey: () => showPrivateKey.show(),
|
||||
showAddressToken: () => addressToken.show(),
|
||||
showAddTokenView: () => addToken.show(),
|
||||
showConfirmTx: (txInfo) => confirmTx.show(txInfo),
|
||||
@@ -214,7 +212,6 @@ async function init() {
|
||||
importKey.init(ctx);
|
||||
home.init(ctx);
|
||||
addressDetail.init(ctx);
|
||||
showPrivateKey.init(ctx);
|
||||
addressToken.init(ctx);
|
||||
send.init(ctx);
|
||||
confirmTx.init(ctx);
|
||||
|
||||
@@ -186,10 +186,14 @@ function renderTransactions(txs) {
|
||||
let html = "";
|
||||
let i = 0;
|
||||
for (const tx of txs) {
|
||||
// For swap transactions, show the user's own labelled wallet
|
||||
// address instead of the contract address (see issue #55).
|
||||
const counterparty =
|
||||
tx.direction === "sent" || tx.direction === "contract"
|
||||
? tx.to
|
||||
: tx.from;
|
||||
tx.direction === "contract" && tx.directionLabel === "Swap"
|
||||
? tx.from
|
||||
: tx.direction === "sent" || tx.direction === "contract"
|
||||
? tx.to
|
||||
: tx.from;
|
||||
const ensName = ensNameMap.get(counterparty) || null;
|
||||
const title = addressTitle(counterparty, state.wallets);
|
||||
const dirLabel = tx.directionLabel;
|
||||
@@ -261,10 +265,6 @@ function init(_ctx) {
|
||||
});
|
||||
|
||||
$("btn-add-token").addEventListener("click", ctx.showAddTokenView);
|
||||
|
||||
$("btn-show-private-key").addEventListener("click", () => {
|
||||
ctx.showPrivateKey();
|
||||
});
|
||||
}
|
||||
|
||||
module.exports = { init, show };
|
||||
|
||||
@@ -87,6 +87,7 @@ function show() {
|
||||
|
||||
// Determine token symbol and balance
|
||||
let symbol, amount, price;
|
||||
const knownToken = TOKEN_BY_ADDRESS.get(tokenId.toLowerCase());
|
||||
if (tokenId === "ETH") {
|
||||
symbol = "ETH";
|
||||
amount = parseFloat(addr.balance || "0");
|
||||
@@ -95,7 +96,14 @@ function show() {
|
||||
const tb = (addr.tokenBalances || []).find(
|
||||
(t) => t.address.toLowerCase() === tokenId.toLowerCase(),
|
||||
);
|
||||
symbol = tb ? tb.symbol : "?";
|
||||
const tracked = (state.trackedTokens || []).find(
|
||||
(t) => t.address.toLowerCase() === tokenId.toLowerCase(),
|
||||
);
|
||||
symbol =
|
||||
(tb && tb.symbol) ||
|
||||
(tracked && tracked.symbol) ||
|
||||
(knownToken && knownToken.symbol) ||
|
||||
"?";
|
||||
amount = tb ? parseFloat(tb.balance || "0") : 0;
|
||||
price = getPrice(symbol);
|
||||
}
|
||||
@@ -138,13 +146,32 @@ function show() {
|
||||
const tb = (addr.tokenBalances || []).find(
|
||||
(t) => t.address.toLowerCase() === tokenId.toLowerCase(),
|
||||
);
|
||||
const tokenName = tb && tb.name ? escapeHtml(tb.name) : null;
|
||||
const tokenSymbol = tb && tb.symbol ? escapeHtml(tb.symbol) : null;
|
||||
const tokenDecimals = tb && tb.decimals != null ? tb.decimals : null;
|
||||
const tracked = (state.trackedTokens || []).find(
|
||||
(t) => t.address.toLowerCase() === tokenId.toLowerCase(),
|
||||
);
|
||||
const rawName =
|
||||
(tb && tb.name) ||
|
||||
(tracked && tracked.name) ||
|
||||
(knownToken && knownToken.name) ||
|
||||
null;
|
||||
const rawSymbol =
|
||||
(tb && tb.symbol) ||
|
||||
(tracked && tracked.symbol) ||
|
||||
(knownToken && knownToken.symbol) ||
|
||||
null;
|
||||
const tokenName = rawName ? escapeHtml(rawName) : null;
|
||||
const tokenSymbol = rawSymbol ? escapeHtml(rawSymbol) : null;
|
||||
const tokenDecimals =
|
||||
tb && tb.decimals != null
|
||||
? tb.decimals
|
||||
: tracked && tracked.decimals != null
|
||||
? tracked.decimals
|
||||
: knownToken && knownToken.decimals != null
|
||||
? knownToken.decimals
|
||||
: null;
|
||||
const tokenHolders = tb && tb.holders != null ? tb.holders : null;
|
||||
const dot = addressDotHtml(tokenId);
|
||||
const tokenLink = `https://etherscan.io/token/${escapeHtml(tokenId)}`;
|
||||
const knownToken = TOKEN_BY_ADDRESS.get(tokenId.toLowerCase());
|
||||
const projectUrl = knownToken && knownToken.url ? knownToken.url : null;
|
||||
let infoHtml = `<div class="font-bold mb-2">Contract Address</div>`;
|
||||
infoHtml +=
|
||||
|
||||
@@ -78,10 +78,12 @@ function decodeCalldata(data, toAddress) {
|
||||
"0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
|
||||
);
|
||||
const isUnlimited = rawAmount === maxUint;
|
||||
const amountRaw = isUnlimited
|
||||
? "Unlimited"
|
||||
: formatTxValue(formatUnits(rawAmount, tokenDecimals));
|
||||
const amountStr = isUnlimited
|
||||
? "Unlimited"
|
||||
: formatTxValue(formatUnits(rawAmount, tokenDecimals)) +
|
||||
(tokenSymbol ? " " + tokenSymbol : "");
|
||||
: amountRaw + (tokenSymbol ? " " + tokenSymbol : "");
|
||||
|
||||
return {
|
||||
name: "Token Approval",
|
||||
@@ -100,7 +102,11 @@ function decodeCalldata(data, toAddress) {
|
||||
value: spender,
|
||||
address: spender,
|
||||
},
|
||||
{ label: "Amount", value: amountStr },
|
||||
{
|
||||
label: "Amount",
|
||||
value: amountStr,
|
||||
rawValue: amountRaw,
|
||||
},
|
||||
],
|
||||
};
|
||||
}
|
||||
@@ -108,9 +114,11 @@ function decodeCalldata(data, toAddress) {
|
||||
if (parsed.name === "transfer") {
|
||||
const to = parsed.args[0];
|
||||
const rawAmount = parsed.args[1];
|
||||
const amountRaw = formatTxValue(
|
||||
formatUnits(rawAmount, tokenDecimals),
|
||||
);
|
||||
const amountStr =
|
||||
formatTxValue(formatUnits(rawAmount, tokenDecimals)) +
|
||||
(tokenSymbol ? " " + tokenSymbol : "");
|
||||
amountRaw + (tokenSymbol ? " " + tokenSymbol : "");
|
||||
|
||||
return {
|
||||
name: "Token Transfer",
|
||||
@@ -125,7 +133,11 @@ function decodeCalldata(data, toAddress) {
|
||||
isToken: true,
|
||||
},
|
||||
{ label: "Recipient", value: to, address: to },
|
||||
{ label: "Amount", value: amountStr },
|
||||
{
|
||||
label: "Amount",
|
||||
value: amountStr,
|
||||
rawValue: amountRaw,
|
||||
},
|
||||
],
|
||||
};
|
||||
}
|
||||
@@ -155,20 +167,31 @@ function showTxApproval(details) {
|
||||
tokenSymbol: token ? token.symbol : null,
|
||||
};
|
||||
|
||||
// If this is an ERC-20 call, try to extract the real recipient and amount
|
||||
// If this is an ERC-20 call or a swap, extract the real recipient, amount, and token info
|
||||
const decoded = decodeCalldata(details.txParams.data, toAddr || "");
|
||||
if (decoded && decoded.details) {
|
||||
let decodedTokenSymbol = null;
|
||||
let decodedTokenAddress = null;
|
||||
for (const d of decoded.details) {
|
||||
if (d.label === "Recipient" && d.address) {
|
||||
pendingTxDetails.to = d.address;
|
||||
}
|
||||
if (d.label === "Amount") {
|
||||
pendingTxDetails.amount = d.value;
|
||||
pendingTxDetails.amount = d.rawValue || d.value;
|
||||
}
|
||||
if (d.label === "Token In" && !decodedTokenSymbol) {
|
||||
// Extract token symbol and address from decoded details
|
||||
decodedTokenSymbol = d.value;
|
||||
if (d.address) decodedTokenAddress = d.address;
|
||||
}
|
||||
}
|
||||
if (token) {
|
||||
pendingTxDetails.token = toAddr;
|
||||
pendingTxDetails.tokenSymbol = token.symbol;
|
||||
} else if (decodedTokenAddress) {
|
||||
// For swaps through routers: use the input token info
|
||||
pendingTxDetails.token = decodedTokenAddress;
|
||||
pendingTxDetails.tokenSymbol = decodedTokenSymbol;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -16,7 +16,6 @@ const VIEWS = [
|
||||
"import-key",
|
||||
"main",
|
||||
"address",
|
||||
"show-private-key",
|
||||
"address-token",
|
||||
"send",
|
||||
"confirm-tx",
|
||||
|
||||
@@ -103,10 +103,15 @@ function renderHomeTxList(ctx) {
|
||||
let html = "";
|
||||
let i = 0;
|
||||
for (const tx of homeTxs) {
|
||||
// For swap transactions, show the user's own labelled wallet
|
||||
// address (the one that initiated the swap) instead of the
|
||||
// contract address which is not useful in the list view.
|
||||
const counterparty =
|
||||
tx.direction === "sent" || tx.direction === "contract"
|
||||
? tx.to
|
||||
: tx.from;
|
||||
tx.direction === "contract" && tx.directionLabel === "Swap"
|
||||
? tx.from
|
||||
: tx.direction === "sent" || tx.direction === "contract"
|
||||
? tx.to
|
||||
: tx.from;
|
||||
const dirLabel = tx.directionLabel;
|
||||
const amountStr = tx.value
|
||||
? escapeHtml(tx.value + " " + tx.symbol)
|
||||
|
||||
@@ -10,7 +10,7 @@ const {
|
||||
const { state, currentAddress } = require("../../shared/state");
|
||||
let ctx;
|
||||
const { getProvider } = require("../../shared/balances");
|
||||
const { KNOWN_SYMBOLS } = require("../../shared/tokenList");
|
||||
const { KNOWN_SYMBOLS, TOKEN_BY_ADDRESS } = require("../../shared/tokenList");
|
||||
|
||||
const EXT_ICON =
|
||||
`<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
|
||||
@@ -73,7 +73,15 @@ function updateSendBalance() {
|
||||
const tb = (addr.tokenBalances || []).find(
|
||||
(t) => t.address.toLowerCase() === token.toLowerCase(),
|
||||
);
|
||||
const symbol = tb ? tb.symbol : "?";
|
||||
const knownToken = TOKEN_BY_ADDRESS.get(token.toLowerCase());
|
||||
const tracked = (state.trackedTokens || []).find(
|
||||
(t) => t.address.toLowerCase() === token.toLowerCase(),
|
||||
);
|
||||
const symbol =
|
||||
(tb && tb.symbol) ||
|
||||
(tracked && tracked.symbol) ||
|
||||
(knownToken && knownToken.symbol) ||
|
||||
"?";
|
||||
const bal = tb ? tb.balance || "0" : "0";
|
||||
$("send-balance").textContent =
|
||||
"Current balance: " + bal + " " + symbol;
|
||||
@@ -124,7 +132,15 @@ function init(_ctx) {
|
||||
const tb = (addr.tokenBalances || []).find(
|
||||
(t) => t.address.toLowerCase() === token.toLowerCase(),
|
||||
);
|
||||
tokenSymbol = tb ? tb.symbol : "?";
|
||||
const knownTk = TOKEN_BY_ADDRESS.get(token.toLowerCase());
|
||||
const trackedTk = (state.trackedTokens || []).find(
|
||||
(t) => t.address.toLowerCase() === token.toLowerCase(),
|
||||
);
|
||||
tokenSymbol =
|
||||
(tb && tb.symbol) ||
|
||||
(trackedTk && trackedTk.symbol) ||
|
||||
(knownTk && knownTk.symbol) ||
|
||||
"?";
|
||||
tokenBalance = tb ? tb.balance || "0" : "0";
|
||||
}
|
||||
|
||||
|
||||
@@ -1,79 +0,0 @@
|
||||
const { $, showView, showFlash, showError, hideError } = require("./helpers");
|
||||
const { state } = require("../../shared/state");
|
||||
const { decryptWithPassword } = require("../../shared/vault");
|
||||
const { getPrivateKeyForAddress } = require("../../shared/wallet");
|
||||
|
||||
let ctx;
|
||||
let revealed = false;
|
||||
|
||||
function show() {
|
||||
revealed = false;
|
||||
$("show-pk-password").value = "";
|
||||
$("show-pk-key-well").classList.add("hidden");
|
||||
$("show-pk-key-value").textContent = "";
|
||||
$("show-pk-prompt").classList.remove("hidden");
|
||||
hideError("show-pk-error");
|
||||
showView("show-private-key");
|
||||
}
|
||||
|
||||
function init(_ctx) {
|
||||
ctx = _ctx;
|
||||
|
||||
$("btn-show-pk-back").addEventListener("click", () => {
|
||||
clearKey();
|
||||
ctx.showAddressDetail();
|
||||
});
|
||||
|
||||
$("btn-show-pk-reveal").addEventListener("click", async () => {
|
||||
const pw = $("show-pk-password").value;
|
||||
if (!pw) {
|
||||
showError("show-pk-error", "Please enter your password.");
|
||||
return;
|
||||
}
|
||||
|
||||
const wallet = state.wallets[state.selectedWallet];
|
||||
let decryptedSecret;
|
||||
try {
|
||||
decryptedSecret = await decryptWithPassword(
|
||||
wallet.encryptedSecret,
|
||||
pw,
|
||||
);
|
||||
} catch (_e) {
|
||||
showError("show-pk-error", "Wrong password.");
|
||||
return;
|
||||
}
|
||||
|
||||
const privateKey = getPrivateKeyForAddress(
|
||||
wallet,
|
||||
state.selectedAddress,
|
||||
decryptedSecret,
|
||||
);
|
||||
|
||||
revealed = true;
|
||||
$("show-pk-prompt").classList.add("hidden");
|
||||
$("show-pk-key-well").classList.remove("hidden");
|
||||
$("show-pk-key-value").textContent = privateKey;
|
||||
hideError("show-pk-error");
|
||||
});
|
||||
|
||||
$("btn-show-pk-copy").addEventListener("click", () => {
|
||||
const key = $("show-pk-key-value").textContent;
|
||||
if (key) {
|
||||
navigator.clipboard.writeText(key);
|
||||
showFlash("Copied!");
|
||||
}
|
||||
});
|
||||
|
||||
$("btn-show-pk-done").addEventListener("click", () => {
|
||||
clearKey();
|
||||
ctx.showAddressDetail();
|
||||
});
|
||||
}
|
||||
|
||||
function clearKey() {
|
||||
revealed = false;
|
||||
$("show-pk-key-value").textContent = "";
|
||||
$("show-pk-password").value = "";
|
||||
}
|
||||
|
||||
module.exports = { init, show };
|
||||
@@ -37,11 +37,19 @@ function blockieHtml(address) {
|
||||
return `<img src="${src}" width="48" height="48" style="image-rendering:pixelated;border-radius:50%;display:inline-block">`;
|
||||
}
|
||||
|
||||
function etherscanLinkHtml(url) {
|
||||
return (
|
||||
`<a href="${url}" target="_blank" rel="noopener" ` +
|
||||
`class="inline-flex items-center"` +
|
||||
`>${EXT_ICON}</a>`
|
||||
);
|
||||
}
|
||||
|
||||
function txAddressHtml(address, ensName, title) {
|
||||
const blockie = blockieHtml(address);
|
||||
const dot = addressDotHtml(address);
|
||||
const link = `https://etherscan.io/address/${address}`;
|
||||
const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
|
||||
const extLink = etherscanLinkHtml(link);
|
||||
let html = `<div class="mb-1">${blockie}</div>`;
|
||||
if (title) {
|
||||
html += `<div class="font-bold">${escapeHtml(title)}</div>`;
|
||||
@@ -50,10 +58,10 @@ function txAddressHtml(address, ensName, title) {
|
||||
html +=
|
||||
`<div class="flex items-center">${dot}` +
|
||||
copyableHtml(ensName, "") +
|
||||
extLink +
|
||||
`</div>` +
|
||||
`<div class="break-all">` +
|
||||
`<div class="flex items-center">${dot}` +
|
||||
copyableHtml(address, "break-all") +
|
||||
extLink +
|
||||
`</div>`;
|
||||
} else {
|
||||
html +=
|
||||
@@ -67,7 +75,7 @@ function txAddressHtml(address, ensName, title) {
|
||||
|
||||
function txHashHtml(hash) {
|
||||
const link = `https://etherscan.io/tx/${hash}`;
|
||||
const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
|
||||
const extLink = etherscanLinkHtml(link);
|
||||
return copyableHtml(hash, "break-all") + extLink;
|
||||
}
|
||||
|
||||
@@ -93,9 +101,6 @@ function show(tx) {
|
||||
},
|
||||
};
|
||||
render();
|
||||
if (tx.isContractCall || tx.direction === "contract") {
|
||||
loadCalldata(tx.hash, tx.to);
|
||||
}
|
||||
}
|
||||
|
||||
function render() {
|
||||
@@ -144,9 +149,15 @@ function render() {
|
||||
if (headingEl) headingEl.textContent = "Transaction";
|
||||
}
|
||||
|
||||
// Hide calldata section by default; loadCalldata will show it if needed
|
||||
// Hide calldata and raw data sections; re-fetch if this is a contract call
|
||||
const calldataSection = $("tx-detail-calldata-section");
|
||||
if (calldataSection) calldataSection.classList.add("hidden");
|
||||
const rawDataSection = $("tx-detail-rawdata-section");
|
||||
if (rawDataSection) rawDataSection.classList.add("hidden");
|
||||
|
||||
if (tx.isContractCall || tx.direction === "contract") {
|
||||
loadCalldata(tx.hash, tx.to);
|
||||
}
|
||||
|
||||
$("tx-detail-time").textContent =
|
||||
isoDate(tx.timestamp) + " (" + timeAgo(tx.timestamp) + ")";
|
||||
@@ -193,9 +204,20 @@ async function loadCalldata(txHash, toAddress) {
|
||||
for (const d of decoded.details || []) {
|
||||
detailsHtml += `<div class="mb-2">`;
|
||||
detailsHtml += `<div class="text-muted">${escapeHtml(d.label)}</div>`;
|
||||
if (d.address) {
|
||||
if (d.address && d.isToken) {
|
||||
// Token entry: show symbol on its own line, then dot + address + Etherscan link
|
||||
const dot = addressDotHtml(d.address);
|
||||
detailsHtml += `<div>${dot}${copyableHtml(d.value, "break-all")}</div>`;
|
||||
const tokenSymbol = d.value.match(/^(\S+)\s*\(/)?.[1];
|
||||
if (tokenSymbol) {
|
||||
detailsHtml += `<div class="font-bold">${escapeHtml(tokenSymbol)}</div>`;
|
||||
}
|
||||
const etherscanUrl = `https://etherscan.io/token/${d.address}`;
|
||||
detailsHtml += `<div class="flex items-center">${dot}${copyableHtml(d.address, "break-all")}${etherscanLinkHtml(etherscanUrl)}</div>`;
|
||||
} else if (d.address) {
|
||||
// Protocol/contract entry: show name + Etherscan link
|
||||
const dot = addressDotHtml(d.address);
|
||||
const etherscanUrl = `https://etherscan.io/address/${d.address}`;
|
||||
detailsHtml += `<div class="flex items-center">${dot}${copyableHtml(d.value, "break-all")}${etherscanLinkHtml(etherscanUrl)}</div>`;
|
||||
} else {
|
||||
detailsHtml += `<div class="font-bold">${escapeHtml(d.value)}</div>`;
|
||||
}
|
||||
@@ -219,13 +241,16 @@ async function loadCalldata(txHash, toAddress) {
|
||||
|
||||
section.classList.remove("hidden");
|
||||
|
||||
// Bind copy handlers for new elements
|
||||
section.querySelectorAll("[data-copy]").forEach((el) => {
|
||||
el.onclick = () => {
|
||||
navigator.clipboard.writeText(el.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
};
|
||||
});
|
||||
// Bind copy handlers for new elements (including raw data now outside section)
|
||||
const copyTargets = [section, rawSection].filter(Boolean);
|
||||
for (const container of copyTargets) {
|
||||
container.querySelectorAll("[data-copy]").forEach((el) => {
|
||||
el.onclick = () => {
|
||||
navigator.clipboard.writeText(el.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
};
|
||||
});
|
||||
}
|
||||
} catch (e) {
|
||||
log.errorf("loadCalldata failed:", e.message);
|
||||
}
|
||||
|
||||
@@ -85,6 +85,7 @@ async function fetchTokenBalances(address, blockscoutUrl, trackedTokens) {
|
||||
|
||||
balances.push({
|
||||
address: item.token.address_hash,
|
||||
name: item.token.name || "",
|
||||
symbol: item.token.symbol || "???",
|
||||
decimals: decimals,
|
||||
balance: bal,
|
||||
|
||||
@@ -161,6 +161,157 @@ function decodeWrapEth(input) {
|
||||
}
|
||||
}
|
||||
|
||||
// V4 inner action IDs
|
||||
const V4_SWAP_EXACT_IN_SINGLE = 0x06;
|
||||
const V4_SWAP_EXACT_IN = 0x07;
|
||||
const V4_SWAP_EXACT_OUT_SINGLE = 0x08;
|
||||
const V4_SWAP_EXACT_OUT = 0x09;
|
||||
const V4_SETTLE = 0x0b;
|
||||
const V4_TAKE = 0x0e;
|
||||
|
||||
// Decode V4_SWAP (command 0x10) input bytes.
|
||||
// The input is ABI-encoded as (bytes actions, bytes[] params).
|
||||
// We extract token addresses from SETTLE (input) and TAKE (output) sub-actions,
|
||||
// and swap amounts from the swap sub-actions.
|
||||
function decodeV4Swap(input) {
|
||||
try {
|
||||
const d = coder.decode(["bytes", "bytes[]"], input);
|
||||
const actions = getBytes(d[0]);
|
||||
const params = d[1];
|
||||
|
||||
let settleToken = null;
|
||||
let takeToken = null;
|
||||
let amountIn = null;
|
||||
let amountOutMin = null;
|
||||
|
||||
for (let i = 0; i < actions.length; i++) {
|
||||
const actionId = actions[i];
|
||||
try {
|
||||
if (actionId === V4_SETTLE) {
|
||||
// SETTLE: (address currency, uint256 maxAmount, bool payerIsUser)
|
||||
const s = coder.decode(
|
||||
["address", "uint256", "bool"],
|
||||
params[i],
|
||||
);
|
||||
settleToken = s[0];
|
||||
} else if (actionId === V4_TAKE) {
|
||||
// TAKE: (address currency, address recipient, uint256 amount)
|
||||
const t = coder.decode(
|
||||
["address", "address", "uint256"],
|
||||
params[i],
|
||||
);
|
||||
takeToken = t[0];
|
||||
} else if (
|
||||
actionId === V4_SWAP_EXACT_IN ||
|
||||
actionId === V4_SWAP_EXACT_IN_SINGLE
|
||||
) {
|
||||
// Extract amounts from exact-in swap actions
|
||||
if (actionId === V4_SWAP_EXACT_IN) {
|
||||
// ExactInputParams: (address currencyIn,
|
||||
// tuple(address,uint24,int24,address,bytes)[] path,
|
||||
// uint128 amountIn, uint128 amountOutMin)
|
||||
try {
|
||||
const s = coder.decode(
|
||||
[
|
||||
"tuple(address,tuple(address,uint24,int24,address,bytes)[],uint128,uint128)",
|
||||
],
|
||||
params[i],
|
||||
);
|
||||
if (!settleToken) settleToken = s[0][0];
|
||||
const path = s[0][1];
|
||||
if (path.length > 0 && !takeToken) {
|
||||
takeToken = path[path.length - 1][0];
|
||||
}
|
||||
if (!amountIn) amountIn = s[0][2];
|
||||
if (!amountOutMin) amountOutMin = s[0][3];
|
||||
} catch {
|
||||
// Fall through — SETTLE/TAKE will provide tokens
|
||||
}
|
||||
} else {
|
||||
// ExactInputSingleParams: (tuple(address,address,uint24,int24,address) poolKey,
|
||||
// bool zeroForOne, uint128 amountIn, uint128 amountOutMin, bytes hookData)
|
||||
try {
|
||||
const s = coder.decode(
|
||||
[
|
||||
"tuple(tuple(address,address,uint24,int24,address),bool,uint128,uint128,bytes)",
|
||||
],
|
||||
params[i],
|
||||
);
|
||||
const poolKey = s[0][0];
|
||||
const zeroForOne = s[0][1];
|
||||
if (!settleToken)
|
||||
settleToken = zeroForOne
|
||||
? poolKey[0]
|
||||
: poolKey[1];
|
||||
if (!takeToken)
|
||||
takeToken = zeroForOne
|
||||
? poolKey[1]
|
||||
: poolKey[0];
|
||||
if (!amountIn) amountIn = s[0][2];
|
||||
if (!amountOutMin) amountOutMin = s[0][3];
|
||||
} catch {
|
||||
// Fall through
|
||||
}
|
||||
}
|
||||
} else if (
|
||||
actionId === V4_SWAP_EXACT_OUT ||
|
||||
actionId === V4_SWAP_EXACT_OUT_SINGLE
|
||||
) {
|
||||
if (actionId === V4_SWAP_EXACT_OUT) {
|
||||
try {
|
||||
const s = coder.decode(
|
||||
[
|
||||
"tuple(address,tuple(address,uint24,int24,address,bytes)[],uint128,uint128)",
|
||||
],
|
||||
params[i],
|
||||
);
|
||||
if (!takeToken) takeToken = s[0][0];
|
||||
const path = s[0][1];
|
||||
if (path.length > 0 && !settleToken) {
|
||||
settleToken = path[path.length - 1][0];
|
||||
}
|
||||
} catch {
|
||||
// Fall through
|
||||
}
|
||||
} else {
|
||||
try {
|
||||
const s = coder.decode(
|
||||
[
|
||||
"tuple(tuple(address,address,uint24,int24,address),bool,uint128,uint128,bytes)",
|
||||
],
|
||||
params[i],
|
||||
);
|
||||
const poolKey = s[0][0];
|
||||
const zeroForOne = s[0][1];
|
||||
if (!settleToken)
|
||||
settleToken = zeroForOne
|
||||
? poolKey[0]
|
||||
: poolKey[1];
|
||||
if (!takeToken)
|
||||
takeToken = zeroForOne
|
||||
? poolKey[1]
|
||||
: poolKey[0];
|
||||
} catch {
|
||||
// Fall through
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch {
|
||||
// Skip sub-actions we can't decode
|
||||
}
|
||||
}
|
||||
|
||||
return {
|
||||
tokenIn: settleToken,
|
||||
tokenOut: takeToken,
|
||||
amountIn,
|
||||
amountOutMin,
|
||||
};
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
// Try to decode a Universal Router execute() call.
|
||||
// Returns { name, description, details } matching the format used by
|
||||
// the approval UI, or null if the calldata is not a recognised execute().
|
||||
@@ -233,6 +384,19 @@ function decode(data, toAddress) {
|
||||
}
|
||||
}
|
||||
|
||||
if (cmdId === 0x10) {
|
||||
const v4 = decodeV4Swap(inputs[i]);
|
||||
if (v4) {
|
||||
if (!inputToken && v4.tokenIn) inputToken = v4.tokenIn;
|
||||
if (!outputToken && v4.tokenOut)
|
||||
outputToken = v4.tokenOut;
|
||||
if (!inputAmount && v4.amountIn)
|
||||
inputAmount = v4.amountIn;
|
||||
if (!minOutput && v4.amountOutMin)
|
||||
minOutput = v4.amountOutMin;
|
||||
}
|
||||
}
|
||||
|
||||
if (cmdId === 0x0c) {
|
||||
hasUnwrapWeth = true;
|
||||
}
|
||||
@@ -281,12 +445,19 @@ function decode(data, toAddress) {
|
||||
const maxUint160 = BigInt(
|
||||
"0xffffffffffffffffffffffffffffffffffffffff",
|
||||
);
|
||||
const rawAmount =
|
||||
inputAmount >= maxUint160
|
||||
? "Unlimited"
|
||||
: formatAmount(inputAmount, inInfo.decimals);
|
||||
const amountStr =
|
||||
inputAmount >= maxUint160
|
||||
? "Unlimited"
|
||||
: formatAmount(inputAmount, inInfo.decimals) +
|
||||
(inSymbol ? " " + inSymbol : "");
|
||||
details.push({ label: "Amount", value: amountStr });
|
||||
: rawAmount + (inSymbol ? " " + inSymbol : "");
|
||||
details.push({
|
||||
label: "Amount",
|
||||
value: amountStr,
|
||||
rawValue: rawAmount,
|
||||
});
|
||||
}
|
||||
|
||||
if (outSymbol) {
|
||||
|
||||
@@ -41,18 +41,6 @@ function getSignerForAddress(walletData, addrIndex, decryptedSecret) {
|
||||
return new Wallet(decryptedSecret);
|
||||
}
|
||||
|
||||
function getPrivateKeyForAddress(walletData, addrIndex, decryptedSecret) {
|
||||
if (walletData.type === "hd") {
|
||||
const node = HDNodeWallet.fromPhrase(
|
||||
decryptedSecret,
|
||||
"",
|
||||
BIP44_ETH_PATH,
|
||||
);
|
||||
return node.deriveChild(addrIndex).privateKey;
|
||||
}
|
||||
return decryptedSecret;
|
||||
}
|
||||
|
||||
function isValidMnemonic(mnemonic) {
|
||||
return Mnemonic.isValidMnemonic(mnemonic);
|
||||
}
|
||||
@@ -63,6 +51,5 @@ module.exports = {
|
||||
hdWalletFromMnemonic,
|
||||
addressFromPrivateKey,
|
||||
getSignerForAddress,
|
||||
getPrivateKeyForAddress,
|
||||
isValidMnemonic,
|
||||
};
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
const { AbiCoder, Interface, solidityPacked } = require("ethers");
|
||||
const { AbiCoder, Interface, solidityPacked, getBytes } = require("ethers");
|
||||
const uniswap = require("../src/shared/uniswap");
|
||||
|
||||
const ROUTER_ADDR = "0x66a9893cc07d91d95644aedd05d03f95e1dba8af";
|
||||
const USDT_ADDR = "0xdAC17F958D2ee523a2206206994597C13D831ec7";
|
||||
const WETH_ADDR = "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2";
|
||||
const USDC_ADDR = "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48";
|
||||
const USER_ADDR = "0x66133E8ea0f5D1d612D2502a968757D1048c214a";
|
||||
|
||||
// AutistMask's first-ever swap, 2026-02-27.
|
||||
@@ -256,6 +257,87 @@ describe("uniswap decoder", () => {
|
||||
expect(amount.value).toBe("5.0000 USDT");
|
||||
});
|
||||
|
||||
// This test validates the decodeV4Swap() fix: a V4 ERC20→ERC20 swap
|
||||
// (USDT→USDC) where the token addresses are ONLY discoverable inside
|
||||
// the V4_SWAP sub-actions (SETTLE/TAKE). Before decodeV4Swap() was added,
|
||||
// command 0x10 was opaque and this would decode as "Uniswap Swap" with
|
||||
// no token info (or "ETH → ETH"). Now it correctly shows "USDT → USDC".
|
||||
test("decodes V4_SWAP ERC20→ERC20 tokens via SETTLE/TAKE (regression: #59)", () => {
|
||||
// Build a V4_SWAP input with SETTLE(USDT) + SWAP_EXACT_IN_SINGLE + TAKE(USDC)
|
||||
const V4_SETTLE = 0x0b;
|
||||
const V4_SWAP_EXACT_IN_SINGLE = 0x06;
|
||||
const V4_TAKE = 0x0e;
|
||||
|
||||
// actions: SETTLE, SWAP_EXACT_IN_SINGLE, TAKE
|
||||
const actions = new Uint8Array([
|
||||
V4_SETTLE,
|
||||
V4_SWAP_EXACT_IN_SINGLE,
|
||||
V4_TAKE,
|
||||
]);
|
||||
|
||||
// SETTLE params: (address currency, uint256 maxAmount, bool payerIsUser)
|
||||
const settleParam = coder.encode(
|
||||
["address", "uint256", "bool"],
|
||||
[USDT_ADDR, 5000000n, true],
|
||||
);
|
||||
|
||||
// SWAP_EXACT_IN_SINGLE params:
|
||||
// (tuple(address,address,uint24,int24,address) poolKey, bool zeroForOne, uint128 amountIn, uint128 amountOutMin, bytes hookData)
|
||||
const swapParam = coder.encode(
|
||||
[
|
||||
"tuple(tuple(address,address,uint24,int24,address),bool,uint128,uint128,bytes)",
|
||||
],
|
||||
[
|
||||
[
|
||||
[
|
||||
USDT_ADDR,
|
||||
USDC_ADDR,
|
||||
100, // fee
|
||||
1, // tickSpacing
|
||||
"0x0000000000000000000000000000000000000000", // hooks
|
||||
],
|
||||
true, // zeroForOne
|
||||
5000000n, // amountIn (5 USDT)
|
||||
4900000n, // amountOutMin (4.9 USDC)
|
||||
"0x", // hookData
|
||||
],
|
||||
],
|
||||
);
|
||||
|
||||
// TAKE params: (address currency, address recipient, uint256 amount)
|
||||
const takeParam = coder.encode(
|
||||
["address", "address", "uint256"],
|
||||
[USDC_ADDR, USER_ADDR, 0n],
|
||||
);
|
||||
|
||||
// Encode the V4_SWAP input: (bytes actions, bytes[] params)
|
||||
const v4Input = coder.encode(
|
||||
["bytes", "bytes[]"],
|
||||
[actions, [settleParam, swapParam, takeParam]],
|
||||
);
|
||||
|
||||
// Build execute() with PERMIT2_PERMIT (0x0a) + V4_SWAP (0x10)
|
||||
// The permit provides the input token, but V4_SWAP must provide
|
||||
// the OUTPUT token — without decodeV4Swap, output would be unknown.
|
||||
const data = buildExecute(
|
||||
solidityPacked(["uint8", "uint8"], [0x0a, 0x10]),
|
||||
[encodePermit2(USDT_ADDR, 5000000n, ROUTER_ADDR), v4Input],
|
||||
9999999999n,
|
||||
);
|
||||
|
||||
const result = uniswap.decode(data, ROUTER_ADDR);
|
||||
expect(result).not.toBeNull();
|
||||
// Before decodeV4Swap fix: name would be "Swap USDT → ETH" or "Uniswap Swap"
|
||||
// After fix: correctly identifies both tokens from V4 sub-actions
|
||||
expect(result.name).toBe("Swap USDT \u2192 USDC");
|
||||
|
||||
const tokenIn = result.details.find((d) => d.label === "Token In");
|
||||
expect(tokenIn.value).toContain("USDT");
|
||||
|
||||
const steps = result.details.find((d) => d.label === "Steps");
|
||||
expect(steps.value).toContain("V4 Swap");
|
||||
});
|
||||
|
||||
test("handles unknown tokens gracefully", () => {
|
||||
const fakeToken = "0x1111111111111111111111111111111111111111";
|
||||
const data = buildExecute(
|
||||
|
||||
Reference in New Issue
Block a user