fix: replace confirm-tx password modal with inline field (closes #78)

Replace the modal overlay password dialog in the confirm-tx view with
an inline password field, matching the pattern used by approve-tx and
approve-sign views for consistency.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/popup/index.html

@@ -496,6 +496,11 @@
                         class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
                         placeholder="Address (0x...) or ENS name"
                     />
+                    <div
+                        id="send-to-error"
+                        class="text-xs"
+                        style="min-height: 1.25rem; color: #cc0000"
+                    ></div>
                 </div>
                 <div class="mb-2">
                     <div class="flex justify-between mb-1">
@@ -576,11 +581,23 @@
                     id="confirm-errors"
                     class="mb-2 border border-border border-dashed p-2 hidden"
                 ></div>
+                <div class="mb-2">
+                    <label class="block mb-1 text-xs">Password</label>
+                    <input
+                        type="password"
+                        id="confirm-tx-password"
+                        class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
+                    />
+                </div>
+                <div
+                    id="confirm-tx-password-error"
+                    class="text-xs mb-2 min-h-[1.25rem]"
+                ></div>
                 <button
                     id="btn-confirm-send"
                     class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
                 >
-                    Send
+                    Sign &amp; Send
                 </button>
             </div>
 
@@ -659,42 +676,6 @@
                 </button>
             </div>
 
-            <!-- ============ PASSWORD MODAL ============ -->
-            <div
-                id="password-modal"
-                class="hidden fixed inset-0 bg-bg flex items-center justify-center z-50"
-            >
-                <div class="border border-border p-4 bg-bg w-80">
-                    <h2 class="font-bold mb-2">Enter Password</h2>
-                    <p class="text-xs text-muted mb-2">
-                        Your password is needed to authorize this transaction.
-                    </p>
-                    <input
-                        type="password"
-                        id="modal-password"
-                        class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg mb-2"
-                    />
-                    <div
-                        id="modal-password-error"
-                        class="text-xs mb-2 border border-border border-dashed p-1 hidden"
-                    ></div>
-                    <div class="flex gap-2">
-                        <button
-                            id="btn-modal-confirm"
-                            class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
-                        >
-                            Confirm
-                        </button>
-                        <button
-                            id="btn-modal-cancel"
-                            class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
-                        >
-                            Cancel
-                        </button>
-                    </div>
-                </div>
-            </div>
-
             <!-- ============ RECEIVE ============ -->
             <div id="view-receive" class="view hidden">
                 <button
@@ -1134,7 +1115,10 @@
                         class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
                     />
                 </div>
-                <div id="approve-tx-error" class="text-xs hidden mb-2"></div>
+                <div
+                    id="approve-tx-error"
+                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem] hidden"
+                ></div>
                 <div class="flex justify-between">
                     <button
                         id="btn-approve-tx"
@@ -1197,7 +1181,10 @@
                         class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
                     />
                 </div>
-                <div id="approve-sign-error" class="text-xs hidden mb-2"></div>
+                <div
+                    id="approve-sign-error"
+                    class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem] hidden"
+                ></div>
                 <div class="flex justify-between">
                     <button
                         id="btn-approve-sign"

src/popup/index.js

@@ -74,8 +74,8 @@ const RESTORABLE_VIEWS = new Set([
     "receive",
     "settings",
     "settings-addtoken",
-    "transaction",
     "confirm-tx",
+    "transaction",
     "success-tx",
     "error-tx",
 ]);
@@ -128,16 +128,16 @@ function restoreView() {
         case "settings-addtoken":
             settingsAddToken.show();
             break;
-        case "transaction":
+        case "confirm-tx":
-            if (state.viewData && state.viewData.tx) {
+            if (state.viewData && state.viewData.pendingTx) {
-                transactionDetail.render();
+                confirmTx.restore();
             } else {
                 fallbackView();
             }
             break;
-        case "confirm-tx":
+        case "transaction":
-            if (state.viewData && state.viewData.pendingTx) {
+            if (state.viewData && state.viewData.tx) {
-                confirmTx.show(state.viewData.pendingTx);
+                transactionDetail.render();
             } else {
                 fallbackView();
             }

src/popup/views/addressDetail.js

@@ -15,7 +15,11 @@ const {
     filterTransactions,
 } = require("../../shared/transactions");
 const { resolveEnsNames } = require("../../shared/ens");
-const { updateSendBalance, renderSendTokenSelect } = require("./send");
+const {
+    updateSendBalance,
+    renderSendTokenSelect,
+    resetSendValidation,
+} = require("./send");
 const { log } = require("../../shared/log");
 const makeBlockie = require("ethereum-blockies-base64");
 const { decryptWithPassword } = require("../../shared/vault");
@@ -259,6 +263,7 @@ function init(_ctx) {
         $("send-token").classList.remove("hidden");
         $("send-token-static").classList.add("hidden");
         updateSendBalance();
+        resetSendValidation();
         showView("send");
     });
 
@@ -320,6 +325,9 @@ function init(_ctx) {
             $("export-privkey-flash").classList.remove("hidden");
             return;
         }
+        const btn = $("btn-export-privkey-confirm");
+        btn.disabled = true;
+        btn.classList.add("text-muted");
         const wallet = state.wallets[state.selectedWallet];
         try {
             const secret = await decryptWithPassword(
@@ -339,6 +347,9 @@ function init(_ctx) {
         } catch {
             $("export-privkey-flash").textContent = "Wrong password.";
             $("export-privkey-flash").classList.remove("hidden");
+        } finally {
+            btn.disabled = false;
+            btn.classList.remove("text-muted");
         }
     });
 

src/popup/views/addressToken.js

@@ -23,7 +23,11 @@ const {
     filterTransactions,
 } = require("../../shared/transactions");
 const { resolveEnsNames } = require("../../shared/ens");
-const { updateSendBalance, renderSendTokenSelect } = require("./send");
+const {
+    updateSendBalance,
+    renderSendTokenSelect,
+    resetSendValidation,
+} = require("./send");
 const { log } = require("../../shared/log");
 const makeBlockie = require("ethereum-blockies-base64");
 
@@ -372,6 +376,7 @@ function init(_ctx) {
             });
         }
         updateSendBalance();
+        resetSendValidation();
         showView("send");
     });
 

src/popup/views/approval.js

@@ -4,6 +4,8 @@ const {
     addressTitle,
     escapeHtml,
     showView,
+    showError,
+    hideError,
 } = require("./helpers");
 const { state, saveState } = require("../../shared/state");
 const { formatEther, formatUnits, Interface, toUtf8String } = require("ethers");
@@ -254,6 +256,9 @@ function showTxApproval(details) {
         $("approve-tx-data-section").classList.add("hidden");
     }
 
+    $("approve-tx-password").value = "";
+    $("approve-tx-error").classList.add("hidden");
+
     showView("approve-tx");
 }
 
@@ -342,7 +347,7 @@ function showSignApproval(details) {
     }
 
     $("approve-sign-password").value = "";
-    $("approve-sign-error").classList.add("hidden");
+    hideError("approve-sign-error");
     $("btn-approve-sign").disabled = false;
     $("btn-approve-sign").classList.remove("text-muted");
 
@@ -407,11 +412,10 @@ function init(ctx) {
     $("btn-approve-tx").addEventListener("click", () => {
         const password = $("approve-tx-password").value;
         if (!password) {
-            $("approve-tx-error").textContent = "Please enter your password.";
+            showError("approve-tx-error", "Please enter your password.");
-            $("approve-tx-error").classList.remove("hidden");
             return;
         }
-        $("approve-tx-error").classList.add("hidden");
+        hideError("approve-tx-error");
         $("btn-approve-tx").disabled = true;
         $("btn-approve-tx").classList.add("text-muted");
 
@@ -447,11 +451,10 @@ function init(ctx) {
     $("btn-approve-sign").addEventListener("click", () => {
         const password = $("approve-sign-password").value;
         if (!password) {
-            $("approve-sign-error").textContent = "Please enter your password.";
+            showError("approve-sign-error", "Please enter your password.");
-            $("approve-sign-error").classList.remove("hidden");
             return;
         }
-        $("approve-sign-error").classList.add("hidden");
+        hideError("approve-sign-error");
         $("btn-approve-sign").disabled = true;
         $("btn-approve-sign").classList.add("text-muted");
 
@@ -469,8 +472,7 @@ function init(ctx) {
                 } else {
                     const msg =
                         (response && response.error) || "Signing failed.";
-                    $("approve-sign-error").textContent = msg;
+                    showError("approve-sign-error", msg);
-                    $("approve-sign-error").classList.remove("hidden");
                     $("btn-approve-sign").disabled = false;
                     $("btn-approve-sign").classList.remove("text-muted");
                 }

src/popup/views/confirmTx.js

@@ -1,6 +1,6 @@
-// Transaction confirmation view + password modal.
+// Transaction confirmation view with inline password.
-// Shows transaction details, warnings, errors. On proceed, opens
+// Shows transaction details, warnings, errors. On Sign & Send,
-// password modal, decrypts secret, signs and broadcasts.
+// reads inline password, decrypts secret, signs and broadcasts.
 
 const {
     parseEther,
@@ -14,11 +14,12 @@ const {
     showError,
     hideError,
     showView,
+    showFlash,
     addressTitle,
     addressDotHtml,
     escapeHtml,
 } = require("./helpers");
-const { state, saveState } = require("../../shared/state");
+const { state } = require("../../shared/state");
 const { getSignerForAddress } = require("../../shared/wallet");
 const { decryptWithPassword } = require("../../shared/vault");
 const { formatUsd, getPrice } = require("../../shared/prices");
@@ -38,6 +39,13 @@ const EXT_ICON =
 
 let pendingTx = null;
 
+function restore() {
+    const d = state.viewData;
+    if (d && d.pendingTx) {
+        show(d.pendingTx);
+    }
+}
+
 function etherscanTokenLink(address) {
     return `https://etherscan.io/token/${address}`;
 }
@@ -95,11 +103,22 @@ function show(txInfo) {
     // Token contract section (ERC-20 only)
     const tokenSection = $("confirm-token-section");
     if (isErc20) {
+        const dot = addressDotHtml(txInfo.token);
         const link = etherscanTokenLink(txInfo.token);
         $("confirm-token-contract").innerHTML =
-            escapeHtml(txInfo.token) +
+            `<div class="flex items-center">${dot}` +
-            ` <a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
+            `<span class="break-all underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(txInfo.token)}">${escapeHtml(txInfo.token)}</span>` +
+            `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>` +
+            `</div>`;
         tokenSection.classList.remove("hidden");
+        // Attach click-to-copy on the contract address
+        const copyEl = tokenSection.querySelector("[data-copy]");
+        if (copyEl) {
+            copyEl.onclick = () => {
+                navigator.clipboard.writeText(copyEl.dataset.copy);
+                showFlash("Copied!");
+            };
+        }
     } else {
         tokenSection.classList.add("hidden");
     }
@@ -214,14 +233,15 @@ function show(txInfo) {
         sendBtn.classList.remove("text-muted");
     }
 
+    // Reset password field and error
+    $("confirm-tx-password").value = "";
+    hideError("confirm-tx-password-error");
+
     // Gas estimate — show placeholder then fetch async
     $("confirm-fee").classList.remove("hidden");
     $("confirm-fee-amount").textContent = "Estimating...";
-    showView("confirm-tx");
-
-    // Persist txInfo so the view survives popup close/reopen
     state.viewData = { pendingTx: txInfo };
-    saveState();
+    showView("confirm-tx");
 
     estimateGas(txInfo);
 }
@@ -266,39 +286,20 @@ async function estimateGas(txInfo) {
     }
 }
 
-function showPasswordModal() {
-    $("modal-password").value = "";
-    hideError("modal-password-error");
-    $("password-modal").classList.remove("hidden");
-}
-
-function hidePasswordModal() {
-    $("password-modal").classList.add("hidden");
-}
-
 function init(ctx) {
-    $("btn-confirm-send").addEventListener("click", () => {
+    $("btn-confirm-send").addEventListener("click", async () => {
-        showPasswordModal();
+        const password = $("confirm-tx-password").value;
-    });
-
-    $("btn-confirm-back").addEventListener("click", () => {
-        showView("send");
-    });
-
-    $("btn-modal-cancel").addEventListener("click", () => {
-        hidePasswordModal();
-    });
-
-    $("btn-modal-confirm").addEventListener("click", async () => {
-        const password = $("modal-password").value;
         if (!password) {
-            showError("modal-password-error", "Please enter your password.");
+            showError(
+                "confirm-tx-password-error",
+                "Please enter your password.",
+            );
             return;
         }
 
         const wallet = state.wallets[state.selectedWallet];
         let decryptedSecret;
-        hideError("modal-password-error");
+        hideError("confirm-tx-password-error");
 
         try {
             decryptedSecret = await decryptWithPassword(
@@ -306,11 +307,12 @@ function init(ctx) {
                 password,
             );
         } catch (e) {
-            showError("modal-password-error", "Wrong password.");
+            showError("confirm-tx-password-error", "Wrong password.");
             return;
         }
 
-        hidePasswordModal();
+        $("btn-confirm-send").disabled = true;
+        $("btn-confirm-send").classList.add("text-muted");
 
         let tx;
         try {
@@ -347,8 +349,15 @@ function init(ctx) {
             decryptedSecret = null;
             const hash = tx ? tx.hash : null;
             txStatus.showError(pendingTx, hash, e.shortMessage || e.message);
+        } finally {
+            $("btn-confirm-send").disabled = false;
+            $("btn-confirm-send").classList.remove("text-muted");
         }
     });
+
+    $("btn-confirm-back").addEventListener("click", () => {
+        showView("send");
+    });
 }
 
-module.exports = { init, show };
+module.exports = { init, show, restore };

src/popup/views/deleteWallet.js

@@ -40,6 +40,10 @@ function init(_ctx) {
             return;
         }
 
+        const btn = $("btn-delete-wallet-confirm");
+        btn.disabled = true;
+        btn.classList.add("text-muted");
+
         const walletIdx = deleteWalletIndex;
         const wallet = state.wallets[walletIdx];
 
@@ -49,6 +53,8 @@ function init(_ctx) {
         } catch (_e) {
             $("delete-wallet-flash").textContent = "Wrong password.";
             $("delete-wallet-flash").classList.remove("hidden");
+            btn.disabled = false;
+            btn.classList.remove("text-muted");
             return;
         }
 

src/popup/views/home.js

@@ -11,7 +11,11 @@ const {
     truncateMiddle,
 } = require("./helpers");
 const { state, saveState, currentAddress } = require("../../shared/state");
-const { updateSendBalance, renderSendTokenSelect } = require("./send");
+const {
+    updateSendBalance,
+    renderSendTokenSelect,
+    resetSendValidation,
+} = require("./send");
 const { deriveAddressFromXpub } = require("../../shared/wallet");
 const {
     formatUsd,
@@ -388,6 +392,7 @@ function init(ctx) {
         $("send-token-static").classList.add("hidden");
         renderSendTokenSelect(addr);
         updateSendBalance();
+        resetSendValidation();
         showView("send");
     });
 

src/popup/views/send.js

@@ -11,6 +11,107 @@ const { state, currentAddress } = require("../../shared/state");
 let ctx;
 const { getProvider } = require("../../shared/balances");
 const { KNOWN_SYMBOLS, resolveSymbol } = require("../../shared/tokenList");
+const { getAddress } = require("ethers");
+
+const ZERO_ADDRESS = "0x0000000000000000000000000000000000000000";
+
+/**
+ * Validate a destination address string.
+ * Returns { valid: true } or { valid: false, error: "..." }.
+ */
+function validateToAddress(value) {
+    const v = value.trim();
+    if (!v) return { valid: false, error: "" };
+
+    // ENS names: contains a dot and doesn't start with 0x
+    if (v.includes(".") && !v.startsWith("0x")) {
+        // Basic ENS format check: at least one label before and after dot
+        if (/^[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$/.test(v)) {
+            return { valid: true };
+        }
+        return {
+            valid: false,
+            error: "Please enter a valid ENS name.",
+        };
+    }
+
+    // Must look like an Ethereum address
+    if (!/^0x[0-9a-fA-F]{40}$/.test(v)) {
+        return {
+            valid: false,
+            error: "Please enter a valid Ethereum address.",
+        };
+    }
+
+    // Reject zero address
+    if (v.toLowerCase() === ZERO_ADDRESS) {
+        return {
+            valid: false,
+            error: "Sending to the zero address is not allowed.",
+        };
+    }
+
+    // EIP-55 checksum validation: all-lowercase is ok, otherwise must match checksum
+    if (v !== v.toLowerCase()) {
+        try {
+            const checksummed = getAddress(v);
+            if (checksummed !== v) {
+                return {
+                    valid: false,
+                    error: "Address checksum is invalid. Please double-check the address.",
+                };
+            }
+        } catch {
+            return {
+                valid: false,
+                error: "Address checksum is invalid. Please double-check the address.",
+            };
+        }
+    }
+
+    // Warn if sending to own address
+    const addr = currentAddress();
+    if (addr && v.toLowerCase() === addr.address.toLowerCase()) {
+        // Allow but will warn — we return valid with a warning
+        return {
+            valid: true,
+            warning: "This is your own address. Are you sure?",
+        };
+    }
+
+    return { valid: true };
+}
+
+function updateToValidation() {
+    const input = $("send-to");
+    const errorEl = $("send-to-error");
+    const btn = $("btn-send-review");
+    const value = input.value.trim();
+
+    if (!value) {
+        errorEl.textContent = "";
+        btn.disabled = true;
+        btn.classList.add("opacity-50");
+        return;
+    }
+
+    const result = validateToAddress(value);
+    if (!result.valid) {
+        errorEl.textContent = result.error;
+        errorEl.style.color = "#cc0000";
+        btn.disabled = true;
+        btn.classList.add("opacity-50");
+    } else if (result.warning) {
+        errorEl.textContent = result.warning;
+        errorEl.style.color = "#b8860b";
+        btn.disabled = false;
+        btn.classList.remove("opacity-50");
+    } else {
+        errorEl.textContent = "";
+        btn.disabled = false;
+        btn.classList.remove("opacity-50");
+    }
+}
 
 const EXT_ICON =
     `<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
@@ -88,6 +189,13 @@ function init(_ctx) {
     ctx = _ctx;
     $("send-token").addEventListener("change", updateSendBalance);
 
+    // Initial state: disable review button until address is entered
+    $("btn-send-review").disabled = true;
+    $("btn-send-review").classList.add("opacity-50");
+
+    // Validate address on input
+    $("send-to").addEventListener("input", updateToValidation);
+
     $("btn-send-review").addEventListener("click", async () => {
         const to = $("send-to").value.trim();
         const amount = $("send-amount").value.trim();
@@ -95,6 +203,15 @@ function init(_ctx) {
             showFlash("Please enter a recipient address.");
             return;
         }
+
+        // Re-validate before proceeding
+        const validation = validateToAddress(to);
+        if (!validation.valid) {
+            showFlash(
+                validation.error || "Please enter a valid Ethereum address.",
+            );
+            return;
+        }
         if (!amount || isNaN(parseFloat(amount)) || parseFloat(amount) <= 0) {
             showFlash("Please enter a valid amount.");
             return;
@@ -159,4 +276,19 @@ function init(_ctx) {
     });
 }
 
-module.exports = { init, updateSendBalance, renderSendTokenSelect };
+function resetSendValidation() {
+    const errorEl = $("send-to-error");
+    const btn = $("btn-send-review");
+    if (errorEl) errorEl.textContent = "";
+    if (btn) {
+        btn.disabled = true;
+        btn.classList.add("opacity-50");
+    }
+}
+
+module.exports = {
+    init,
+    updateSendBalance,
+    renderSendTokenSelect,
+    resetSendValidation,
+};