Compare commits
78 Commits
fix/issue-
...
01839d9c47
| Author | SHA1 | Date | |
|---|---|---|---|
|
01839d9c47 | ||
|
9eef2ea602 | ||
| a182aa534b | |||
| a388100262 | |||
| dd3cabf816 | |||
|
|
235e5e7fa7 | ||
|
|
be06bd8f0c | ||
|
|
a72359432b | ||
|
|
2bdb547995 | ||
| 834228b572 | |||
|
813993f17c | ||
| 5f01d9f111 | |||
|
|
d78af3ec80 | ||
| 753fb5658a | |||
| bdb2031d46 | |||
| 25ecaee128 | |||
|
|
ff4b5ee24d | ||
|
|
ca6e9054f9 | ||
| 09c52b2519 | |||
| 1fb9fade51 | |||
| bc04482fb5 | |||
|
|
045328f3b9 | ||
|
|
576fe3ab15 | ||
|
|
35bb6b9806 | ||
|
|
e56e15e34c | ||
|
|
cc69ce39ed | ||
|
|
9476724284 | ||
|
|
9246959777 | ||
|
|
0f6daf3200 | ||
|
|
435669b6b6 | ||
|
|
f75a258125 | ||
|
|
4d120e5ea9 | ||
|
|
57959b70c3 | ||
|
|
7a7f9c5135 | ||
|
|
8c071ae508 | ||
|
|
a3c2b8227a | ||
|
|
f9f3e7b85a | ||
| 812fc01a98 | |||
|
|
811c125cb9 | ||
|
|
3005813f2c | ||
|
|
5565e76796 | ||
| dc8ec7d28f | |||
|
|
2fbed343db | ||
| 699e080e3e | |||
|
|
8f2bf9618e | ||
| 069981baa0 | |||
|
|
886cd38a9b | ||
| 438d915f73 | |||
|
|
78f961f416 | ||
| 6a214f1c58 | |||
| ad2ce3d8ff | |||
| b826279d8f | |||
|
|
20ced62e1a | ||
|
|
9b69a60cca | ||
| 3b6b18d168 | |||
| 33ae5784e2 | |||
| cd30d94040 | |||
| 62bb54556c | |||
| 8e1856415a | |||
| 9444b06b52 | |||
| c2fdb3e0c1 | |||
|
|
9de7791553 | ||
|
|
ef2f862d23 | ||
| a655c546b7 | |||
| 0e68279037 | |||
| 2bb7fc5786 | |||
|
|
4157732f4b | ||
|
|
0c1150ac4d | ||
| 72a4dd3382 | |||
|
|
d3d9f9a8b0 | ||
| 16f9e98b25 | |||
| 676109860a | |||
|
|
3daba279d2 | ||
|
|
70a8ac6f99 | ||
|
|
68bd909345 | ||
|
|
91c3b4e394 | ||
|
|
41794f8bf5 | ||
|
|
ca78da2e07 |
@@ -12,6 +12,10 @@ const { refreshBalances, getProvider } = require("../shared/balances");
|
||||
const { debugFetch } = require("../shared/log");
|
||||
const { decryptWithPassword } = require("../shared/vault");
|
||||
const { getSignerForAddress } = require("../shared/wallet");
|
||||
const {
|
||||
isPhishingDomain,
|
||||
updatePhishingList,
|
||||
} = require("../shared/phishingDomains");
|
||||
|
||||
const storageApi =
|
||||
typeof browser !== "undefined"
|
||||
@@ -571,6 +575,10 @@ async function backgroundRefresh() {
|
||||
|
||||
setInterval(backgroundRefresh, BACKGROUND_REFRESH_INTERVAL);
|
||||
|
||||
// Fetch the MetaMask eth-phishing-detect domain blocklist on startup.
|
||||
// Refreshes every 24 hours automatically.
|
||||
updatePhishingList();
|
||||
|
||||
// When approval window is closed without a response, treat as rejection
|
||||
if (windowsApi && windowsApi.onRemoved) {
|
||||
windowsApi.onRemoved.addListener((windowId) => {
|
||||
@@ -643,6 +651,8 @@ runtime.onMessage.addListener((msg, sender, sendResponse) => {
|
||||
resp.type = "sign";
|
||||
resp.signParams = approval.signParams;
|
||||
}
|
||||
// Flag if the requesting domain is on the phishing blocklist.
|
||||
resp.isPhishingDomain = isPhishingDomain(approval.hostname);
|
||||
sendResponse(resp);
|
||||
} else {
|
||||
sendResponse(null);
|
||||
|
||||
@@ -56,37 +56,105 @@
|
||||
< Back
|
||||
</button>
|
||||
<h2 class="font-bold mb-2">Add Wallet</h2>
|
||||
<p class="mb-2">
|
||||
Enter your 12 or 24 word recovery phrase below, or click the
|
||||
button to roll the die for a new one.
|
||||
</p>
|
||||
<div class="mb-1 flex justify-end">
|
||||
|
||||
<!-- Mode selector tabs -->
|
||||
<div
|
||||
class="flex border-b border-border mb-3"
|
||||
id="add-wallet-tabs"
|
||||
>
|
||||
<button
|
||||
id="btn-generate-phrase"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer text-xs"
|
||||
title="Generate a random recovery phrase"
|
||||
id="tab-mnemonic"
|
||||
class="px-3 py-1.5 cursor-pointer text-xs font-bold border border-border border-b-bg bg-bg -mb-px"
|
||||
>
|
||||
[⚀]
|
||||
From Phrase
|
||||
</button>
|
||||
<button
|
||||
id="tab-privkey"
|
||||
class="px-3 py-1.5 cursor-pointer text-xs text-muted border border-dashed border-border-light border-b-transparent -mb-px hover:bg-fg hover:text-bg"
|
||||
>
|
||||
From Key
|
||||
</button>
|
||||
<button
|
||||
id="tab-xprv"
|
||||
class="px-3 py-1.5 cursor-pointer text-xs text-muted border border-dashed border-border-light border-b-transparent -mb-px hover:bg-fg hover:text-bg"
|
||||
>
|
||||
From xprv
|
||||
</button>
|
||||
</div>
|
||||
<div class="mb-2">
|
||||
<textarea
|
||||
id="wallet-mnemonic"
|
||||
rows="3"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg resize-y"
|
||||
placeholder="word word word ..."
|
||||
></textarea>
|
||||
|
||||
<!-- Mnemonic form section -->
|
||||
<div id="add-wallet-section-mnemonic">
|
||||
<p class="mb-2">
|
||||
Enter your 12 or 24 word recovery phrase below, or click
|
||||
the button to roll the die for a new one.
|
||||
</p>
|
||||
<div class="mb-1 flex justify-end">
|
||||
<button
|
||||
id="btn-generate-phrase"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer text-xs"
|
||||
title="Generate a random recovery phrase"
|
||||
>
|
||||
[⚀]
|
||||
</button>
|
||||
</div>
|
||||
<div class="mb-2">
|
||||
<textarea
|
||||
id="wallet-mnemonic"
|
||||
rows="3"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg resize-y"
|
||||
placeholder="word word word ..."
|
||||
></textarea>
|
||||
</div>
|
||||
<div
|
||||
id="add-wallet-phrase-warning"
|
||||
class="text-xs mb-2 border border-border border-dashed p-2"
|
||||
style="visibility: hidden"
|
||||
>
|
||||
Write these words down and keep them safe. Anyone with
|
||||
them can take your funds; if you lose them, your wallet
|
||||
is gone.
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
id="add-wallet-phrase-warning"
|
||||
class="text-xs mb-2 border border-border border-dashed p-2 hidden"
|
||||
>
|
||||
Write these words down and keep them safe. Anyone with them
|
||||
can take your funds; if you lose them, your wallet is gone.
|
||||
|
||||
<!-- Private key form section -->
|
||||
<div id="add-wallet-section-privkey" class="hidden">
|
||||
<p class="mb-2">
|
||||
Paste your private key below. This wallet will have a
|
||||
single address.
|
||||
</p>
|
||||
<div class="mb-2">
|
||||
<input
|
||||
type="password"
|
||||
id="import-private-key"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
placeholder="0x..."
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Extended key (xprv) form section -->
|
||||
<div id="add-wallet-section-xprv" class="hidden">
|
||||
<p class="mb-2">
|
||||
Paste your extended private key (xprv) below. This will
|
||||
import the HD wallet and scan for used addresses.
|
||||
</p>
|
||||
<div class="mb-2">
|
||||
<input
|
||||
type="password"
|
||||
id="import-xprv-key"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
placeholder="xprv..."
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Shared password fields -->
|
||||
<div class="mb-2" id="add-wallet-password-section">
|
||||
<label class="block mb-1">Choose a password</label>
|
||||
<p class="text-xs text-muted mb-1">
|
||||
<p
|
||||
class="text-xs text-muted mb-1"
|
||||
id="add-wallet-password-hint"
|
||||
>
|
||||
This password encrypts your recovery phrase on this
|
||||
device. You will need it to send funds.
|
||||
</p>
|
||||
@@ -107,64 +175,6 @@
|
||||
<button
|
||||
id="btn-add-wallet-confirm"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
|
||||
>
|
||||
Add
|
||||
</button>
|
||||
<div class="mt-3 text-xs text-muted">
|
||||
Have a private key instead?
|
||||
<button
|
||||
id="btn-add-wallet-import-key"
|
||||
class="underline cursor-pointer bg-transparent border-none text-fg text-xs font-mono p-0"
|
||||
>
|
||||
Import private key
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ============ IMPORT PRIVATE KEY ============ -->
|
||||
<div id="view-import-key" class="view hidden">
|
||||
<button
|
||||
id="btn-import-key-back"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer mb-2"
|
||||
>
|
||||
< Back
|
||||
</button>
|
||||
<h2 class="font-bold mb-2">Import Private Key</h2>
|
||||
<p class="mb-2">
|
||||
Paste your private key below. This wallet will have a single
|
||||
address.
|
||||
</p>
|
||||
<div class="mb-2">
|
||||
<input
|
||||
type="password"
|
||||
id="import-private-key"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
placeholder="0x..."
|
||||
/>
|
||||
</div>
|
||||
<div class="mb-2" id="import-key-password-section">
|
||||
<label class="block mb-1">Choose a password</label>
|
||||
<p class="text-xs text-muted mb-1">
|
||||
This password encrypts your private key on this device.
|
||||
You will need it to send funds.
|
||||
</p>
|
||||
<input
|
||||
type="password"
|
||||
id="import-key-password"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
/>
|
||||
</div>
|
||||
<div class="mb-2" id="import-key-password-confirm-section">
|
||||
<label class="block mb-1">Confirm password</label>
|
||||
<input
|
||||
type="password"
|
||||
id="import-key-password-confirm"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
/>
|
||||
</div>
|
||||
<button
|
||||
id="btn-import-key-confirm"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
|
||||
>
|
||||
Import
|
||||
</button>
|
||||
@@ -175,7 +185,7 @@
|
||||
<!-- active address headline -->
|
||||
<div
|
||||
id="total-value"
|
||||
class="text-2xl font-bold min-h-[2rem]"
|
||||
class="text-2xl font-bold min-h-[2rem] text-fg"
|
||||
></div>
|
||||
<div
|
||||
id="total-value-sub"
|
||||
@@ -305,6 +315,26 @@
|
||||
>
|
||||
+ Token
|
||||
</button>
|
||||
<div class="relative">
|
||||
<button
|
||||
id="btn-more-menu"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
|
||||
aria-label="More actions"
|
||||
>
|
||||
···
|
||||
</button>
|
||||
<div
|
||||
id="more-menu-dropdown"
|
||||
class="hidden absolute right-0 top-full mt-1 border border-border bg-bg z-50 whitespace-nowrap py-1"
|
||||
>
|
||||
<button
|
||||
id="btn-export-privkey"
|
||||
class="block w-full text-left px-4 py-1.5 text-xs font-light text-muted hover:bg-hover hover:text-fg cursor-pointer"
|
||||
>
|
||||
Export Private Key
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- transactions -->
|
||||
@@ -318,6 +348,61 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ============ EXPORT PRIVATE KEY VIEW ============ -->
|
||||
<div id="view-export-privkey" class="view hidden">
|
||||
<button
|
||||
id="btn-export-privkey-back"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer mb-2"
|
||||
>
|
||||
< Back
|
||||
</button>
|
||||
<div
|
||||
id="export-privkey-jazzicon"
|
||||
class="flex justify-center mt-1 mb-3"
|
||||
></div>
|
||||
<h2 class="font-bold mb-1">Export Private Key</h2>
|
||||
<p class="text-xs mb-1" id="export-privkey-title"></p>
|
||||
<p class="text-xs mb-3">
|
||||
<span id="export-privkey-dot"></span>
|
||||
<span
|
||||
id="export-privkey-address"
|
||||
class="cursor-pointer"
|
||||
title="Click to copy"
|
||||
></span>
|
||||
</p>
|
||||
<p class="text-xs mb-3 text-muted">
|
||||
Warning: anyone with this private key can access and
|
||||
transfer all funds from this address. Never share it.
|
||||
</p>
|
||||
<div
|
||||
id="export-privkey-flash"
|
||||
class="text-xs mb-2 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<div id="export-privkey-password-section" class="mb-2">
|
||||
<label class="block mb-1">Password</label>
|
||||
<input
|
||||
type="password"
|
||||
id="export-privkey-password"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
placeholder="Enter your password to continue"
|
||||
/>
|
||||
<button
|
||||
id="btn-export-privkey-confirm"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer mt-2"
|
||||
>
|
||||
Reveal
|
||||
</button>
|
||||
</div>
|
||||
<div id="export-privkey-result" class="hidden">
|
||||
<div
|
||||
id="export-privkey-value"
|
||||
class="bg-danger-well rounded p-2 font-mono text-xs break-all cursor-pointer mb-1"
|
||||
title="Click to copy"
|
||||
></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ============ ADDRESS-TOKEN DETAIL VIEW ============ -->
|
||||
<div id="view-address-token" class="view hidden">
|
||||
<button
|
||||
@@ -422,6 +507,11 @@
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
placeholder="Address (0x...) or ENS name"
|
||||
/>
|
||||
<div
|
||||
id="send-to-error"
|
||||
class="text-xs"
|
||||
style="min-height: 1.25rem; color: #cc0000"
|
||||
></div>
|
||||
</div>
|
||||
<div class="mb-2">
|
||||
<div class="flex justify-between mb-1">
|
||||
@@ -491,22 +581,78 @@
|
||||
<div class="text-xs text-muted mb-1">Your balance</div>
|
||||
<div id="confirm-balance" class="text-xs"></div>
|
||||
</div>
|
||||
<div id="confirm-fee" class="mb-3 hidden">
|
||||
<div id="confirm-fee" class="mb-3" style="visibility: hidden">
|
||||
<div class="text-xs text-muted mb-1">
|
||||
Estimated network fee
|
||||
</div>
|
||||
<div id="confirm-fee-amount" class="text-xs"></div>
|
||||
</div>
|
||||
<div id="confirm-warnings" class="mb-2 hidden"></div>
|
||||
<div
|
||||
id="confirm-warnings"
|
||||
class="mb-2"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<div
|
||||
id="confirm-recipient-warning"
|
||||
class="mb-2"
|
||||
style="visibility: hidden"
|
||||
>
|
||||
<div
|
||||
class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
|
||||
>
|
||||
WARNING: The recipient address has ZERO transaction
|
||||
history. This may indicate a fresh or unused address.
|
||||
Double-check the address before sending.
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
id="confirm-contract-warning"
|
||||
class="mb-2"
|
||||
style="visibility: hidden"
|
||||
>
|
||||
<div
|
||||
class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
|
||||
>
|
||||
WARNING: The recipient is a smart contract. Sending ETH
|
||||
or tokens directly to a contract may result in permanent
|
||||
loss of funds.
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
id="confirm-burn-warning"
|
||||
class="mb-2"
|
||||
style="visibility: hidden"
|
||||
>
|
||||
<div
|
||||
class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
|
||||
>
|
||||
WARNING: This is a known null/burn address. Funds sent
|
||||
here are permanently destroyed and cannot be recovered.
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
id="confirm-errors"
|
||||
class="mb-2 border border-border border-dashed p-2 hidden"
|
||||
class="mb-2 border border-border border-dashed p-2"
|
||||
style="visibility: hidden; min-height: 1.25rem"
|
||||
></div>
|
||||
<div class="mb-2">
|
||||
<label class="block mb-1 text-xs">Password</label>
|
||||
<input
|
||||
type="password"
|
||||
id="confirm-tx-password"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
/>
|
||||
</div>
|
||||
<div
|
||||
id="confirm-tx-password-error"
|
||||
class="text-xs mb-2 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<button
|
||||
id="btn-confirm-send"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
|
||||
>
|
||||
Send
|
||||
Sign & Send
|
||||
</button>
|
||||
</div>
|
||||
|
||||
@@ -585,42 +731,6 @@
|
||||
</button>
|
||||
</div>
|
||||
|
||||
<!-- ============ PASSWORD MODAL ============ -->
|
||||
<div
|
||||
id="password-modal"
|
||||
class="hidden fixed inset-0 bg-bg flex items-center justify-center z-50"
|
||||
>
|
||||
<div class="border border-border p-4 bg-bg w-80">
|
||||
<h2 class="font-bold mb-2">Enter Password</h2>
|
||||
<p class="text-xs text-muted mb-2">
|
||||
Your password is needed to authorize this transaction.
|
||||
</p>
|
||||
<input
|
||||
type="password"
|
||||
id="modal-password"
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg mb-2"
|
||||
/>
|
||||
<div
|
||||
id="modal-password-error"
|
||||
class="text-xs mb-2 border border-border border-dashed p-1 hidden"
|
||||
></div>
|
||||
<div class="flex gap-2">
|
||||
<button
|
||||
id="btn-modal-confirm"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
|
||||
>
|
||||
Confirm
|
||||
</button>
|
||||
<button
|
||||
id="btn-modal-cancel"
|
||||
class="border border-border px-2 py-1 hover:bg-fg hover:text-bg cursor-pointer"
|
||||
>
|
||||
Cancel
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ============ RECEIVE ============ -->
|
||||
<div id="view-receive" class="view hidden">
|
||||
<button
|
||||
@@ -651,7 +761,8 @@
|
||||
</button>
|
||||
<div
|
||||
id="receive-erc20-warning"
|
||||
class="text-xs border border-border border-dashed p-2 mt-3 hidden"
|
||||
class="text-xs border border-border border-dashed p-2 mt-3"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
</div>
|
||||
|
||||
@@ -679,7 +790,8 @@
|
||||
</div>
|
||||
<div
|
||||
id="add-token-info"
|
||||
class="text-xs text-muted mb-2 hidden"
|
||||
class="text-xs text-muted mb-2 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<div class="mb-2">
|
||||
<label class="block mb-1 text-xs text-muted"
|
||||
@@ -737,7 +849,7 @@
|
||||
<div class="bg-well p-3 mx-1 mb-3">
|
||||
<h3 class="font-bold mb-1">Display</h3>
|
||||
<label
|
||||
class="text-xs flex items-center gap-1 cursor-pointer"
|
||||
class="text-xs flex items-center gap-1 cursor-pointer mb-2"
|
||||
>
|
||||
<input
|
||||
type="checkbox"
|
||||
@@ -745,6 +857,17 @@
|
||||
/>
|
||||
Show tracked tokens with zero balance
|
||||
</label>
|
||||
<div class="text-xs flex items-center gap-1">
|
||||
<label for="settings-theme">Theme:</label>
|
||||
<select
|
||||
id="settings-theme"
|
||||
class="border border-border p-1 bg-bg text-fg text-xs cursor-pointer"
|
||||
>
|
||||
<option value="system">System</option>
|
||||
<option value="light">Light</option>
|
||||
<option value="dark">Dark</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="bg-well p-3 mx-1 mb-3">
|
||||
@@ -826,6 +949,12 @@
|
||||
/>
|
||||
<span class="text-xs text-muted">gwei</span>
|
||||
</div>
|
||||
<label
|
||||
class="text-xs flex items-center gap-1 cursor-pointer mb-1"
|
||||
>
|
||||
<input type="checkbox" id="settings-utc-timestamps" />
|
||||
UTC Timestamps
|
||||
</label>
|
||||
</div>
|
||||
|
||||
<div class="bg-well p-3 mx-1 mb-3">
|
||||
@@ -861,7 +990,8 @@
|
||||
</p>
|
||||
<div
|
||||
id="delete-wallet-flash"
|
||||
class="text-xs text-red-500 mb-2 hidden"
|
||||
class="text-xs text-red-500 mb-2 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<div class="mb-2">
|
||||
<label class="block mb-1">Password</label>
|
||||
@@ -936,7 +1066,8 @@
|
||||
/>
|
||||
<div
|
||||
id="settings-addtoken-info"
|
||||
class="text-xs text-muted mt-1 hidden"
|
||||
class="text-xs text-muted mt-1 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<button
|
||||
id="btn-settings-addtoken-manual"
|
||||
@@ -1018,6 +1149,20 @@
|
||||
<!-- ============ TRANSACTION APPROVAL ============ -->
|
||||
<div id="view-approve-tx" class="view hidden">
|
||||
<h2 class="font-bold mb-2">Transaction Request</h2>
|
||||
<div
|
||||
id="approve-tx-phishing-warning"
|
||||
class="mb-3 p-2 text-xs font-bold hidden"
|
||||
style="
|
||||
background: #fee2e2;
|
||||
color: #991b1b;
|
||||
border: 2px solid #dc2626;
|
||||
border-radius: 6px;
|
||||
"
|
||||
>
|
||||
⚠️ PHISHING WARNING: This site is on MetaMask's phishing
|
||||
blocklist. This transaction may steal your funds. Proceed
|
||||
with extreme caution.
|
||||
</div>
|
||||
<p class="mb-2">
|
||||
<span id="approve-tx-hostname" class="font-bold"></span>
|
||||
wants to send a transaction.
|
||||
@@ -1060,7 +1205,11 @@
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
/>
|
||||
</div>
|
||||
<div id="approve-tx-error" class="text-xs hidden mb-2"></div>
|
||||
<div
|
||||
id="approve-tx-error"
|
||||
class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<div class="flex justify-between">
|
||||
<button
|
||||
id="btn-approve-tx"
|
||||
@@ -1080,6 +1229,20 @@
|
||||
<!-- ============ SIGNATURE APPROVAL ============ -->
|
||||
<div id="view-approve-sign" class="view hidden">
|
||||
<h2 class="font-bold mb-2">Signature Request</h2>
|
||||
<div
|
||||
id="approve-sign-phishing-warning"
|
||||
class="mb-3 p-2 text-xs font-bold hidden"
|
||||
style="
|
||||
background: #fee2e2;
|
||||
color: #991b1b;
|
||||
border: 2px solid #dc2626;
|
||||
border-radius: 6px;
|
||||
"
|
||||
>
|
||||
⚠️ PHISHING WARNING: This site is on MetaMask's phishing
|
||||
blocklist. Signing this message may authorize theft of your
|
||||
funds. Proceed with extreme caution.
|
||||
</div>
|
||||
<p class="mb-2">
|
||||
<span id="approve-sign-hostname" class="font-bold"></span>
|
||||
wants you to sign a message.
|
||||
@@ -1087,8 +1250,10 @@
|
||||
|
||||
<div
|
||||
id="approve-sign-danger-warning"
|
||||
class="hidden mb-3 p-2 text-xs font-bold"
|
||||
class="mb-3 p-2 text-xs font-bold"
|
||||
style="
|
||||
visibility: hidden;
|
||||
min-height: 1.25rem;
|
||||
background: #fee2e2;
|
||||
color: #991b1b;
|
||||
border: 2px solid #dc2626;
|
||||
@@ -1123,7 +1288,11 @@
|
||||
class="border border-border p-1 w-full font-mono text-sm bg-bg text-fg"
|
||||
/>
|
||||
</div>
|
||||
<div id="approve-sign-error" class="text-xs hidden mb-2"></div>
|
||||
<div
|
||||
id="approve-sign-error"
|
||||
class="text-xs mb-2 border border-border border-dashed p-1 min-h-[1.25rem]"
|
||||
style="visibility: hidden"
|
||||
></div>
|
||||
<div class="flex justify-between">
|
||||
<button
|
||||
id="btn-approve-sign"
|
||||
@@ -1143,6 +1312,20 @@
|
||||
<!-- ============ SITE APPROVAL ============ -->
|
||||
<div id="view-approve-site" class="view hidden">
|
||||
<h2 class="font-bold mb-2">Connection Request</h2>
|
||||
<div
|
||||
id="approve-site-phishing-warning"
|
||||
class="mb-3 p-2 text-xs font-bold hidden"
|
||||
style="
|
||||
background: #fee2e2;
|
||||
color: #991b1b;
|
||||
border: 2px solid #dc2626;
|
||||
border-radius: 6px;
|
||||
"
|
||||
>
|
||||
⚠️ PHISHING WARNING: This site is on MetaMask's phishing
|
||||
blocklist. Connecting your wallet may result in loss of
|
||||
funds. Proceed with extreme caution.
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<p class="mb-2">
|
||||
<span id="approve-hostname" class="font-bold"></span>
|
||||
|
||||
@@ -6,11 +6,11 @@ const { state, saveState, loadState } = require("../shared/state");
|
||||
const { refreshPrices } = require("../shared/prices");
|
||||
const { refreshBalances } = require("../shared/balances");
|
||||
const { $, showView } = require("./views/helpers");
|
||||
const { applyTheme } = require("./theme");
|
||||
|
||||
const home = require("./views/home");
|
||||
const welcome = require("./views/welcome");
|
||||
const addWallet = require("./views/addWallet");
|
||||
const importKey = require("./views/importKey");
|
||||
const addressDetail = require("./views/addressDetail");
|
||||
const addressToken = require("./views/addressToken");
|
||||
const send = require("./views/send");
|
||||
@@ -54,7 +54,6 @@ const ctx = {
|
||||
renderWalletList,
|
||||
doRefreshAndRender,
|
||||
showAddWalletView: () => addWallet.show(),
|
||||
showImportKeyView: () => importKey.show(),
|
||||
showAddressDetail: () => addressDetail.show(),
|
||||
showAddressToken: () => addressToken.show(),
|
||||
showAddTokenView: () => addToken.show(),
|
||||
@@ -74,6 +73,7 @@ const RESTORABLE_VIEWS = new Set([
|
||||
"receive",
|
||||
"settings",
|
||||
"settings-addtoken",
|
||||
"confirm-tx",
|
||||
"transaction",
|
||||
"success-tx",
|
||||
"error-tx",
|
||||
@@ -127,6 +127,13 @@ function restoreView() {
|
||||
case "settings-addtoken":
|
||||
settingsAddToken.show();
|
||||
break;
|
||||
case "confirm-tx":
|
||||
if (state.viewData && state.viewData.pendingTx) {
|
||||
confirmTx.restore();
|
||||
} else {
|
||||
fallbackView();
|
||||
}
|
||||
break;
|
||||
case "transaction":
|
||||
if (state.viewData && state.viewData.tx) {
|
||||
transactionDetail.render();
|
||||
@@ -170,6 +177,7 @@ async function init() {
|
||||
}
|
||||
|
||||
await loadState();
|
||||
applyTheme(state.theme);
|
||||
|
||||
// Auto-default active address
|
||||
if (
|
||||
@@ -209,7 +217,6 @@ async function init() {
|
||||
|
||||
welcome.init(ctx);
|
||||
addWallet.init(ctx);
|
||||
importKey.init(ctx);
|
||||
home.init(ctx);
|
||||
addressDetail.init(ctx);
|
||||
addressToken.init(ctx);
|
||||
|
||||
@@ -11,10 +11,36 @@
|
||||
--color-border-light: #cccccc;
|
||||
--color-hover: #eeeeee;
|
||||
--color-well: #f5f5f5;
|
||||
--color-danger-well: #fef2f2;
|
||||
--color-section: #dddddd;
|
||||
}
|
||||
|
||||
html.dark {
|
||||
--color-bg: #000000;
|
||||
--color-fg: #ffffff;
|
||||
--color-muted: #aaaaaa;
|
||||
--color-border: #ffffff;
|
||||
--color-border-light: #444444;
|
||||
--color-hover: #222222;
|
||||
--color-well: #1a1a1a;
|
||||
--color-danger-well: #2a0a0a;
|
||||
--color-section: #2a2a2a;
|
||||
}
|
||||
|
||||
body {
|
||||
width: 396px;
|
||||
overflow-x: hidden;
|
||||
}
|
||||
|
||||
/* Copy-flash feedback: inverts colors then fades back */
|
||||
.copy-flash-active {
|
||||
background-color: var(--color-fg) !important;
|
||||
color: var(--color-bg) !important;
|
||||
transition: none;
|
||||
}
|
||||
|
||||
.copy-flash-fade {
|
||||
transition:
|
||||
background-color 225ms ease-out,
|
||||
color 225ms ease-out;
|
||||
}
|
||||
|
||||
33
src/popup/theme.js
Normal file
33
src/popup/theme.js
Normal file
@@ -0,0 +1,33 @@
|
||||
// Theme management: applies light/dark class to <html> based on preference.
|
||||
|
||||
let mediaQuery = null;
|
||||
let mediaHandler = null;
|
||||
|
||||
function applyTheme(theme) {
|
||||
// Clean up previous system listener
|
||||
if (mediaQuery && mediaHandler) {
|
||||
mediaQuery.removeEventListener("change", mediaHandler);
|
||||
mediaHandler = null;
|
||||
}
|
||||
|
||||
if (theme === "dark") {
|
||||
document.documentElement.classList.add("dark");
|
||||
} else if (theme === "light") {
|
||||
document.documentElement.classList.remove("dark");
|
||||
} else {
|
||||
// system
|
||||
mediaQuery = window.matchMedia("(prefers-color-scheme: dark)");
|
||||
const update = () => {
|
||||
if (mediaQuery.matches) {
|
||||
document.documentElement.classList.add("dark");
|
||||
} else {
|
||||
document.documentElement.classList.remove("dark");
|
||||
}
|
||||
};
|
||||
mediaHandler = update;
|
||||
mediaQuery.addEventListener("change", update);
|
||||
update();
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = { applyTheme };
|
||||
@@ -7,7 +7,8 @@ const { log } = require("../../shared/log");
|
||||
|
||||
function show() {
|
||||
$("add-token-address").value = "";
|
||||
$("add-token-info").classList.add("hidden");
|
||||
$("add-token-info").textContent = "";
|
||||
$("add-token-info").style.visibility = "hidden";
|
||||
const list = $("common-token-list");
|
||||
list.innerHTML = getTopTokens(25)
|
||||
.map(
|
||||
@@ -45,7 +46,7 @@ function init(ctx) {
|
||||
}
|
||||
const infoEl = $("add-token-info");
|
||||
infoEl.textContent = "Looking up token...";
|
||||
infoEl.classList.remove("hidden");
|
||||
infoEl.style.visibility = "visible";
|
||||
log.debugf("Looking up token contract", contractAddr);
|
||||
try {
|
||||
const info = await lookupTokenInfo(contractAddr, state.rpcUrl);
|
||||
@@ -63,7 +64,8 @@ function init(ctx) {
|
||||
const detail = e.shortMessage || e.message || String(e);
|
||||
log.errorf("Token lookup failed for", contractAddr, detail);
|
||||
showFlash(detail);
|
||||
infoEl.classList.add("hidden");
|
||||
infoEl.textContent = "";
|
||||
infoEl.style.visibility = "hidden";
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -3,114 +3,299 @@ const {
|
||||
generateMnemonic,
|
||||
hdWalletFromMnemonic,
|
||||
isValidMnemonic,
|
||||
addressFromPrivateKey,
|
||||
hdWalletFromXprv,
|
||||
isValidXprv,
|
||||
} = require("../../shared/wallet");
|
||||
const { encryptWithPassword } = require("../../shared/vault");
|
||||
const { state, saveState } = require("../../shared/state");
|
||||
const { scanForAddresses } = require("../../shared/balances");
|
||||
|
||||
/**
|
||||
* Check if an address already exists in ANY wallet (hd, xprv, or key).
|
||||
* Returns the wallet object if found, or undefined.
|
||||
*/
|
||||
function findWalletByAddress(addr) {
|
||||
const lower = addr.toLowerCase();
|
||||
return state.wallets.find((w) =>
|
||||
w.addresses.some((a) => a.address.toLowerCase() === lower),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if an xpub already exists in any HD-type wallet (hd or xprv).
|
||||
* Returns the wallet object if found, or undefined.
|
||||
*/
|
||||
function findWalletByXpub(xpub) {
|
||||
return state.wallets.find((w) => w.xpub && w.xpub === xpub);
|
||||
}
|
||||
|
||||
let currentMode = "mnemonic";
|
||||
|
||||
const MODES = ["mnemonic", "privkey", "xprv"];
|
||||
|
||||
const PASSWORD_HINTS = {
|
||||
mnemonic:
|
||||
"This password encrypts your recovery phrase on this device. You will need it to send funds.",
|
||||
privkey:
|
||||
"This password encrypts your private key on this device. You will need it to send funds.",
|
||||
xprv: "This password encrypts your key on this device. You will need it to send funds.",
|
||||
};
|
||||
|
||||
function switchMode(mode) {
|
||||
currentMode = mode;
|
||||
for (const m of MODES) {
|
||||
$("add-wallet-section-" + m).classList.toggle("hidden", m !== mode);
|
||||
const tab = $("tab-" + m);
|
||||
const isActive = m === mode;
|
||||
// Active: bold, solid border on top/sides, no bottom border (connects to content)
|
||||
tab.classList.toggle("font-bold", isActive);
|
||||
tab.classList.toggle("border-solid", isActive);
|
||||
tab.classList.toggle("border-border", isActive);
|
||||
tab.classList.toggle("border-b-bg", isActive);
|
||||
tab.classList.toggle("bg-bg", isActive);
|
||||
// Inactive: muted text, dashed border on top/sides, transparent bottom, hover invert
|
||||
tab.classList.toggle("text-muted", !isActive);
|
||||
tab.classList.toggle("border-dashed", !isActive);
|
||||
tab.classList.toggle("border-border-light", !isActive);
|
||||
tab.classList.toggle("border-b-transparent", !isActive);
|
||||
tab.classList.toggle("hover:bg-fg", !isActive);
|
||||
tab.classList.toggle("hover:text-bg", !isActive);
|
||||
}
|
||||
$("add-wallet-password-hint").textContent = PASSWORD_HINTS[mode];
|
||||
}
|
||||
|
||||
function show() {
|
||||
$("wallet-mnemonic").value = "";
|
||||
$("import-private-key").value = "";
|
||||
$("import-xprv-key").value = "";
|
||||
$("add-wallet-password").value = "";
|
||||
$("add-wallet-password-confirm").value = "";
|
||||
$("add-wallet-phrase-warning").classList.add("hidden");
|
||||
$("add-wallet-phrase-warning").style.visibility = "hidden";
|
||||
switchMode("mnemonic");
|
||||
showView("add-wallet");
|
||||
}
|
||||
|
||||
function init(ctx) {
|
||||
$("btn-generate-phrase").addEventListener("click", () => {
|
||||
$("wallet-mnemonic").value = generateMnemonic();
|
||||
$("add-wallet-phrase-warning").classList.remove("hidden");
|
||||
});
|
||||
function validatePassword() {
|
||||
const pw = $("add-wallet-password").value;
|
||||
const pw2 = $("add-wallet-password-confirm").value;
|
||||
if (!pw) {
|
||||
showFlash("Please choose a password.");
|
||||
return null;
|
||||
}
|
||||
if (pw.length < 12) {
|
||||
showFlash("Password must be at least 12 characters.");
|
||||
return null;
|
||||
}
|
||||
if (pw !== pw2) {
|
||||
showFlash("Passwords do not match.");
|
||||
return null;
|
||||
}
|
||||
return pw;
|
||||
}
|
||||
|
||||
$("btn-add-wallet-confirm").addEventListener("click", async () => {
|
||||
const mnemonic = $("wallet-mnemonic").value.trim();
|
||||
if (!mnemonic) {
|
||||
showFlash(
|
||||
"Enter a recovery phrase or press the die to generate one.",
|
||||
);
|
||||
return;
|
||||
}
|
||||
const words = mnemonic.split(/\s+/);
|
||||
if (words.length !== 12 && words.length !== 24) {
|
||||
showFlash(
|
||||
"Recovery phrase must be 12 or 24 words. You entered " +
|
||||
words.length +
|
||||
".",
|
||||
);
|
||||
return;
|
||||
}
|
||||
if (!isValidMnemonic(mnemonic)) {
|
||||
showFlash("Invalid recovery phrase. Check for typos.");
|
||||
return;
|
||||
}
|
||||
const pw = $("add-wallet-password").value;
|
||||
const pw2 = $("add-wallet-password-confirm").value;
|
||||
if (!pw) {
|
||||
showFlash("Please choose a password.");
|
||||
return;
|
||||
}
|
||||
if (pw.length < 12) {
|
||||
showFlash("Password must be at least 12 characters.");
|
||||
return;
|
||||
}
|
||||
if (pw !== pw2) {
|
||||
showFlash("Passwords do not match.");
|
||||
return;
|
||||
}
|
||||
const { xpub, firstAddress } = hdWalletFromMnemonic(mnemonic);
|
||||
const duplicate = state.wallets.find(
|
||||
(w) =>
|
||||
w.type === "hd" &&
|
||||
w.addresses[0] &&
|
||||
w.addresses[0].address.toLowerCase() ===
|
||||
firstAddress.toLowerCase(),
|
||||
async function importMnemonic(ctx) {
|
||||
const mnemonic = $("wallet-mnemonic").value.trim();
|
||||
if (!mnemonic) {
|
||||
showFlash("Enter a recovery phrase or press the die to generate one.");
|
||||
return;
|
||||
}
|
||||
const words = mnemonic.split(/\s+/);
|
||||
if (words.length !== 12 && words.length !== 24) {
|
||||
showFlash(
|
||||
"Recovery phrase must be 12 or 24 words. You entered " +
|
||||
words.length +
|
||||
".",
|
||||
);
|
||||
if (duplicate) {
|
||||
showFlash(
|
||||
"This recovery phrase is already added (" +
|
||||
duplicate.name +
|
||||
").",
|
||||
);
|
||||
return;
|
||||
}
|
||||
const encrypted = await encryptWithPassword(mnemonic, pw);
|
||||
const walletNum = state.wallets.length + 1;
|
||||
const wallet = {
|
||||
type: "hd",
|
||||
name: "Wallet " + walletNum,
|
||||
xpub: xpub,
|
||||
encryptedSecret: encrypted,
|
||||
nextIndex: 1,
|
||||
addresses: [
|
||||
{ address: firstAddress, balance: "0.0000", tokenBalances: [] },
|
||||
],
|
||||
};
|
||||
state.wallets.push(wallet);
|
||||
state.hasWallet = true;
|
||||
return;
|
||||
}
|
||||
if (!isValidMnemonic(mnemonic)) {
|
||||
showFlash("Invalid recovery phrase. Check for typos.");
|
||||
return;
|
||||
}
|
||||
const pw = validatePassword();
|
||||
if (!pw) return;
|
||||
const { xpub, firstAddress } = hdWalletFromMnemonic(mnemonic);
|
||||
const xpubDup = findWalletByXpub(xpub);
|
||||
if (xpubDup) {
|
||||
showFlash(
|
||||
"This recovery phrase is already added (" + xpubDup.name + ").",
|
||||
);
|
||||
return;
|
||||
}
|
||||
const addrDup = findWalletByAddress(firstAddress);
|
||||
if (addrDup) {
|
||||
showFlash("Address already exists in wallet (" + addrDup.name + ").");
|
||||
return;
|
||||
}
|
||||
const encrypted = await encryptWithPassword(mnemonic, pw);
|
||||
const walletNum = state.wallets.length + 1;
|
||||
const wallet = {
|
||||
type: "hd",
|
||||
name: "Wallet " + walletNum,
|
||||
xpub: xpub,
|
||||
encryptedSecret: encrypted,
|
||||
nextIndex: 1,
|
||||
addresses: [
|
||||
{ address: firstAddress, balance: "0.0000", tokenBalances: [] },
|
||||
],
|
||||
};
|
||||
state.wallets.push(wallet);
|
||||
state.hasWallet = true;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showView("main");
|
||||
|
||||
// Scan for used HD addresses beyond index 0.
|
||||
showFlash("Scanning for addresses...", 30000);
|
||||
const scan = await scanForAddresses(xpub, state.rpcUrl);
|
||||
if (scan.addresses.length > 1) {
|
||||
wallet.addresses = scan.addresses.map((a) => ({
|
||||
address: a.address,
|
||||
balance: "0.0000",
|
||||
tokenBalances: [],
|
||||
}));
|
||||
wallet.nextIndex = scan.nextIndex;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showView("main");
|
||||
showFlash("Found " + scan.addresses.length + " addresses.");
|
||||
} else {
|
||||
showFlash("Ready.", 1000);
|
||||
}
|
||||
|
||||
// Scan for used HD addresses beyond index 0.
|
||||
showFlash("Scanning for addresses...", 30000);
|
||||
const scan = await scanForAddresses(xpub, state.rpcUrl);
|
||||
if (scan.addresses.length > 1) {
|
||||
wallet.addresses = scan.addresses.map((a) => ({
|
||||
address: a.address,
|
||||
balance: "0.0000",
|
||||
tokenBalances: [],
|
||||
}));
|
||||
wallet.nextIndex = scan.nextIndex;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showFlash("Found " + scan.addresses.length + " addresses.");
|
||||
} else {
|
||||
showFlash("Ready.", 1000);
|
||||
}
|
||||
ctx.doRefreshAndRender();
|
||||
}
|
||||
|
||||
ctx.doRefreshAndRender();
|
||||
async function importPrivateKey(ctx) {
|
||||
const key = $("import-private-key").value.trim();
|
||||
if (!key) {
|
||||
showFlash("Please enter your private key.");
|
||||
return;
|
||||
}
|
||||
let addr;
|
||||
try {
|
||||
addr = addressFromPrivateKey(key);
|
||||
} catch (e) {
|
||||
showFlash("Invalid private key.");
|
||||
return;
|
||||
}
|
||||
const pw = validatePassword();
|
||||
if (!pw) return;
|
||||
const duplicate = findWalletByAddress(addr);
|
||||
if (duplicate) {
|
||||
showFlash(
|
||||
"This address already exists in wallet (" + duplicate.name + ").",
|
||||
);
|
||||
return;
|
||||
}
|
||||
const encrypted = await encryptWithPassword(key, pw);
|
||||
const walletNum = state.wallets.length + 1;
|
||||
state.wallets.push({
|
||||
type: "key",
|
||||
name: "Wallet " + walletNum,
|
||||
encryptedSecret: encrypted,
|
||||
addresses: [{ address: addr, balance: "0.0000", tokenBalances: [] }],
|
||||
});
|
||||
state.hasWallet = true;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showView("main");
|
||||
|
||||
ctx.doRefreshAndRender();
|
||||
}
|
||||
|
||||
async function importXprvKey(ctx) {
|
||||
const xprv = $("import-xprv-key").value.trim();
|
||||
if (!xprv) {
|
||||
showFlash("Please enter your extended private key.");
|
||||
return;
|
||||
}
|
||||
if (!isValidXprv(xprv)) {
|
||||
showFlash("Invalid extended private key.");
|
||||
return;
|
||||
}
|
||||
let result;
|
||||
try {
|
||||
result = hdWalletFromXprv(xprv);
|
||||
} catch (e) {
|
||||
showFlash("Invalid extended private key.");
|
||||
return;
|
||||
}
|
||||
const { xpub, firstAddress } = result;
|
||||
const xpubDup = findWalletByXpub(xpub);
|
||||
if (xpubDup) {
|
||||
showFlash("This key is already added (" + xpubDup.name + ").");
|
||||
return;
|
||||
}
|
||||
const addrDup = findWalletByAddress(firstAddress);
|
||||
if (addrDup) {
|
||||
showFlash("Address already exists in wallet (" + addrDup.name + ").");
|
||||
return;
|
||||
}
|
||||
const pw = validatePassword();
|
||||
if (!pw) return;
|
||||
const encrypted = await encryptWithPassword(xprv, pw);
|
||||
const walletNum = state.wallets.length + 1;
|
||||
const wallet = {
|
||||
type: "xprv",
|
||||
name: "Wallet " + walletNum,
|
||||
xpub: xpub,
|
||||
encryptedSecret: encrypted,
|
||||
nextIndex: 1,
|
||||
addresses: [
|
||||
{ address: firstAddress, balance: "0.0000", tokenBalances: [] },
|
||||
],
|
||||
};
|
||||
state.wallets.push(wallet);
|
||||
state.hasWallet = true;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showView("main");
|
||||
|
||||
// Scan for used HD addresses beyond index 0.
|
||||
showFlash("Scanning for addresses...", 30000);
|
||||
const scan = await scanForAddresses(xpub, state.rpcUrl);
|
||||
if (scan.addresses.length > 1) {
|
||||
wallet.addresses = scan.addresses.map((a) => ({
|
||||
address: a.address,
|
||||
balance: "0.0000",
|
||||
tokenBalances: [],
|
||||
}));
|
||||
wallet.nextIndex = scan.nextIndex;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showFlash("Found " + scan.addresses.length + " addresses.");
|
||||
} else {
|
||||
showFlash("Ready.", 1000);
|
||||
}
|
||||
|
||||
ctx.doRefreshAndRender();
|
||||
}
|
||||
|
||||
function init(ctx) {
|
||||
// Tab click handlers
|
||||
$("tab-mnemonic").addEventListener("click", () => switchMode("mnemonic"));
|
||||
$("tab-privkey").addEventListener("click", () => switchMode("privkey"));
|
||||
$("tab-xprv").addEventListener("click", () => switchMode("xprv"));
|
||||
|
||||
// Generate mnemonic
|
||||
$("btn-generate-phrase").addEventListener("click", () => {
|
||||
$("wallet-mnemonic").value = generateMnemonic();
|
||||
$("add-wallet-phrase-warning").style.visibility = "visible";
|
||||
});
|
||||
|
||||
// Import / confirm
|
||||
$("btn-add-wallet-confirm").addEventListener("click", async () => {
|
||||
if (currentMode === "mnemonic") {
|
||||
await importMnemonic(ctx);
|
||||
} else if (currentMode === "privkey") {
|
||||
await importPrivateKey(ctx);
|
||||
} else if (currentMode === "xprv") {
|
||||
await importXprvKey(ctx);
|
||||
}
|
||||
});
|
||||
|
||||
// Back button
|
||||
$("btn-add-wallet-back").addEventListener("click", () => {
|
||||
if (!state.hasWallet) {
|
||||
showView("welcome");
|
||||
@@ -119,11 +304,6 @@ function init(ctx) {
|
||||
showView("main");
|
||||
}
|
||||
});
|
||||
|
||||
$("btn-add-wallet-import-key").addEventListener(
|
||||
"click",
|
||||
ctx.showImportKeyView,
|
||||
);
|
||||
}
|
||||
|
||||
module.exports = { init, show };
|
||||
|
||||
@@ -2,6 +2,7 @@ const {
|
||||
$,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
balanceLinesForAddress,
|
||||
addressDotHtml,
|
||||
addressTitle,
|
||||
@@ -15,9 +16,15 @@ const {
|
||||
filterTransactions,
|
||||
} = require("../../shared/transactions");
|
||||
const { resolveEnsNames } = require("../../shared/ens");
|
||||
const { updateSendBalance, renderSendTokenSelect } = require("./send");
|
||||
const {
|
||||
updateSendBalance,
|
||||
renderSendTokenSelect,
|
||||
resetSendValidation,
|
||||
} = require("./send");
|
||||
const { log } = require("../../shared/log");
|
||||
const makeBlockie = require("ethereum-blockies-base64");
|
||||
const { decryptWithPassword } = require("../../shared/vault");
|
||||
const { getSignerForAddress } = require("../../shared/wallet");
|
||||
|
||||
let ctx;
|
||||
|
||||
@@ -88,18 +95,39 @@ function show() {
|
||||
function isoDate(timestamp) {
|
||||
const d = new Date(timestamp * 1000);
|
||||
const pad = (n) => String(n).padStart(2, "0");
|
||||
if (state.utcTimestamps) {
|
||||
return (
|
||||
d.getUTCFullYear() +
|
||||
"-" +
|
||||
pad(d.getUTCMonth() + 1) +
|
||||
"-" +
|
||||
pad(d.getUTCDate()) +
|
||||
"T" +
|
||||
pad(d.getUTCHours()) +
|
||||
":" +
|
||||
pad(d.getUTCMinutes()) +
|
||||
":" +
|
||||
pad(d.getUTCSeconds()) +
|
||||
"Z"
|
||||
);
|
||||
}
|
||||
const offsetMin = -d.getTimezoneOffset();
|
||||
const sign = offsetMin >= 0 ? "+" : "-";
|
||||
const absOff = Math.abs(offsetMin);
|
||||
const tzStr = sign + pad(Math.floor(absOff / 60)) + ":" + pad(absOff % 60);
|
||||
return (
|
||||
d.getFullYear() +
|
||||
"-" +
|
||||
pad(d.getMonth() + 1) +
|
||||
"-" +
|
||||
pad(d.getDate()) +
|
||||
" " +
|
||||
"T" +
|
||||
pad(d.getHours()) +
|
||||
":" +
|
||||
pad(d.getMinutes()) +
|
||||
":" +
|
||||
pad(d.getSeconds())
|
||||
pad(d.getSeconds()) +
|
||||
tzStr
|
||||
);
|
||||
}
|
||||
|
||||
@@ -235,6 +263,7 @@ function init(_ctx) {
|
||||
if (addr) {
|
||||
navigator.clipboard.writeText(addr);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback($("address-full"));
|
||||
}
|
||||
});
|
||||
|
||||
@@ -257,6 +286,7 @@ function init(_ctx) {
|
||||
$("send-token").classList.remove("hidden");
|
||||
$("send-token-static").classList.add("hidden");
|
||||
updateSendBalance();
|
||||
resetSendValidation();
|
||||
showView("send");
|
||||
});
|
||||
|
||||
@@ -265,6 +295,110 @@ function init(_ctx) {
|
||||
});
|
||||
|
||||
$("btn-add-token").addEventListener("click", ctx.showAddTokenView);
|
||||
|
||||
// More menu dropdown
|
||||
const moreBtn = $("btn-more-menu");
|
||||
const moreDropdown = $("more-menu-dropdown");
|
||||
moreBtn.addEventListener("click", (e) => {
|
||||
e.stopPropagation();
|
||||
const isOpen = !moreDropdown.classList.toggle("hidden");
|
||||
moreBtn.classList.toggle("bg-fg", isOpen);
|
||||
moreBtn.classList.toggle("text-bg", isOpen);
|
||||
});
|
||||
document.addEventListener("click", () => {
|
||||
moreDropdown.classList.add("hidden");
|
||||
moreBtn.classList.remove("bg-fg", "text-bg");
|
||||
});
|
||||
moreDropdown.addEventListener("click", (e) => {
|
||||
e.stopPropagation();
|
||||
});
|
||||
|
||||
$("btn-export-privkey").addEventListener("click", () => {
|
||||
moreDropdown.classList.add("hidden");
|
||||
moreBtn.classList.remove("bg-fg", "text-bg");
|
||||
const wallet = state.wallets[state.selectedWallet];
|
||||
const addr = wallet.addresses[state.selectedAddress];
|
||||
const blockieEl = $("export-privkey-jazzicon");
|
||||
blockieEl.innerHTML = "";
|
||||
const bImg = document.createElement("img");
|
||||
bImg.src = makeBlockie(addr.address);
|
||||
bImg.width = 48;
|
||||
bImg.height = 48;
|
||||
bImg.style.imageRendering = "pixelated";
|
||||
bImg.style.borderRadius = "50%";
|
||||
blockieEl.appendChild(bImg);
|
||||
$("export-privkey-title").textContent =
|
||||
wallet.name + " \u2014 Address " + (state.selectedAddress + 1);
|
||||
$("export-privkey-dot").innerHTML = addressDotHtml(addr.address);
|
||||
$("export-privkey-address").textContent = addr.address;
|
||||
$("export-privkey-address").dataset.full = addr.address;
|
||||
$("export-privkey-password").value = "";
|
||||
$("export-privkey-flash").textContent = "";
|
||||
$("export-privkey-flash").style.visibility = "hidden";
|
||||
$("export-privkey-password-section").classList.remove("hidden");
|
||||
$("export-privkey-result").classList.add("hidden");
|
||||
$("export-privkey-value").textContent = "";
|
||||
showView("export-privkey");
|
||||
});
|
||||
|
||||
$("btn-export-privkey-confirm").addEventListener("click", async () => {
|
||||
const password = $("export-privkey-password").value;
|
||||
if (!password) {
|
||||
$("export-privkey-flash").textContent = "Password is required.";
|
||||
$("export-privkey-flash").style.visibility = "visible";
|
||||
return;
|
||||
}
|
||||
const btn = $("btn-export-privkey-confirm");
|
||||
btn.disabled = true;
|
||||
btn.classList.add("text-muted");
|
||||
const wallet = state.wallets[state.selectedWallet];
|
||||
try {
|
||||
const secret = await decryptWithPassword(
|
||||
wallet.encryptedSecret,
|
||||
password,
|
||||
);
|
||||
const signer = getSignerForAddress(
|
||||
wallet,
|
||||
state.selectedAddress,
|
||||
secret,
|
||||
);
|
||||
const privateKey = signer.privateKey;
|
||||
$("export-privkey-password-section").classList.add("hidden");
|
||||
$("export-privkey-value").textContent = privateKey;
|
||||
$("export-privkey-result").classList.remove("hidden");
|
||||
$("export-privkey-flash").style.visibility = "hidden";
|
||||
} catch {
|
||||
$("export-privkey-flash").textContent = "Wrong password.";
|
||||
$("export-privkey-flash").style.visibility = "visible";
|
||||
} finally {
|
||||
btn.disabled = false;
|
||||
btn.classList.remove("text-muted");
|
||||
}
|
||||
});
|
||||
|
||||
$("export-privkey-value").addEventListener("click", () => {
|
||||
const key = $("export-privkey-value").textContent;
|
||||
if (key) {
|
||||
navigator.clipboard.writeText(key);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback($("export-privkey-value"));
|
||||
}
|
||||
});
|
||||
|
||||
$("export-privkey-address").addEventListener("click", () => {
|
||||
const full = $("export-privkey-address").dataset.full;
|
||||
if (full) {
|
||||
navigator.clipboard.writeText(full);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback($("export-privkey-address"));
|
||||
}
|
||||
});
|
||||
|
||||
$("btn-export-privkey-back").addEventListener("click", () => {
|
||||
$("export-privkey-value").textContent = "";
|
||||
$("export-privkey-password").value = "";
|
||||
show();
|
||||
});
|
||||
}
|
||||
|
||||
module.exports = { init, show };
|
||||
|
||||
@@ -5,6 +5,7 @@ const {
|
||||
$,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
addressDotHtml,
|
||||
addressTitle,
|
||||
escapeHtml,
|
||||
@@ -23,7 +24,11 @@ const {
|
||||
filterTransactions,
|
||||
} = require("../../shared/transactions");
|
||||
const { resolveEnsNames } = require("../../shared/ens");
|
||||
const { updateSendBalance, renderSendTokenSelect } = require("./send");
|
||||
const {
|
||||
updateSendBalance,
|
||||
renderSendTokenSelect,
|
||||
resetSendValidation,
|
||||
} = require("./send");
|
||||
const { log } = require("../../shared/log");
|
||||
const makeBlockie = require("ethereum-blockies-base64");
|
||||
|
||||
@@ -43,18 +48,39 @@ function etherscanAddressLink(address) {
|
||||
function isoDate(timestamp) {
|
||||
const d = new Date(timestamp * 1000);
|
||||
const pad = (n) => String(n).padStart(2, "0");
|
||||
if (state.utcTimestamps) {
|
||||
return (
|
||||
d.getUTCFullYear() +
|
||||
"-" +
|
||||
pad(d.getUTCMonth() + 1) +
|
||||
"-" +
|
||||
pad(d.getUTCDate()) +
|
||||
"T" +
|
||||
pad(d.getUTCHours()) +
|
||||
":" +
|
||||
pad(d.getUTCMinutes()) +
|
||||
":" +
|
||||
pad(d.getUTCSeconds()) +
|
||||
"Z"
|
||||
);
|
||||
}
|
||||
const offsetMin = -d.getTimezoneOffset();
|
||||
const sign = offsetMin >= 0 ? "+" : "-";
|
||||
const absOff = Math.abs(offsetMin);
|
||||
const tzStr = sign + pad(Math.floor(absOff / 60)) + ":" + pad(absOff % 60);
|
||||
return (
|
||||
d.getFullYear() +
|
||||
"-" +
|
||||
pad(d.getMonth() + 1) +
|
||||
"-" +
|
||||
pad(d.getDate()) +
|
||||
" " +
|
||||
"T" +
|
||||
pad(d.getHours()) +
|
||||
":" +
|
||||
pad(d.getMinutes()) +
|
||||
":" +
|
||||
pad(d.getSeconds())
|
||||
pad(d.getSeconds()) +
|
||||
tzStr
|
||||
);
|
||||
}
|
||||
|
||||
@@ -313,6 +339,7 @@ function init(_ctx) {
|
||||
if (addr) {
|
||||
navigator.clipboard.writeText(addr);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback($("address-token-full"));
|
||||
}
|
||||
});
|
||||
|
||||
@@ -321,6 +348,7 @@ function init(_ctx) {
|
||||
if (copyEl) {
|
||||
navigator.clipboard.writeText(copyEl.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(copyEl);
|
||||
}
|
||||
});
|
||||
|
||||
@@ -369,9 +397,11 @@ function init(_ctx) {
|
||||
copyEl.addEventListener("click", () => {
|
||||
navigator.clipboard.writeText(copyEl.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(copyEl);
|
||||
});
|
||||
}
|
||||
updateSendBalance();
|
||||
resetSendValidation();
|
||||
showView("send");
|
||||
});
|
||||
|
||||
|
||||
@@ -4,6 +4,8 @@ const {
|
||||
addressTitle,
|
||||
escapeHtml,
|
||||
showView,
|
||||
showError,
|
||||
hideError,
|
||||
} = require("./helpers");
|
||||
const { state, saveState } = require("../../shared/state");
|
||||
const { formatEther, formatUnits, Interface, toUtf8String } = require("ethers");
|
||||
@@ -11,6 +13,7 @@ const { ERC20_ABI } = require("../../shared/constants");
|
||||
const { TOKEN_BY_ADDRESS } = require("../../shared/tokenList");
|
||||
const txStatus = require("./txStatus");
|
||||
const uniswap = require("../../shared/uniswap");
|
||||
const { isPhishingDomain } = require("../../shared/phishingDomains");
|
||||
|
||||
const runtime =
|
||||
typeof browser !== "undefined" ? browser.runtime : chrome.runtime;
|
||||
@@ -153,7 +156,24 @@ function decodeCalldata(data, toAddress) {
|
||||
return null;
|
||||
}
|
||||
|
||||
function showPhishingWarning(elementId, hostname, isPhishing) {
|
||||
const el = $(elementId);
|
||||
if (!el) return;
|
||||
// Check both the flag from background and a local re-check
|
||||
if (isPhishing || isPhishingDomain(hostname)) {
|
||||
el.classList.remove("hidden");
|
||||
} else {
|
||||
el.classList.add("hidden");
|
||||
}
|
||||
}
|
||||
|
||||
function showTxApproval(details) {
|
||||
showPhishingWarning(
|
||||
"approve-tx-phishing-warning",
|
||||
details.hostname,
|
||||
details.isPhishingDomain,
|
||||
);
|
||||
|
||||
const toAddr = details.txParams.to;
|
||||
const token = toAddr ? TOKEN_BY_ADDRESS.get(toAddr.toLowerCase()) : null;
|
||||
const ethValue = formatEther(details.txParams.value || "0");
|
||||
@@ -170,6 +190,8 @@ function showTxApproval(details) {
|
||||
// If this is an ERC-20 call, try to extract the real recipient and amount
|
||||
const decoded = decodeCalldata(details.txParams.data, toAddr || "");
|
||||
if (decoded && decoded.details) {
|
||||
let decodedTokenAddr = null;
|
||||
let decodedTokenSymbol = null;
|
||||
for (const d of decoded.details) {
|
||||
if (d.label === "Recipient" && d.address) {
|
||||
pendingTxDetails.to = d.address;
|
||||
@@ -177,10 +199,20 @@ function showTxApproval(details) {
|
||||
if (d.label === "Amount") {
|
||||
pendingTxDetails.amount = d.rawValue || d.value;
|
||||
}
|
||||
if (d.label === "Token In" && d.isToken && d.address) {
|
||||
const t = TOKEN_BY_ADDRESS.get(d.address.toLowerCase());
|
||||
if (t) {
|
||||
decodedTokenAddr = d.address;
|
||||
decodedTokenSymbol = t.symbol;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (token) {
|
||||
pendingTxDetails.token = toAddr;
|
||||
pendingTxDetails.tokenSymbol = token.symbol;
|
||||
} else if (decodedTokenAddr) {
|
||||
pendingTxDetails.token = decodedTokenAddr;
|
||||
pendingTxDetails.tokenSymbol = decodedTokenSymbol;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -254,6 +286,9 @@ function showTxApproval(details) {
|
||||
$("approve-tx-data-section").classList.add("hidden");
|
||||
}
|
||||
|
||||
$("approve-tx-password").value = "";
|
||||
hideError("approve-tx-error");
|
||||
|
||||
showView("approve-tx");
|
||||
}
|
||||
|
||||
@@ -306,6 +341,12 @@ function formatTypedDataHtml(jsonStr) {
|
||||
}
|
||||
|
||||
function showSignApproval(details) {
|
||||
showPhishingWarning(
|
||||
"approve-sign-phishing-warning",
|
||||
details.hostname,
|
||||
details.isPhishingDomain,
|
||||
);
|
||||
|
||||
const sp = details.signParams;
|
||||
|
||||
$("approve-sign-hostname").textContent = details.hostname;
|
||||
@@ -334,15 +375,15 @@ function showSignApproval(details) {
|
||||
if (warningEl) {
|
||||
if (sp.dangerWarning) {
|
||||
warningEl.textContent = sp.dangerWarning;
|
||||
warningEl.classList.remove("hidden");
|
||||
warningEl.style.visibility = "visible";
|
||||
} else {
|
||||
warningEl.textContent = "";
|
||||
warningEl.classList.add("hidden");
|
||||
warningEl.style.visibility = "hidden";
|
||||
}
|
||||
}
|
||||
|
||||
$("approve-sign-password").value = "";
|
||||
$("approve-sign-error").classList.add("hidden");
|
||||
hideError("approve-sign-error");
|
||||
$("btn-approve-sign").disabled = false;
|
||||
$("btn-approve-sign").classList.remove("text-muted");
|
||||
|
||||
@@ -365,6 +406,12 @@ function show(id) {
|
||||
showSignApproval(details);
|
||||
return;
|
||||
}
|
||||
// Site connection approval
|
||||
showPhishingWarning(
|
||||
"approve-site-phishing-warning",
|
||||
details.hostname,
|
||||
details.isPhishingDomain,
|
||||
);
|
||||
$("approve-hostname").textContent = details.hostname;
|
||||
$("approve-address").innerHTML = approvalAddressHtml(
|
||||
state.activeAddress,
|
||||
@@ -407,11 +454,10 @@ function init(ctx) {
|
||||
$("btn-approve-tx").addEventListener("click", () => {
|
||||
const password = $("approve-tx-password").value;
|
||||
if (!password) {
|
||||
$("approve-tx-error").textContent = "Please enter your password.";
|
||||
$("approve-tx-error").classList.remove("hidden");
|
||||
showError("approve-tx-error", "Please enter your password.");
|
||||
return;
|
||||
}
|
||||
$("approve-tx-error").classList.add("hidden");
|
||||
hideError("approve-tx-error");
|
||||
$("btn-approve-tx").disabled = true;
|
||||
$("btn-approve-tx").classList.add("text-muted");
|
||||
|
||||
@@ -447,11 +493,10 @@ function init(ctx) {
|
||||
$("btn-approve-sign").addEventListener("click", () => {
|
||||
const password = $("approve-sign-password").value;
|
||||
if (!password) {
|
||||
$("approve-sign-error").textContent = "Please enter your password.";
|
||||
$("approve-sign-error").classList.remove("hidden");
|
||||
showError("approve-sign-error", "Please enter your password.");
|
||||
return;
|
||||
}
|
||||
$("approve-sign-error").classList.add("hidden");
|
||||
hideError("approve-sign-error");
|
||||
$("btn-approve-sign").disabled = true;
|
||||
$("btn-approve-sign").classList.add("text-muted");
|
||||
|
||||
@@ -469,8 +514,7 @@ function init(ctx) {
|
||||
} else {
|
||||
const msg =
|
||||
(response && response.error) || "Signing failed.";
|
||||
$("approve-sign-error").textContent = msg;
|
||||
$("approve-sign-error").classList.remove("hidden");
|
||||
showError("approve-sign-error", msg);
|
||||
$("btn-approve-sign").disabled = false;
|
||||
$("btn-approve-sign").classList.remove("text-muted");
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
// Transaction confirmation view + password modal.
|
||||
// Shows transaction details, warnings, errors. On proceed, opens
|
||||
// password modal, decrypts secret, signs and broadcasts.
|
||||
// Transaction confirmation view with inline password.
|
||||
// Shows transaction details, warnings, errors. On Sign & Send,
|
||||
// reads inline password, decrypts secret, signs and broadcasts.
|
||||
|
||||
const {
|
||||
parseEther,
|
||||
@@ -14,6 +14,8 @@ const {
|
||||
showError,
|
||||
hideError,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
addressTitle,
|
||||
addressDotHtml,
|
||||
escapeHtml,
|
||||
@@ -23,8 +25,11 @@ const { getSignerForAddress } = require("../../shared/wallet");
|
||||
const { decryptWithPassword } = require("../../shared/vault");
|
||||
const { formatUsd, getPrice } = require("../../shared/prices");
|
||||
const { getProvider } = require("../../shared/balances");
|
||||
const { isScamAddress } = require("../../shared/scamlist");
|
||||
const { ERC20_ABI } = require("../../shared/constants");
|
||||
const {
|
||||
getLocalWarnings,
|
||||
getFullWarnings,
|
||||
} = require("../../shared/addressWarnings");
|
||||
const { ERC20_ABI, isBurnAddress } = require("../../shared/constants");
|
||||
const { log } = require("../../shared/log");
|
||||
const makeBlockie = require("ethereum-blockies-base64");
|
||||
const txStatus = require("./txStatus");
|
||||
@@ -38,6 +43,13 @@ const EXT_ICON =
|
||||
|
||||
let pendingTx = null;
|
||||
|
||||
function restore() {
|
||||
const d = state.viewData;
|
||||
if (d && d.pendingTx) {
|
||||
show(d.pendingTx);
|
||||
}
|
||||
}
|
||||
|
||||
function etherscanTokenLink(address) {
|
||||
return `https://etherscan.io/token/${address}`;
|
||||
}
|
||||
@@ -95,11 +107,23 @@ function show(txInfo) {
|
||||
// Token contract section (ERC-20 only)
|
||||
const tokenSection = $("confirm-token-section");
|
||||
if (isErc20) {
|
||||
const dot = addressDotHtml(txInfo.token);
|
||||
const link = etherscanTokenLink(txInfo.token);
|
||||
$("confirm-token-contract").innerHTML =
|
||||
escapeHtml(txInfo.token) +
|
||||
` <a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
|
||||
`<div class="flex items-center">${dot}` +
|
||||
`<span class="break-all underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(txInfo.token)}">${escapeHtml(txInfo.token)}</span>` +
|
||||
`<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>` +
|
||||
`</div>`;
|
||||
tokenSection.classList.remove("hidden");
|
||||
// Attach click-to-copy on the contract address
|
||||
const copyEl = tokenSection.querySelector("[data-copy]");
|
||||
if (copyEl) {
|
||||
copyEl.onclick = () => {
|
||||
navigator.clipboard.writeText(copyEl.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(copyEl);
|
||||
};
|
||||
}
|
||||
} else {
|
||||
tokenSection.classList.add("hidden");
|
||||
}
|
||||
@@ -146,28 +170,23 @@ function show(txInfo) {
|
||||
$("confirm-balance").textContent = valueWithUsd(bal + " ETH", balUsd);
|
||||
}
|
||||
|
||||
// Check for warnings
|
||||
const warnings = [];
|
||||
if (isScamAddress(txInfo.to)) {
|
||||
warnings.push(
|
||||
"This address is on a known scam/fraud list. Do not send funds to this address.",
|
||||
);
|
||||
}
|
||||
if (txInfo.to.toLowerCase() === txInfo.from.toLowerCase()) {
|
||||
warnings.push("You are sending to your own address.");
|
||||
}
|
||||
// Check for warnings (synchronous local checks)
|
||||
const localWarnings = getLocalWarnings(txInfo.to, {
|
||||
fromAddress: txInfo.from,
|
||||
});
|
||||
|
||||
const warningsEl = $("confirm-warnings");
|
||||
if (warnings.length > 0) {
|
||||
warningsEl.innerHTML = warnings
|
||||
if (localWarnings.length > 0) {
|
||||
warningsEl.innerHTML = localWarnings
|
||||
.map(
|
||||
(w) =>
|
||||
`<div class="border border-border border-dashed p-2 mb-1 text-xs font-bold">WARNING: ${w}</div>`,
|
||||
`<div class="border border-border border-dashed p-2 mb-1 text-xs font-bold">WARNING: ${w.message}</div>`,
|
||||
)
|
||||
.join("");
|
||||
warningsEl.classList.remove("hidden");
|
||||
warningsEl.style.visibility = "visible";
|
||||
} else {
|
||||
warningsEl.classList.add("hidden");
|
||||
warningsEl.innerHTML = "";
|
||||
warningsEl.style.visibility = "hidden";
|
||||
}
|
||||
|
||||
// Check for errors
|
||||
@@ -205,21 +224,38 @@ function show(txInfo) {
|
||||
errorsEl.innerHTML = errors
|
||||
.map((e) => `<div class="text-xs">${e}</div>`)
|
||||
.join("");
|
||||
errorsEl.classList.remove("hidden");
|
||||
errorsEl.style.visibility = "visible";
|
||||
sendBtn.disabled = true;
|
||||
sendBtn.classList.add("text-muted");
|
||||
} else {
|
||||
errorsEl.classList.add("hidden");
|
||||
errorsEl.innerHTML = "";
|
||||
errorsEl.style.visibility = "hidden";
|
||||
sendBtn.disabled = false;
|
||||
sendBtn.classList.remove("text-muted");
|
||||
}
|
||||
|
||||
// Reset password field and error
|
||||
$("confirm-tx-password").value = "";
|
||||
hideError("confirm-tx-password-error");
|
||||
|
||||
// Gas estimate — show placeholder then fetch async
|
||||
$("confirm-fee").classList.remove("hidden");
|
||||
$("confirm-fee").style.visibility = "visible";
|
||||
$("confirm-fee-amount").textContent = "Estimating...";
|
||||
state.viewData = { pendingTx: txInfo };
|
||||
showView("confirm-tx");
|
||||
|
||||
// Reset async warnings to hidden (space always reserved, no layout shift)
|
||||
$("confirm-recipient-warning").style.visibility = "hidden";
|
||||
$("confirm-contract-warning").style.visibility = "hidden";
|
||||
$("confirm-burn-warning").style.visibility = "hidden";
|
||||
|
||||
// Show burn warning via reserved element (in addition to inline warning)
|
||||
if (isBurnAddress(txInfo.to)) {
|
||||
$("confirm-burn-warning").style.visibility = "visible";
|
||||
}
|
||||
|
||||
estimateGas(txInfo);
|
||||
checkRecipientHistory(txInfo);
|
||||
}
|
||||
|
||||
async function estimateGas(txInfo) {
|
||||
@@ -262,39 +298,39 @@ async function estimateGas(txInfo) {
|
||||
}
|
||||
}
|
||||
|
||||
function showPasswordModal() {
|
||||
$("modal-password").value = "";
|
||||
hideError("modal-password-error");
|
||||
$("password-modal").classList.remove("hidden");
|
||||
}
|
||||
|
||||
function hidePasswordModal() {
|
||||
$("password-modal").classList.add("hidden");
|
||||
async function checkRecipientHistory(txInfo) {
|
||||
try {
|
||||
const provider = getProvider(state.rpcUrl);
|
||||
const asyncWarnings = await getFullWarnings(txInfo.to, provider, {
|
||||
fromAddress: txInfo.from,
|
||||
});
|
||||
for (const w of asyncWarnings) {
|
||||
if (w.type === "contract") {
|
||||
$("confirm-contract-warning").style.visibility = "visible";
|
||||
}
|
||||
if (w.type === "new-address") {
|
||||
$("confirm-recipient-warning").style.visibility = "visible";
|
||||
}
|
||||
}
|
||||
} catch (e) {
|
||||
log.errorf("recipient history check failed:", e.message);
|
||||
}
|
||||
}
|
||||
|
||||
function init(ctx) {
|
||||
$("btn-confirm-send").addEventListener("click", () => {
|
||||
showPasswordModal();
|
||||
});
|
||||
|
||||
$("btn-confirm-back").addEventListener("click", () => {
|
||||
showView("send");
|
||||
});
|
||||
|
||||
$("btn-modal-cancel").addEventListener("click", () => {
|
||||
hidePasswordModal();
|
||||
});
|
||||
|
||||
$("btn-modal-confirm").addEventListener("click", async () => {
|
||||
const password = $("modal-password").value;
|
||||
$("btn-confirm-send").addEventListener("click", async () => {
|
||||
const password = $("confirm-tx-password").value;
|
||||
if (!password) {
|
||||
showError("modal-password-error", "Please enter your password.");
|
||||
showError(
|
||||
"confirm-tx-password-error",
|
||||
"Please enter your password.",
|
||||
);
|
||||
return;
|
||||
}
|
||||
|
||||
const wallet = state.wallets[state.selectedWallet];
|
||||
let decryptedSecret;
|
||||
hideError("modal-password-error");
|
||||
hideError("confirm-tx-password-error");
|
||||
|
||||
try {
|
||||
decryptedSecret = await decryptWithPassword(
|
||||
@@ -302,11 +338,12 @@ function init(ctx) {
|
||||
password,
|
||||
);
|
||||
} catch (e) {
|
||||
showError("modal-password-error", "Wrong password.");
|
||||
showError("confirm-tx-password-error", "Wrong password.");
|
||||
return;
|
||||
}
|
||||
|
||||
hidePasswordModal();
|
||||
$("btn-confirm-send").disabled = true;
|
||||
$("btn-confirm-send").classList.add("text-muted");
|
||||
|
||||
let tx;
|
||||
try {
|
||||
@@ -343,8 +380,15 @@ function init(ctx) {
|
||||
decryptedSecret = null;
|
||||
const hash = tx ? tx.hash : null;
|
||||
txStatus.showError(pendingTx, hash, e.shortMessage || e.message);
|
||||
} finally {
|
||||
$("btn-confirm-send").disabled = false;
|
||||
$("btn-confirm-send").classList.remove("text-muted");
|
||||
}
|
||||
});
|
||||
|
||||
$("btn-confirm-back").addEventListener("click", () => {
|
||||
showView("send");
|
||||
});
|
||||
}
|
||||
|
||||
module.exports = { init, show };
|
||||
module.exports = { init, show, restore };
|
||||
|
||||
@@ -12,7 +12,7 @@ function show(walletIdx) {
|
||||
wallet.name || "Wallet " + (walletIdx + 1);
|
||||
$("delete-wallet-password").value = "";
|
||||
$("delete-wallet-flash").textContent = "";
|
||||
$("delete-wallet-flash").classList.add("hidden");
|
||||
$("delete-wallet-flash").style.visibility = "hidden";
|
||||
showView("delete-wallet-confirm");
|
||||
}
|
||||
|
||||
@@ -29,17 +29,21 @@ function init(_ctx) {
|
||||
if (!pw) {
|
||||
$("delete-wallet-flash").textContent =
|
||||
"Please enter your password.";
|
||||
$("delete-wallet-flash").classList.remove("hidden");
|
||||
$("delete-wallet-flash").style.visibility = "visible";
|
||||
return;
|
||||
}
|
||||
|
||||
if (deleteWalletIndex === null) {
|
||||
$("delete-wallet-flash").textContent =
|
||||
"No wallet selected for deletion.";
|
||||
$("delete-wallet-flash").classList.remove("hidden");
|
||||
$("delete-wallet-flash").style.visibility = "visible";
|
||||
return;
|
||||
}
|
||||
|
||||
const btn = $("btn-delete-wallet-confirm");
|
||||
btn.disabled = true;
|
||||
btn.classList.add("text-muted");
|
||||
|
||||
const walletIdx = deleteWalletIndex;
|
||||
const wallet = state.wallets[walletIdx];
|
||||
|
||||
@@ -48,7 +52,9 @@ function init(_ctx) {
|
||||
await decryptWithPassword(wallet.encryptedSecret, pw);
|
||||
} catch (_e) {
|
||||
$("delete-wallet-flash").textContent = "Wrong password.";
|
||||
$("delete-wallet-flash").classList.remove("hidden");
|
||||
$("delete-wallet-flash").style.visibility = "visible";
|
||||
btn.disabled = false;
|
||||
btn.classList.remove("text-muted");
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -13,7 +13,6 @@ const { state, saveState } = require("../../shared/state");
|
||||
const VIEWS = [
|
||||
"welcome",
|
||||
"add-wallet",
|
||||
"import-key",
|
||||
"main",
|
||||
"address",
|
||||
"address-token",
|
||||
@@ -31,6 +30,7 @@ const VIEWS = [
|
||||
"approve-site",
|
||||
"approve-tx",
|
||||
"approve-sign",
|
||||
"export-privkey",
|
||||
];
|
||||
|
||||
function $(id) {
|
||||
@@ -40,11 +40,13 @@ function $(id) {
|
||||
function showError(id, msg) {
|
||||
const el = $(id);
|
||||
el.textContent = msg;
|
||||
el.classList.remove("hidden");
|
||||
el.style.visibility = "visible";
|
||||
}
|
||||
|
||||
function hideError(id) {
|
||||
$(id).classList.add("hidden");
|
||||
const el = $(id);
|
||||
el.textContent = "";
|
||||
el.style.visibility = "hidden";
|
||||
}
|
||||
|
||||
function showView(name) {
|
||||
@@ -226,18 +228,39 @@ function formatAddressHtml(address, ensName, maxLen, title) {
|
||||
function isoDate(timestamp) {
|
||||
const d = new Date(timestamp * 1000);
|
||||
const pad = (n) => String(n).padStart(2, "0");
|
||||
if (state.utcTimestamps) {
|
||||
return (
|
||||
d.getUTCFullYear() +
|
||||
"-" +
|
||||
pad(d.getUTCMonth() + 1) +
|
||||
"-" +
|
||||
pad(d.getUTCDate()) +
|
||||
"T" +
|
||||
pad(d.getUTCHours()) +
|
||||
":" +
|
||||
pad(d.getUTCMinutes()) +
|
||||
":" +
|
||||
pad(d.getUTCSeconds()) +
|
||||
"Z"
|
||||
);
|
||||
}
|
||||
const offsetMin = -d.getTimezoneOffset();
|
||||
const sign = offsetMin >= 0 ? "+" : "-";
|
||||
const absOff = Math.abs(offsetMin);
|
||||
const tzStr = sign + pad(Math.floor(absOff / 60)) + ":" + pad(absOff % 60);
|
||||
return (
|
||||
d.getFullYear() +
|
||||
"-" +
|
||||
pad(d.getMonth() + 1) +
|
||||
"-" +
|
||||
pad(d.getDate()) +
|
||||
" " +
|
||||
"T" +
|
||||
pad(d.getHours()) +
|
||||
":" +
|
||||
pad(d.getMinutes()) +
|
||||
":" +
|
||||
pad(d.getSeconds())
|
||||
pad(d.getSeconds()) +
|
||||
tzStr
|
||||
);
|
||||
}
|
||||
|
||||
@@ -258,12 +281,26 @@ function timeAgo(timestamp) {
|
||||
return years + " year" + (years !== 1 ? "s" : "") + " ago";
|
||||
}
|
||||
|
||||
function flashCopyFeedback(el) {
|
||||
if (!el) return;
|
||||
el.classList.remove("copy-flash-fade");
|
||||
el.classList.add("copy-flash-active");
|
||||
setTimeout(() => {
|
||||
el.classList.remove("copy-flash-active");
|
||||
el.classList.add("copy-flash-fade");
|
||||
setTimeout(() => {
|
||||
el.classList.remove("copy-flash-fade");
|
||||
}, 275);
|
||||
}, 75);
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
$,
|
||||
showError,
|
||||
hideError,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
balanceLine,
|
||||
balanceLinesForAddress,
|
||||
addressColor,
|
||||
|
||||
@@ -2,6 +2,7 @@ const {
|
||||
$,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
balanceLinesForAddress,
|
||||
isoDate,
|
||||
timeAgo,
|
||||
@@ -11,7 +12,11 @@ const {
|
||||
truncateMiddle,
|
||||
} = require("./helpers");
|
||||
const { state, saveState, currentAddress } = require("../../shared/state");
|
||||
const { updateSendBalance, renderSendTokenSelect } = require("./send");
|
||||
const {
|
||||
updateSendBalance,
|
||||
renderSendTokenSelect,
|
||||
resetSendValidation,
|
||||
} = require("./send");
|
||||
const { deriveAddressFromXpub } = require("../../shared/wallet");
|
||||
const {
|
||||
formatUsd,
|
||||
@@ -81,9 +86,10 @@ function renderActiveAddress() {
|
||||
el.innerHTML =
|
||||
`<span class="underline decoration-dashed cursor-pointer" id="active-addr-copy">${dot}${escapeHtml(addr)}</span>` +
|
||||
`<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
|
||||
$("active-addr-copy").addEventListener("click", () => {
|
||||
$("active-addr-copy").addEventListener("click", (e) => {
|
||||
navigator.clipboard.writeText(addr);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(e.currentTarget);
|
||||
});
|
||||
} else {
|
||||
el.textContent = "";
|
||||
@@ -235,7 +241,7 @@ function render(ctx) {
|
||||
html += `<div>`;
|
||||
html += `<div class="flex justify-between items-center bg-section py-1 px-2" style="margin:0 -0.5rem">`;
|
||||
html += `<span class="font-bold cursor-pointer wallet-name underline decoration-dashed" data-wallet="${wi}">${wallet.name}</span>`;
|
||||
if (wallet.type === "hd") {
|
||||
if (wallet.type === "hd" || wallet.type === "xprv") {
|
||||
html += `<button class="btn-add-address border border-border px-1 hover:bg-fg hover:text-bg cursor-pointer text-xs" data-wallet="${wi}" title="Add another address to this wallet">+</button>`;
|
||||
}
|
||||
html += `</div>`;
|
||||
@@ -388,6 +394,7 @@ function init(ctx) {
|
||||
$("send-token-static").classList.add("hidden");
|
||||
renderSendTokenSelect(addr);
|
||||
updateSendBalance();
|
||||
resetSendValidation();
|
||||
showView("send");
|
||||
});
|
||||
|
||||
|
||||
@@ -1,69 +0,0 @@
|
||||
const { $, showView, showFlash } = require("./helpers");
|
||||
const { addressFromPrivateKey } = require("../../shared/wallet");
|
||||
const { encryptWithPassword } = require("../../shared/vault");
|
||||
const { state, saveState } = require("../../shared/state");
|
||||
|
||||
function show() {
|
||||
$("import-private-key").value = "";
|
||||
$("import-key-password").value = "";
|
||||
$("import-key-password-confirm").value = "";
|
||||
showView("import-key");
|
||||
}
|
||||
|
||||
function init(ctx) {
|
||||
$("btn-import-key-confirm").addEventListener("click", async () => {
|
||||
const key = $("import-private-key").value.trim();
|
||||
if (!key) {
|
||||
showFlash("Please enter your private key.");
|
||||
return;
|
||||
}
|
||||
let addr;
|
||||
try {
|
||||
addr = addressFromPrivateKey(key);
|
||||
} catch (e) {
|
||||
showFlash("Invalid private key.");
|
||||
return;
|
||||
}
|
||||
const pw = $("import-key-password").value;
|
||||
const pw2 = $("import-key-password-confirm").value;
|
||||
if (!pw) {
|
||||
showFlash("Please choose a password.");
|
||||
return;
|
||||
}
|
||||
if (pw.length < 12) {
|
||||
showFlash("Password must be at least 12 characters.");
|
||||
return;
|
||||
}
|
||||
if (pw !== pw2) {
|
||||
showFlash("Passwords do not match.");
|
||||
return;
|
||||
}
|
||||
const encrypted = await encryptWithPassword(key, pw);
|
||||
const walletNum = state.wallets.length + 1;
|
||||
state.wallets.push({
|
||||
type: "key",
|
||||
name: "Wallet " + walletNum,
|
||||
encryptedSecret: encrypted,
|
||||
addresses: [
|
||||
{ address: addr, balance: "0.0000", tokenBalances: [] },
|
||||
],
|
||||
});
|
||||
state.hasWallet = true;
|
||||
await saveState();
|
||||
ctx.renderWalletList();
|
||||
showView("main");
|
||||
|
||||
ctx.doRefreshAndRender();
|
||||
});
|
||||
|
||||
$("btn-import-key-back").addEventListener("click", () => {
|
||||
if (!state.hasWallet) {
|
||||
showView("welcome");
|
||||
} else {
|
||||
ctx.renderWalletList();
|
||||
showView("main");
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
module.exports = { init, show };
|
||||
@@ -2,6 +2,7 @@ const {
|
||||
$,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
formatAddressHtml,
|
||||
addressTitle,
|
||||
} = require("./helpers");
|
||||
@@ -52,19 +53,21 @@ function show() {
|
||||
"This is an ERC-20 token. Only send " +
|
||||
symbol +
|
||||
" on the Ethereum network to this address. Sending tokens on other networks will result in permanent loss.";
|
||||
warningEl.classList.remove("hidden");
|
||||
warningEl.style.visibility = "visible";
|
||||
} else {
|
||||
warningEl.classList.add("hidden");
|
||||
warningEl.textContent = "";
|
||||
warningEl.style.visibility = "hidden";
|
||||
}
|
||||
showView("receive");
|
||||
}
|
||||
|
||||
function init(ctx) {
|
||||
$("receive-address-block").addEventListener("click", () => {
|
||||
$("receive-address-block").addEventListener("click", (e) => {
|
||||
const addr = $("receive-address-block").dataset.full;
|
||||
if (addr) {
|
||||
navigator.clipboard.writeText(addr);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(e.currentTarget);
|
||||
}
|
||||
});
|
||||
|
||||
@@ -73,6 +76,7 @@ function init(ctx) {
|
||||
if (addr) {
|
||||
navigator.clipboard.writeText(addr);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback($("receive-address-block"));
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -11,6 +11,107 @@ const { state, currentAddress } = require("../../shared/state");
|
||||
let ctx;
|
||||
const { getProvider } = require("../../shared/balances");
|
||||
const { KNOWN_SYMBOLS, resolveSymbol } = require("../../shared/tokenList");
|
||||
const { getAddress } = require("ethers");
|
||||
|
||||
const ZERO_ADDRESS = "0x0000000000000000000000000000000000000000";
|
||||
|
||||
/**
|
||||
* Validate a destination address string.
|
||||
* Returns { valid: true } or { valid: false, error: "..." }.
|
||||
*/
|
||||
function validateToAddress(value) {
|
||||
const v = value.trim();
|
||||
if (!v) return { valid: false, error: "" };
|
||||
|
||||
// ENS names: contains a dot and doesn't start with 0x
|
||||
if (v.includes(".") && !v.startsWith("0x")) {
|
||||
// Basic ENS format check: at least one label before and after dot
|
||||
if (/^[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$/.test(v)) {
|
||||
return { valid: true };
|
||||
}
|
||||
return {
|
||||
valid: false,
|
||||
error: "Please enter a valid ENS name.",
|
||||
};
|
||||
}
|
||||
|
||||
// Must look like an Ethereum address
|
||||
if (!/^0x[0-9a-fA-F]{40}$/.test(v)) {
|
||||
return {
|
||||
valid: false,
|
||||
error: "Please enter a valid Ethereum address.",
|
||||
};
|
||||
}
|
||||
|
||||
// Reject zero address
|
||||
if (v.toLowerCase() === ZERO_ADDRESS) {
|
||||
return {
|
||||
valid: false,
|
||||
error: "Sending to the zero address is not allowed.",
|
||||
};
|
||||
}
|
||||
|
||||
// EIP-55 checksum validation: all-lowercase is ok, otherwise must match checksum
|
||||
if (v !== v.toLowerCase()) {
|
||||
try {
|
||||
const checksummed = getAddress(v);
|
||||
if (checksummed !== v) {
|
||||
return {
|
||||
valid: false,
|
||||
error: "Address checksum is invalid. Please double-check the address.",
|
||||
};
|
||||
}
|
||||
} catch {
|
||||
return {
|
||||
valid: false,
|
||||
error: "Address checksum is invalid. Please double-check the address.",
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
// Warn if sending to own address
|
||||
const addr = currentAddress();
|
||||
if (addr && v.toLowerCase() === addr.address.toLowerCase()) {
|
||||
// Allow but will warn — we return valid with a warning
|
||||
return {
|
||||
valid: true,
|
||||
warning: "This is your own address. Are you sure?",
|
||||
};
|
||||
}
|
||||
|
||||
return { valid: true };
|
||||
}
|
||||
|
||||
function updateToValidation() {
|
||||
const input = $("send-to");
|
||||
const errorEl = $("send-to-error");
|
||||
const btn = $("btn-send-review");
|
||||
const value = input.value.trim();
|
||||
|
||||
if (!value) {
|
||||
errorEl.textContent = "";
|
||||
btn.disabled = true;
|
||||
btn.classList.add("opacity-50");
|
||||
return;
|
||||
}
|
||||
|
||||
const result = validateToAddress(value);
|
||||
if (!result.valid) {
|
||||
errorEl.textContent = result.error;
|
||||
errorEl.style.color = "#cc0000";
|
||||
btn.disabled = true;
|
||||
btn.classList.add("opacity-50");
|
||||
} else if (result.warning) {
|
||||
errorEl.textContent = result.warning;
|
||||
errorEl.style.color = "#b8860b";
|
||||
btn.disabled = false;
|
||||
btn.classList.remove("opacity-50");
|
||||
} else {
|
||||
errorEl.textContent = "";
|
||||
btn.disabled = false;
|
||||
btn.classList.remove("opacity-50");
|
||||
}
|
||||
}
|
||||
|
||||
const EXT_ICON =
|
||||
`<span style="display:inline-block;width:10px;height:10px;margin-left:4px;vertical-align:middle">` +
|
||||
@@ -88,6 +189,13 @@ function init(_ctx) {
|
||||
ctx = _ctx;
|
||||
$("send-token").addEventListener("change", updateSendBalance);
|
||||
|
||||
// Initial state: disable review button until address is entered
|
||||
$("btn-send-review").disabled = true;
|
||||
$("btn-send-review").classList.add("opacity-50");
|
||||
|
||||
// Validate address on input
|
||||
$("send-to").addEventListener("input", updateToValidation);
|
||||
|
||||
$("btn-send-review").addEventListener("click", async () => {
|
||||
const to = $("send-to").value.trim();
|
||||
const amount = $("send-amount").value.trim();
|
||||
@@ -95,6 +203,15 @@ function init(_ctx) {
|
||||
showFlash("Please enter a recipient address.");
|
||||
return;
|
||||
}
|
||||
|
||||
// Re-validate before proceeding
|
||||
const validation = validateToAddress(to);
|
||||
if (!validation.valid) {
|
||||
showFlash(
|
||||
validation.error || "Please enter a valid Ethereum address.",
|
||||
);
|
||||
return;
|
||||
}
|
||||
if (!amount || isNaN(parseFloat(amount)) || parseFloat(amount) <= 0) {
|
||||
showFlash("Please enter a valid amount.");
|
||||
return;
|
||||
@@ -159,4 +276,19 @@ function init(_ctx) {
|
||||
});
|
||||
}
|
||||
|
||||
module.exports = { init, updateSendBalance, renderSendTokenSelect };
|
||||
function resetSendValidation() {
|
||||
const errorEl = $("send-to-error");
|
||||
const btn = $("btn-send-review");
|
||||
if (errorEl) errorEl.textContent = "";
|
||||
if (btn) {
|
||||
btn.disabled = true;
|
||||
btn.classList.add("opacity-50");
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
init,
|
||||
updateSendBalance,
|
||||
renderSendTokenSelect,
|
||||
resetSendValidation,
|
||||
};
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
const { $, showView, showFlash, escapeHtml } = require("./helpers");
|
||||
const { applyTheme } = require("../theme");
|
||||
const { state, saveState } = require("../../shared/state");
|
||||
const { ETHEREUM_MAINNET_CHAIN_ID } = require("../../shared/constants");
|
||||
const { log, debugFetch } = require("../../shared/log");
|
||||
@@ -214,6 +215,13 @@ function init(ctx) {
|
||||
await saveState();
|
||||
});
|
||||
|
||||
$("settings-theme").value = state.theme;
|
||||
$("settings-theme").addEventListener("change", async () => {
|
||||
state.theme = $("settings-theme").value;
|
||||
await saveState();
|
||||
applyTheme(state.theme);
|
||||
});
|
||||
|
||||
$("settings-hide-low-holders").checked = state.hideLowHolderTokens;
|
||||
$("settings-hide-low-holders").addEventListener("change", async () => {
|
||||
state.hideLowHolderTokens = $("settings-hide-low-holders").checked;
|
||||
@@ -241,6 +249,12 @@ function init(ctx) {
|
||||
}
|
||||
});
|
||||
|
||||
$("settings-utc-timestamps").checked = state.utcTimestamps;
|
||||
$("settings-utc-timestamps").addEventListener("change", async () => {
|
||||
state.utcTimestamps = $("settings-utc-timestamps").checked;
|
||||
await saveState();
|
||||
});
|
||||
|
||||
$("btn-main-add-wallet").addEventListener("click", ctx.showAddWalletView);
|
||||
|
||||
$("btn-settings-add-token").addEventListener(
|
||||
|
||||
@@ -73,7 +73,8 @@ function renderDropdown() {
|
||||
|
||||
function show() {
|
||||
$("settings-addtoken-address").value = "";
|
||||
$("settings-addtoken-info").classList.add("hidden");
|
||||
$("settings-addtoken-info").textContent = "";
|
||||
$("settings-addtoken-info").style.visibility = "hidden";
|
||||
renderTop10();
|
||||
renderDropdown();
|
||||
showView("settings-addtoken");
|
||||
@@ -129,7 +130,7 @@ function init(_ctx) {
|
||||
}
|
||||
const infoEl = $("settings-addtoken-info");
|
||||
infoEl.textContent = "Looking up token...";
|
||||
infoEl.classList.remove("hidden");
|
||||
infoEl.style.visibility = "visible";
|
||||
log.debugf("Looking up token contract", addr);
|
||||
try {
|
||||
const info = await lookupTokenInfo(addr, state.rpcUrl);
|
||||
@@ -143,7 +144,8 @@ function init(_ctx) {
|
||||
await saveState();
|
||||
showFlash("Added " + info.symbol);
|
||||
$("settings-addtoken-address").value = "";
|
||||
infoEl.classList.add("hidden");
|
||||
infoEl.textContent = "";
|
||||
infoEl.style.visibility = "hidden";
|
||||
renderTop10();
|
||||
renderDropdown();
|
||||
ctx.doRefreshAndRender();
|
||||
@@ -151,7 +153,8 @@ function init(_ctx) {
|
||||
const detail = e.shortMessage || e.message || String(e);
|
||||
log.errorf("Token lookup failed for", addr, detail);
|
||||
showFlash(detail);
|
||||
infoEl.classList.add("hidden");
|
||||
infoEl.textContent = "";
|
||||
infoEl.style.visibility = "hidden";
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ const {
|
||||
$,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
addressDotHtml,
|
||||
addressTitle,
|
||||
escapeHtml,
|
||||
@@ -158,8 +159,9 @@ function render() {
|
||||
loadCalldata(tx.hash, tx.to);
|
||||
}
|
||||
|
||||
$("tx-detail-time").textContent =
|
||||
isoDate(tx.timestamp) + " (" + timeAgo(tx.timestamp) + ")";
|
||||
const isoStr = isoDate(tx.timestamp);
|
||||
$("tx-detail-time").innerHTML =
|
||||
copyableHtml(isoStr) + " (" + escapeHtml(timeAgo(tx.timestamp)) + ")";
|
||||
$("tx-detail-status").textContent = tx.isError ? "Failed" : "Success";
|
||||
showView("transaction");
|
||||
|
||||
@@ -170,6 +172,7 @@ function render() {
|
||||
el.onclick = () => {
|
||||
navigator.clipboard.writeText(el.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(el);
|
||||
};
|
||||
});
|
||||
}
|
||||
@@ -247,6 +250,7 @@ async function loadCalldata(txHash, toAddress) {
|
||||
el.onclick = () => {
|
||||
navigator.clipboard.writeText(el.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(el);
|
||||
};
|
||||
});
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ const {
|
||||
$,
|
||||
showView,
|
||||
showFlash,
|
||||
flashCopyFeedback,
|
||||
addressDotHtml,
|
||||
addressTitle,
|
||||
escapeHtml,
|
||||
@@ -43,10 +44,11 @@ function toAddressHtml(address) {
|
||||
if (title) {
|
||||
return (
|
||||
`<div class="flex items-center font-bold">${dot}${escapeHtml(title)}</div>` +
|
||||
`<div class="break-all">${escapeHtml(address)}${extLink}</div>`
|
||||
`<div class="break-all underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(address)}">${escapeHtml(address)}</div>` +
|
||||
extLink
|
||||
);
|
||||
}
|
||||
return `<div class="flex items-center">${dot}<span class="break-all">${escapeHtml(address)}</span>${extLink}</div>`;
|
||||
return `<div class="flex items-center">${dot}<span class="break-all underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(address)}">${escapeHtml(address)}</span>${extLink}</div>`;
|
||||
}
|
||||
|
||||
function txHashHtml(hash) {
|
||||
@@ -58,6 +60,16 @@ function txHashHtml(hash) {
|
||||
);
|
||||
}
|
||||
|
||||
function blockNumberHtml(blockNumber) {
|
||||
const num = String(blockNumber);
|
||||
const link = `https://etherscan.io/block/${num}`;
|
||||
const extLink = `<a href="${link}" target="_blank" rel="noopener" class="inline-flex items-center">${EXT_ICON}</a>`;
|
||||
return (
|
||||
`<span class="underline decoration-dashed cursor-pointer" data-copy="${escapeHtml(num)}">${escapeHtml(num)}</span>` +
|
||||
extLink
|
||||
);
|
||||
}
|
||||
|
||||
function attachCopyHandlers(viewId) {
|
||||
document
|
||||
.getElementById(viewId)
|
||||
@@ -66,6 +78,7 @@ function attachCopyHandlers(viewId) {
|
||||
el.onclick = () => {
|
||||
navigator.clipboard.writeText(el.dataset.copy);
|
||||
showFlash("Copied!");
|
||||
flashCopyFeedback(el);
|
||||
};
|
||||
});
|
||||
}
|
||||
@@ -139,7 +152,7 @@ function etherscanTokenLink(address) {
|
||||
|
||||
function decodedDetailsHtml(decoded) {
|
||||
if (!decoded || !decoded.details) return "";
|
||||
let html = "";
|
||||
let html = `<div class="border border-border border-dashed p-2 mb-3">`;
|
||||
if (decoded.name) {
|
||||
html += `<div class="mb-2"><div class="text-xs text-muted mb-1">Action</div>`;
|
||||
html += `<div class="font-bold">${escapeHtml(decoded.name)}</div></div>`;
|
||||
@@ -164,20 +177,36 @@ function decodedDetailsHtml(decoded) {
|
||||
}
|
||||
html += `</div>`;
|
||||
}
|
||||
html += `</div>`;
|
||||
return html;
|
||||
}
|
||||
|
||||
function renderSuccess() {
|
||||
const d = state.viewData;
|
||||
if (!d || !d.hash) return;
|
||||
$("success-tx-summary").textContent = d.amount + " " + d.symbol;
|
||||
$("success-tx-to").innerHTML = toAddressHtml(d.to);
|
||||
$("success-tx-block").textContent = String(d.blockNumber);
|
||||
|
||||
const hasDecoded = d.decoded && d.decoded.details;
|
||||
|
||||
// When decoded details are present, the Amount and To are already
|
||||
// shown inside the decoded well — hide the top-level duplicates.
|
||||
const summarySection = $("success-tx-summary").parentElement;
|
||||
const toSection = $("success-tx-to").parentElement;
|
||||
if (hasDecoded) {
|
||||
summarySection.classList.add("hidden");
|
||||
toSection.classList.add("hidden");
|
||||
} else {
|
||||
summarySection.classList.remove("hidden");
|
||||
toSection.classList.remove("hidden");
|
||||
$("success-tx-summary").textContent = d.amount + " " + d.symbol;
|
||||
$("success-tx-to").innerHTML = toAddressHtml(d.to);
|
||||
}
|
||||
|
||||
$("success-tx-block").innerHTML = blockNumberHtml(d.blockNumber);
|
||||
$("success-tx-hash").innerHTML = txHashHtml(d.hash);
|
||||
|
||||
// Show decoded calldata details if present
|
||||
const decodedEl = $("success-tx-decoded");
|
||||
if (decodedEl && d.decoded) {
|
||||
if (decodedEl && hasDecoded) {
|
||||
decodedEl.innerHTML = decodedDetailsHtml(d.decoded);
|
||||
decodedEl.classList.remove("hidden");
|
||||
} else if (decodedEl) {
|
||||
|
||||
109
src/shared/addressWarnings.js
Normal file
109
src/shared/addressWarnings.js
Normal file
@@ -0,0 +1,109 @@
|
||||
// Address warning module.
|
||||
// Provides local and async (RPC-based) warning checks for Ethereum addresses.
|
||||
// Returns arrays of {type, message, severity} objects.
|
||||
|
||||
const { isScamAddress } = require("./scamlist");
|
||||
const { isBurnAddress } = require("./constants");
|
||||
const { checkEtherscanLabel } = require("./etherscanLabels");
|
||||
const { log } = require("./log");
|
||||
|
||||
/**
|
||||
* Check an address against local-only lists (scam, burn, self-send).
|
||||
* Synchronous — no network calls.
|
||||
*
|
||||
* @param {string} address - The target address to check.
|
||||
* @param {object} [options] - Optional context.
|
||||
* @param {string} [options.fromAddress] - Sender address (for self-send check).
|
||||
* @returns {Array<{type: string, message: string, severity: string}>}
|
||||
*/
|
||||
function getLocalWarnings(address, options = {}) {
|
||||
const warnings = [];
|
||||
const addr = address.toLowerCase();
|
||||
|
||||
if (isScamAddress(addr)) {
|
||||
warnings.push({
|
||||
type: "scam",
|
||||
message:
|
||||
"This address is on a known scam/fraud list. Do not send funds to this address.",
|
||||
severity: "critical",
|
||||
});
|
||||
}
|
||||
|
||||
if (isBurnAddress(addr)) {
|
||||
warnings.push({
|
||||
type: "burn",
|
||||
message:
|
||||
"This is a known null/burn address. Funds sent here are permanently destroyed and cannot be recovered.",
|
||||
severity: "critical",
|
||||
});
|
||||
}
|
||||
|
||||
if (options.fromAddress && addr === options.fromAddress.toLowerCase()) {
|
||||
warnings.push({
|
||||
type: "self-send",
|
||||
message: "You are sending to your own address.",
|
||||
severity: "warning",
|
||||
});
|
||||
}
|
||||
|
||||
return warnings;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check an address against local lists AND via RPC queries.
|
||||
* Async — performs network calls to check contract status and tx history.
|
||||
*
|
||||
* @param {string} address - The target address to check.
|
||||
* @param {object} provider - An ethers.js provider instance.
|
||||
* @param {object} [options] - Optional context.
|
||||
* @param {string} [options.fromAddress] - Sender address (for self-send check).
|
||||
* @returns {Promise<Array<{type: string, message: string, severity: string}>>}
|
||||
*/
|
||||
async function getFullWarnings(address, provider, options = {}) {
|
||||
const warnings = getLocalWarnings(address, options);
|
||||
|
||||
try {
|
||||
const code = await provider.getCode(address);
|
||||
if (code && code !== "0x") {
|
||||
warnings.push({
|
||||
type: "contract",
|
||||
message:
|
||||
"This address is a smart contract, not a regular wallet.",
|
||||
severity: "warning",
|
||||
});
|
||||
// If it's a contract, skip the tx count check — contracts
|
||||
// may legitimately have zero inbound EOA transactions.
|
||||
return warnings;
|
||||
}
|
||||
} catch (e) {
|
||||
log.errorf("contract check failed:", e.message);
|
||||
}
|
||||
|
||||
try {
|
||||
const txCount = await provider.getTransactionCount(address);
|
||||
if (txCount === 0) {
|
||||
warnings.push({
|
||||
type: "new-address",
|
||||
message:
|
||||
"This address has never sent a transaction. Double-check it is correct.",
|
||||
severity: "info",
|
||||
});
|
||||
}
|
||||
} catch (e) {
|
||||
log.errorf("tx count check failed:", e.message);
|
||||
}
|
||||
|
||||
// Etherscan label check (best-effort async — network failures are silent).
|
||||
try {
|
||||
const etherscanWarning = await checkEtherscanLabel(address);
|
||||
if (etherscanWarning) {
|
||||
warnings.push(etherscanWarning);
|
||||
}
|
||||
} catch (e) {
|
||||
log.errorf("etherscan label check failed:", e.message);
|
||||
}
|
||||
|
||||
return warnings;
|
||||
}
|
||||
|
||||
module.exports = { getLocalWarnings, getFullWarnings };
|
||||
@@ -20,6 +20,19 @@ const ERC20_ABI = [
|
||||
"function approve(address spender, uint256 amount) returns (bool)",
|
||||
];
|
||||
|
||||
// Known null/burn addresses that permanently destroy funds.
|
||||
const BURN_ADDRESSES = new Set([
|
||||
"0x0000000000000000000000000000000000000000",
|
||||
"0x0000000000000000000000000000000000000001",
|
||||
"0x000000000000000000000000000000000000dead",
|
||||
"0xdead000000000000000000000000000000000000",
|
||||
"0x00000000000000000000000000000000deadbeef",
|
||||
]);
|
||||
|
||||
function isBurnAddress(address) {
|
||||
return BURN_ADDRESSES.has(address.toLowerCase());
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
DEBUG,
|
||||
DEBUG_MNEMONIC,
|
||||
@@ -28,4 +41,6 @@ module.exports = {
|
||||
DEFAULT_BLOCKSCOUT_URL,
|
||||
BIP44_ETH_PATH,
|
||||
ERC20_ABI,
|
||||
BURN_ADDRESSES,
|
||||
isBurnAddress,
|
||||
};
|
||||
|
||||
102
src/shared/etherscanLabels.js
Normal file
102
src/shared/etherscanLabels.js
Normal file
@@ -0,0 +1,102 @@
|
||||
// Etherscan address label lookup via page scraping.
|
||||
// Extension users make the requests directly to Etherscan — no proxy needed.
|
||||
// This is a best-effort enrichment: network failures return null silently.
|
||||
|
||||
const ETHERSCAN_BASE = "https://etherscan.io/address/";
|
||||
|
||||
// Patterns in the page title that indicate a flagged address.
|
||||
// Title format: "Fake_Phishing184810 | Address: 0x... | Etherscan"
|
||||
const PHISHING_LABEL_PATTERNS = [/^Fake_Phishing/i, /^Phish:/i, /^Exploiter/i];
|
||||
|
||||
// Patterns in the page body that indicate a scam/phishing warning.
|
||||
const SCAM_BODY_PATTERNS = [
|
||||
/used in a\s+(?:\w+\s+)?phishing scam/i,
|
||||
/used in a\s+(?:\w+\s+)?scam/i,
|
||||
/wallet\s+drainer/i,
|
||||
];
|
||||
|
||||
/**
|
||||
* Parse the Etherscan address page HTML to extract label info.
|
||||
* Exported for unit testing (no fetch needed).
|
||||
*
|
||||
* @param {string} html - Raw HTML of the Etherscan address page.
|
||||
* @returns {{ label: string|null, isPhishing: boolean, warning: string|null }}
|
||||
*/
|
||||
function parseEtherscanPage(html) {
|
||||
// Extract <title> content
|
||||
const titleMatch = html.match(/<title[^>]*>([^<]+)<\/title>/i);
|
||||
let label = null;
|
||||
let isPhishing = false;
|
||||
let warning = null;
|
||||
|
||||
if (titleMatch) {
|
||||
const title = titleMatch[1].trim();
|
||||
// Title: "LABEL | Address: 0x... | Etherscan" or "Address: 0x... | Etherscan"
|
||||
const labelMatch = title.match(/^(.+?)\s*\|\s*Address:/);
|
||||
if (labelMatch) {
|
||||
const candidate = labelMatch[1].trim();
|
||||
// Only treat as a label if it's not just "Address" (unlabeled addresses)
|
||||
if (candidate.toLowerCase() !== "address") {
|
||||
label = candidate;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Check label against phishing patterns
|
||||
if (label) {
|
||||
for (const pat of PHISHING_LABEL_PATTERNS) {
|
||||
if (pat.test(label)) {
|
||||
isPhishing = true;
|
||||
warning = `Etherscan labels this address as "${label}" (Phish/Hack).`;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Check page body for scam warning banners
|
||||
if (!isPhishing) {
|
||||
for (const pat of SCAM_BODY_PATTERNS) {
|
||||
if (pat.test(html)) {
|
||||
isPhishing = true;
|
||||
warning = label
|
||||
? `Etherscan labels this address as "${label}" and reports it was used in a scam.`
|
||||
: "Etherscan reports this address was flagged for phishing/scam activity.";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return { label, isPhishing, warning };
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch an address page from Etherscan and check for scam/phishing labels.
|
||||
* Returns a warning object if the address is flagged, or null.
|
||||
* Network failures return null silently (best-effort check).
|
||||
*
|
||||
* @param {string} address - Ethereum address to check.
|
||||
* @returns {Promise<{type: string, message: string, severity: string}|null>}
|
||||
*/
|
||||
async function checkEtherscanLabel(address) {
|
||||
try {
|
||||
const resp = await fetch(ETHERSCAN_BASE + address, {
|
||||
headers: { Accept: "text/html" },
|
||||
});
|
||||
if (!resp.ok) return null;
|
||||
const html = await resp.text();
|
||||
const result = parseEtherscanPage(html);
|
||||
if (result.isPhishing) {
|
||||
return {
|
||||
type: "etherscan-phishing",
|
||||
message: result.warning,
|
||||
severity: "critical",
|
||||
};
|
||||
}
|
||||
return null;
|
||||
} catch {
|
||||
// Network errors are expected — Etherscan may rate-limit or block.
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = { parseEtherscanPage, checkEtherscanLabel };
|
||||
133
src/shared/phishingDomains.js
Normal file
133
src/shared/phishingDomains.js
Normal file
@@ -0,0 +1,133 @@
|
||||
// Domain-based phishing detection using MetaMask's eth-phishing-detect blocklist.
|
||||
// Fetches the blocklist at runtime, caches it in memory, and checks hostnames.
|
||||
//
|
||||
// The blocklist source:
|
||||
// https://github.com/MetaMask/eth-phishing-detect (src/config.json)
|
||||
//
|
||||
// The config uses { blacklist: [...], whitelist: [...], fuzzylist: [...] }.
|
||||
// We check exact hostname and parent-domain matches against the blacklist,
|
||||
// with whitelist overrides.
|
||||
|
||||
const BLOCKLIST_URL =
|
||||
"https://raw.githubusercontent.com/MetaMask/eth-phishing-detect/main/src/config.json";
|
||||
|
||||
const CACHE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
|
||||
|
||||
let blacklistSet = new Set();
|
||||
let whitelistSet = new Set();
|
||||
let lastFetchTime = 0;
|
||||
let fetchPromise = null;
|
||||
|
||||
/**
|
||||
* Load a pre-parsed config into the in-memory sets.
|
||||
* Used for testing and for loading from cache.
|
||||
*
|
||||
* @param {{ blacklist?: string[], whitelist?: string[] }} config
|
||||
*/
|
||||
function loadConfig(config) {
|
||||
blacklistSet = new Set(
|
||||
(config.blacklist || []).map((d) => d.toLowerCase()),
|
||||
);
|
||||
whitelistSet = new Set(
|
||||
(config.whitelist || []).map((d) => d.toLowerCase()),
|
||||
);
|
||||
lastFetchTime = Date.now();
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate hostname variants for subdomain matching.
|
||||
* "sub.evil.com" yields ["sub.evil.com", "evil.com"].
|
||||
*
|
||||
* @param {string} hostname
|
||||
* @returns {string[]}
|
||||
*/
|
||||
function hostnameVariants(hostname) {
|
||||
const h = hostname.toLowerCase();
|
||||
const variants = [h];
|
||||
const parts = h.split(".");
|
||||
// Parent domains: a.b.c.d -> b.c.d, c.d
|
||||
for (let i = 1; i < parts.length - 1; i++) {
|
||||
variants.push(parts.slice(i).join("."));
|
||||
}
|
||||
return variants;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a hostname is on the phishing blocklist.
|
||||
* Checks exact hostname and all parent domains.
|
||||
* Whitelisted domains are never flagged.
|
||||
*
|
||||
* @param {string} hostname - The hostname to check.
|
||||
* @returns {boolean}
|
||||
*/
|
||||
function isPhishingDomain(hostname) {
|
||||
if (!hostname) return false;
|
||||
const variants = hostnameVariants(hostname);
|
||||
// Whitelist takes priority
|
||||
for (const v of variants) {
|
||||
if (whitelistSet.has(v)) return false;
|
||||
}
|
||||
for (const v of variants) {
|
||||
if (blacklistSet.has(v)) return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch the latest blocklist from the MetaMask repo.
|
||||
* De-duplicates concurrent fetches. Results are cached for CACHE_TTL_MS.
|
||||
*
|
||||
* @returns {Promise<void>}
|
||||
*/
|
||||
async function updatePhishingList() {
|
||||
// Skip if recently fetched
|
||||
if (Date.now() - lastFetchTime < CACHE_TTL_MS && blacklistSet.size > 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
// De-duplicate concurrent calls
|
||||
if (fetchPromise) return fetchPromise;
|
||||
|
||||
fetchPromise = (async () => {
|
||||
try {
|
||||
const resp = await fetch(BLOCKLIST_URL);
|
||||
if (!resp.ok) throw new Error("HTTP " + resp.status);
|
||||
const config = await resp.json();
|
||||
loadConfig(config);
|
||||
} catch {
|
||||
// Silently fail — we'll retry next time.
|
||||
} finally {
|
||||
fetchPromise = null;
|
||||
}
|
||||
})();
|
||||
|
||||
return fetchPromise;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the current blocklist size (for diagnostics).
|
||||
*
|
||||
* @returns {number}
|
||||
*/
|
||||
function getBlocklistSize() {
|
||||
return blacklistSet.size;
|
||||
}
|
||||
|
||||
/**
|
||||
* Reset internal state (for testing).
|
||||
*/
|
||||
function _reset() {
|
||||
blacklistSet = new Set();
|
||||
whitelistSet = new Set();
|
||||
lastFetchTime = 0;
|
||||
fetchPromise = null;
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
isPhishingDomain,
|
||||
updatePhishingList,
|
||||
loadConfig,
|
||||
getBlocklistSize,
|
||||
hostnameVariants,
|
||||
_reset,
|
||||
};
|
||||
File diff suppressed because it is too large
Load Diff
@@ -23,8 +23,10 @@ const DEFAULT_STATE = {
|
||||
hideFraudContracts: true,
|
||||
hideDustTransactions: true,
|
||||
dustThresholdGwei: 100000,
|
||||
utcTimestamps: false,
|
||||
fraudContracts: [],
|
||||
tokenHolderCache: {},
|
||||
theme: "system",
|
||||
};
|
||||
|
||||
const state = {
|
||||
@@ -53,8 +55,10 @@ async function saveState() {
|
||||
hideFraudContracts: state.hideFraudContracts,
|
||||
hideDustTransactions: state.hideDustTransactions,
|
||||
dustThresholdGwei: state.dustThresholdGwei,
|
||||
utcTimestamps: state.utcTimestamps,
|
||||
fraudContracts: state.fraudContracts,
|
||||
tokenHolderCache: state.tokenHolderCache,
|
||||
theme: state.theme,
|
||||
currentView: state.currentView,
|
||||
selectedWallet: state.selectedWallet,
|
||||
selectedAddress: state.selectedAddress,
|
||||
@@ -108,8 +112,11 @@ async function loadState() {
|
||||
saved.dustThresholdGwei !== undefined
|
||||
? saved.dustThresholdGwei
|
||||
: 100000;
|
||||
state.utcTimestamps =
|
||||
saved.utcTimestamps !== undefined ? saved.utcTimestamps : false;
|
||||
state.fraudContracts = saved.fraudContracts || [];
|
||||
state.tokenHolderCache = saved.tokenHolderCache || {};
|
||||
state.theme = saved.theme || "system";
|
||||
state.currentView = saved.currentView || null;
|
||||
state.selectedWallet =
|
||||
saved.selectedWallet !== undefined ? saved.selectedWallet : null;
|
||||
|
||||
@@ -153,14 +153,11 @@ async function fetchRecentTransactions(address, blockscoutUrl, count = 25) {
|
||||
|
||||
// When a token transfer shares a hash with a normal tx, the normal tx
|
||||
// is the contract call (0 ETH) and the token transfer has the real
|
||||
// amount and symbol. Preserve contract call metadata (direction, label,
|
||||
// method) so swaps and other contract interactions display correctly.
|
||||
//
|
||||
// A single tx hash can produce multiple token transfers (e.g. a swap
|
||||
// sends token A and receives token B). Use a composite key
|
||||
// (hash:contractAddress) so every transfer is preserved. The original
|
||||
// normal-tx entry (keyed by bare hash) is removed when at least one
|
||||
// token transfer replaces it.
|
||||
// amount and symbol. A single transaction (e.g. a swap) can produce
|
||||
// multiple token transfers (one per token involved), so we key token
|
||||
// transfers by hash + contract address to keep all of them. We also
|
||||
// preserve contract-call metadata (direction, label, method) from the
|
||||
// matching normal tx so swaps display correctly.
|
||||
for (const tt of ttJson.items || []) {
|
||||
const parsed = parseTokenTransfer(tt, addrLower);
|
||||
const existing = txsByHash.get(parsed.hash);
|
||||
@@ -169,12 +166,13 @@ async function fetchRecentTransactions(address, blockscoutUrl, count = 25) {
|
||||
parsed.directionLabel = existing.directionLabel;
|
||||
parsed.isContractCall = true;
|
||||
parsed.method = existing.method;
|
||||
// Remove the bare-hash normal tx so it isn't duplicated
|
||||
// Remove the bare-hash normal tx so it doesn't appear as a
|
||||
// duplicate with empty value; token transfers replace it.
|
||||
txsByHash.delete(parsed.hash);
|
||||
}
|
||||
// Use composite key so multiple token transfers per tx are kept
|
||||
const compositeKey = parsed.hash + ":" + (parsed.contractAddress || "");
|
||||
txsByHash.set(compositeKey, parsed);
|
||||
// Use composite key so multiple token transfers per tx are kept.
|
||||
const ttKey = parsed.hash + ":" + (parsed.contractAddress || "");
|
||||
txsByHash.set(ttKey, parsed);
|
||||
}
|
||||
|
||||
const txs = [...txsByHash.values()];
|
||||
|
||||
@@ -445,12 +445,18 @@ function decode(data, toAddress) {
|
||||
const maxUint160 = BigInt(
|
||||
"0xffffffffffffffffffffffffffffffffffffffff",
|
||||
);
|
||||
const amountStr =
|
||||
inputAmount >= maxUint160
|
||||
? "Unlimited"
|
||||
: formatAmount(inputAmount, inInfo.decimals) +
|
||||
(inSymbol ? " " + inSymbol : "");
|
||||
details.push({ label: "Amount", value: amountStr });
|
||||
const isUnlimited = inputAmount >= maxUint160;
|
||||
const amountRaw = isUnlimited
|
||||
? "Unlimited"
|
||||
: formatAmount(inputAmount, inInfo.decimals);
|
||||
const amountStr = isUnlimited
|
||||
? "Unlimited"
|
||||
: amountRaw + (inSymbol ? " " + inSymbol : "");
|
||||
details.push({
|
||||
label: "Amount",
|
||||
value: amountStr,
|
||||
rawValue: amountRaw,
|
||||
});
|
||||
}
|
||||
|
||||
if (outSymbol) {
|
||||
|
||||
@@ -24,6 +24,26 @@ function hdWalletFromMnemonic(mnemonic) {
|
||||
return { xpub, firstAddress };
|
||||
}
|
||||
|
||||
function hdWalletFromXprv(xprv) {
|
||||
const root = HDNodeWallet.fromExtendedKey(xprv);
|
||||
if (!root.privateKey) {
|
||||
throw new Error("Not an extended private key (xprv).");
|
||||
}
|
||||
const node = root.derivePath("44'/60'/0'/0");
|
||||
const xpub = node.neuter().extendedKey;
|
||||
const firstAddress = node.deriveChild(0).address;
|
||||
return { xpub, firstAddress };
|
||||
}
|
||||
|
||||
function isValidXprv(key) {
|
||||
try {
|
||||
const node = HDNodeWallet.fromExtendedKey(key);
|
||||
return !!node.privateKey;
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function addressFromPrivateKey(key) {
|
||||
const w = new Wallet(key);
|
||||
return w.address;
|
||||
@@ -38,6 +58,11 @@ function getSignerForAddress(walletData, addrIndex, decryptedSecret) {
|
||||
);
|
||||
return node.deriveChild(addrIndex);
|
||||
}
|
||||
if (walletData.type === "xprv") {
|
||||
const root = HDNodeWallet.fromExtendedKey(decryptedSecret);
|
||||
const node = root.derivePath("44'/60'/0'/0");
|
||||
return node.deriveChild(addrIndex);
|
||||
}
|
||||
return new Wallet(decryptedSecret);
|
||||
}
|
||||
|
||||
@@ -49,6 +74,8 @@ module.exports = {
|
||||
generateMnemonic,
|
||||
deriveAddressFromXpub,
|
||||
hdWalletFromMnemonic,
|
||||
hdWalletFromXprv,
|
||||
isValidXprv,
|
||||
addressFromPrivateKey,
|
||||
getSignerForAddress,
|
||||
isValidMnemonic,
|
||||
|
||||
100
tests/etherscanLabels.test.js
Normal file
100
tests/etherscanLabels.test.js
Normal file
@@ -0,0 +1,100 @@
|
||||
const { parseEtherscanPage } = require("../src/shared/etherscanLabels");
|
||||
|
||||
describe("etherscanLabels", () => {
|
||||
describe("parseEtherscanPage", () => {
|
||||
test("detects Fake_Phishing label in title", () => {
|
||||
const html = `<html><head><title>Fake_Phishing184810 | Address: 0x00000c07...3ea470000 | Etherscan</title></head><body></body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("Fake_Phishing184810");
|
||||
expect(result.isPhishing).toBe(true);
|
||||
expect(result.warning).toContain("Fake_Phishing184810");
|
||||
expect(result.warning).toContain("Phish/Hack");
|
||||
});
|
||||
|
||||
test("detects Fake_Phishing with different number", () => {
|
||||
const html = `<html><head><title>Fake_Phishing5169 | Address: 0x3e0defb8...99a7a8a74 | Etherscan</title></head><body></body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("Fake_Phishing5169");
|
||||
expect(result.isPhishing).toBe(true);
|
||||
});
|
||||
|
||||
test("detects Exploiter label", () => {
|
||||
const html = `<html><head><title>Exploiter 42 | Address: 0xabcdef...1234 | Etherscan</title></head><body></body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("Exploiter 42");
|
||||
expect(result.isPhishing).toBe(true);
|
||||
});
|
||||
|
||||
test("detects scam warning in body text", () => {
|
||||
const html =
|
||||
`<html><head><title>Address: 0xabcdef...1234 | Etherscan</title></head>` +
|
||||
`<body>There are reports that this address was used in a Phishing scam.</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBeNull();
|
||||
expect(result.isPhishing).toBe(true);
|
||||
expect(result.warning).toContain("phishing/scam");
|
||||
});
|
||||
|
||||
test("detects scam warning with label in body", () => {
|
||||
const html =
|
||||
`<html><head><title>SomeScammer | Address: 0xabcdef...1234 | Etherscan</title></head>` +
|
||||
`<body>There are reports that this address was used in a scam.</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("SomeScammer");
|
||||
expect(result.isPhishing).toBe(true);
|
||||
expect(result.warning).toContain("SomeScammer");
|
||||
});
|
||||
|
||||
test("returns clean result for legitimate address", () => {
|
||||
const html = `<html><head><title>vitalik.eth | Address: 0xd8dA6BF2...37aA96045 | Etherscan</title></head><body>Overview</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("vitalik.eth");
|
||||
expect(result.isPhishing).toBe(false);
|
||||
expect(result.warning).toBeNull();
|
||||
});
|
||||
|
||||
test("returns clean result for unlabeled address", () => {
|
||||
const html = `<html><head><title>Address: 0x1234567890...abcdef | Etherscan</title></head><body>Overview</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBeNull();
|
||||
expect(result.isPhishing).toBe(false);
|
||||
expect(result.warning).toBeNull();
|
||||
});
|
||||
|
||||
test("handles exchange labels correctly (not phishing)", () => {
|
||||
const html = `<html><head><title>Coinbase 10 | Address: 0xa9d1e08c...b81d3e43 | Etherscan</title></head><body>Overview</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("Coinbase 10");
|
||||
expect(result.isPhishing).toBe(false);
|
||||
});
|
||||
|
||||
test("handles contract names correctly (not phishing)", () => {
|
||||
const html = `<html><head><title>Beacon Deposit Contract | Address: 0x00000000...03d7705Fa | Etherscan</title></head><body>Overview</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBe("Beacon Deposit Contract");
|
||||
expect(result.isPhishing).toBe(false);
|
||||
});
|
||||
|
||||
test("handles empty HTML gracefully", () => {
|
||||
const result = parseEtherscanPage("");
|
||||
expect(result.label).toBeNull();
|
||||
expect(result.isPhishing).toBe(false);
|
||||
expect(result.warning).toBeNull();
|
||||
});
|
||||
|
||||
test("handles malformed title tag", () => {
|
||||
const html = `<html><head><title></title></head><body></body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.label).toBeNull();
|
||||
expect(result.isPhishing).toBe(false);
|
||||
});
|
||||
|
||||
test("detects wallet drainer warning", () => {
|
||||
const html =
|
||||
`<html><head><title>Address: 0xabc...def | Etherscan</title></head>` +
|
||||
`<body>This is a known wallet drainer contract.</body></html>`;
|
||||
const result = parseEtherscanPage(html);
|
||||
expect(result.isPhishing).toBe(true);
|
||||
});
|
||||
});
|
||||
});
|
||||
166
tests/phishingDomains.test.js
Normal file
166
tests/phishingDomains.test.js
Normal file
@@ -0,0 +1,166 @@
|
||||
const {
|
||||
isPhishingDomain,
|
||||
loadConfig,
|
||||
getBlocklistSize,
|
||||
hostnameVariants,
|
||||
_reset,
|
||||
} = require("../src/shared/phishingDomains");
|
||||
|
||||
// Reset state before each test to avoid cross-test contamination.
|
||||
beforeEach(() => {
|
||||
_reset();
|
||||
});
|
||||
|
||||
describe("phishingDomains", () => {
|
||||
describe("hostnameVariants", () => {
|
||||
test("returns exact hostname plus parent domains", () => {
|
||||
const variants = hostnameVariants("sub.evil.com");
|
||||
expect(variants).toEqual(["sub.evil.com", "evil.com"]);
|
||||
});
|
||||
|
||||
test("returns just the hostname for a bare domain", () => {
|
||||
const variants = hostnameVariants("example.com");
|
||||
expect(variants).toEqual(["example.com"]);
|
||||
});
|
||||
|
||||
test("handles deep subdomain chains", () => {
|
||||
const variants = hostnameVariants("a.b.c.d.com");
|
||||
expect(variants).toEqual([
|
||||
"a.b.c.d.com",
|
||||
"b.c.d.com",
|
||||
"c.d.com",
|
||||
"d.com",
|
||||
]);
|
||||
});
|
||||
|
||||
test("lowercases hostnames", () => {
|
||||
const variants = hostnameVariants("Evil.COM");
|
||||
expect(variants).toEqual(["evil.com"]);
|
||||
});
|
||||
});
|
||||
|
||||
describe("loadConfig + isPhishingDomain", () => {
|
||||
test("detects exact blacklisted domain", () => {
|
||||
loadConfig({
|
||||
blacklist: ["evil-phishing.com", "scam-swap.xyz"],
|
||||
whitelist: [],
|
||||
});
|
||||
expect(isPhishingDomain("evil-phishing.com")).toBe(true);
|
||||
expect(isPhishingDomain("scam-swap.xyz")).toBe(true);
|
||||
});
|
||||
|
||||
test("returns false for clean domains", () => {
|
||||
loadConfig({
|
||||
blacklist: ["evil-phishing.com"],
|
||||
whitelist: [],
|
||||
});
|
||||
expect(isPhishingDomain("etherscan.io")).toBe(false);
|
||||
expect(isPhishingDomain("uniswap.org")).toBe(false);
|
||||
});
|
||||
|
||||
test("detects subdomain of blacklisted domain", () => {
|
||||
loadConfig({
|
||||
blacklist: ["evil-phishing.com"],
|
||||
whitelist: [],
|
||||
});
|
||||
expect(isPhishingDomain("app.evil-phishing.com")).toBe(true);
|
||||
expect(isPhishingDomain("sub.app.evil-phishing.com")).toBe(true);
|
||||
});
|
||||
|
||||
test("whitelist overrides blacklist", () => {
|
||||
loadConfig({
|
||||
blacklist: ["metamask.io"],
|
||||
whitelist: ["metamask.io"],
|
||||
});
|
||||
expect(isPhishingDomain("metamask.io")).toBe(false);
|
||||
});
|
||||
|
||||
test("whitelist on parent domain overrides blacklist", () => {
|
||||
loadConfig({
|
||||
blacklist: ["sub.legit.com"],
|
||||
whitelist: ["legit.com"],
|
||||
});
|
||||
expect(isPhishingDomain("sub.legit.com")).toBe(false);
|
||||
});
|
||||
|
||||
test("case-insensitive matching", () => {
|
||||
loadConfig({
|
||||
blacklist: ["Evil-Phishing.COM"],
|
||||
whitelist: [],
|
||||
});
|
||||
expect(isPhishingDomain("evil-phishing.com")).toBe(true);
|
||||
expect(isPhishingDomain("EVIL-PHISHING.COM")).toBe(true);
|
||||
});
|
||||
|
||||
test("returns false for empty/null hostname", () => {
|
||||
loadConfig({
|
||||
blacklist: ["evil.com"],
|
||||
whitelist: [],
|
||||
});
|
||||
expect(isPhishingDomain("")).toBe(false);
|
||||
expect(isPhishingDomain(null)).toBe(false);
|
||||
});
|
||||
|
||||
test("getBlocklistSize reflects loaded config", () => {
|
||||
loadConfig({
|
||||
blacklist: ["a.com", "b.com", "c.com"],
|
||||
whitelist: ["d.com"],
|
||||
});
|
||||
expect(getBlocklistSize()).toBe(3);
|
||||
});
|
||||
|
||||
test("handles config with no blacklist/whitelist keys", () => {
|
||||
loadConfig({});
|
||||
expect(isPhishingDomain("anything.com")).toBe(false);
|
||||
expect(getBlocklistSize()).toBe(0);
|
||||
});
|
||||
|
||||
test("re-loading config replaces previous data", () => {
|
||||
loadConfig({
|
||||
blacklist: ["old-scam.com"],
|
||||
whitelist: [],
|
||||
});
|
||||
expect(isPhishingDomain("old-scam.com")).toBe(true);
|
||||
|
||||
loadConfig({
|
||||
blacklist: ["new-scam.com"],
|
||||
whitelist: [],
|
||||
});
|
||||
expect(isPhishingDomain("old-scam.com")).toBe(false);
|
||||
expect(isPhishingDomain("new-scam.com")).toBe(true);
|
||||
});
|
||||
});
|
||||
|
||||
describe("real-world MetaMask blocklist patterns", () => {
|
||||
test("detects known phishing domains from MetaMask list", () => {
|
||||
loadConfig({
|
||||
blacklist: [
|
||||
"uniswap-trade.web.app",
|
||||
"hopprotocol.pro",
|
||||
"blast-pools.pages.dev",
|
||||
],
|
||||
whitelist: [],
|
||||
});
|
||||
expect(isPhishingDomain("uniswap-trade.web.app")).toBe(true);
|
||||
expect(isPhishingDomain("hopprotocol.pro")).toBe(true);
|
||||
expect(isPhishingDomain("blast-pools.pages.dev")).toBe(true);
|
||||
});
|
||||
|
||||
test("does not flag legitimate domains whitelisted by MetaMask", () => {
|
||||
loadConfig({
|
||||
blacklist: ["opensea.pro"],
|
||||
whitelist: [
|
||||
"opensea.io",
|
||||
"metamask.io",
|
||||
"etherscan.io",
|
||||
"opensea.pro",
|
||||
],
|
||||
});
|
||||
expect(isPhishingDomain("opensea.io")).toBe(false);
|
||||
expect(isPhishingDomain("metamask.io")).toBe(false);
|
||||
expect(isPhishingDomain("etherscan.io")).toBe(false);
|
||||
// opensea.pro is both blacklisted and whitelisted — whitelist wins
|
||||
expect(isPhishingDomain("opensea.pro")).toBe(false);
|
||||
});
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user