feat: expand confirm-tx warnings — closes #114 #118
@@ -630,6 +630,18 @@
|
||||
here are permanently destroyed and cannot be recovered.
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
id="confirm-etherscan-warning"
|
||||
class="mb-2"
|
||||
style="visibility: hidden"
|
||||
>
|
||||
<div
|
||||
class="border border-red-500 border-dashed p-2 text-xs font-bold text-red-500"
|
||||
>
|
||||
WARNING: Etherscan has flagged this address as
|
||||
phishing/scam. Do not send funds to this address.
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
id="confirm-errors"
|
||||
class="mb-2 border border-border border-dashed p-2"
|
||||
@@ -1226,13 +1238,7 @@
|
||||
<h2 class="font-bold mb-2">Transaction Request</h2>
|
||||
<div
|
||||
id="approve-tx-phishing-warning"
|
||||
class="mb-3 p-2 text-xs font-bold hidden"
|
||||
style="
|
||||
background: #fee2e2;
|
||||
color: #991b1b;
|
||||
border: 2px solid #dc2626;
|
||||
border-radius: 6px;
|
||||
"
|
||||
class="mb-3 p-2 text-xs font-bold hidden bg-red-100 text-red-800 border-2 border-red-600 rounded-md"
|
||||
>
|
||||
⚠️ PHISHING WARNING: This site is on MetaMask's phishing
|
||||
blocklist. This transaction may steal your funds. Proceed
|
||||
@@ -1306,13 +1312,7 @@
|
||||
<h2 class="font-bold mb-2">Signature Request</h2>
|
||||
<div
|
||||
id="approve-sign-phishing-warning"
|
||||
class="mb-3 p-2 text-xs font-bold hidden"
|
||||
style="
|
||||
background: #fee2e2;
|
||||
color: #991b1b;
|
||||
border: 2px solid #dc2626;
|
||||
border-radius: 6px;
|
||||
"
|
||||
class="mb-3 p-2 text-xs font-bold hidden bg-red-100 text-red-800 border-2 border-red-600 rounded-md"
|
||||
>
|
||||
⚠️ PHISHING WARNING: This site is on MetaMask's phishing
|
||||
blocklist. Signing this message may authorize theft of your
|
||||
@@ -1389,13 +1389,7 @@
|
||||
<h2 class="font-bold mb-2">Connection Request</h2>
|
||||
<div
|
||||
id="approve-site-phishing-warning"
|
||||
class="mb-3 p-2 text-xs font-bold hidden"
|
||||
style="
|
||||
background: #fee2e2;
|
||||
color: #991b1b;
|
||||
border: 2px solid #dc2626;
|
||||
border-radius: 6px;
|
||||
"
|
||||
class="mb-3 p-2 text-xs font-bold hidden bg-red-100 text-red-800 border-2 border-red-600 rounded-md"
|
||||
>
|
||||
⚠️ PHISHING WARNING: This site is on MetaMask's phishing
|
||||
blocklist. Connecting your wallet may result in loss of
|
||||
|
||||
@@ -248,6 +248,7 @@ function show(txInfo) {
|
||||
$("confirm-recipient-warning").style.visibility = "hidden";
|
||||
$("confirm-contract-warning").style.visibility = "hidden";
|
||||
$("confirm-burn-warning").style.visibility = "hidden";
|
||||
$("confirm-etherscan-warning").style.visibility = "hidden";
|
||||
|
||||
// Show burn warning via reserved element (in addition to inline warning)
|
||||
if (isBurnAddress(txInfo.to)) {
|
||||
@@ -311,6 +312,9 @@ async function checkRecipientHistory(txInfo) {
|
||||
if (w.type === "new-address") {
|
||||
$("confirm-recipient-warning").style.visibility = "visible";
|
||||
}
|
||||
if (w.type === "etherscan-phishing") {
|
||||
$("confirm-etherscan-warning").style.visibility = "visible";
|
||||
}
|
||||
}
|
||||
} catch (e) {
|
||||
log.errorf("recipient history check failed:", e.message);
|
||||
|
||||
@@ -62,38 +62,43 @@ function getLocalWarnings(address, options = {}) {
|
||||
async function getFullWarnings(address, provider, options = {}) {
|
||||
const warnings = getLocalWarnings(address, options);
|
||||
|
||||
let isContract = false;
|
||||
try {
|
||||
const code = await provider.getCode(address);
|
||||
if (code && code !== "0x") {
|
||||
isContract = true;
|
||||
warnings.push({
|
||||
type: "contract",
|
||||
message:
|
||||
"This address is a smart contract, not a regular wallet.",
|
||||
severity: "warning",
|
||||
});
|
||||
// If it's a contract, skip the tx count check — contracts
|
||||
// may legitimately have zero inbound EOA transactions.
|
||||
return warnings;
|
||||
}
|
||||
} catch (e) {
|
||||
log.errorf("contract check failed:", e.message);
|
||||
}
|
||||
|
||||
try {
|
||||
const txCount = await provider.getTransactionCount(address);
|
||||
if (txCount === 0) {
|
||||
warnings.push({
|
||||
type: "new-address",
|
||||
message:
|
||||
"This address has never sent a transaction. Double-check it is correct.",
|
||||
severity: "info",
|
||||
});
|
||||
// Skip tx count check for contracts — they may legitimately have
|
||||
// zero inbound EOA transactions.
|
||||
if (!isContract) {
|
||||
try {
|
||||
const txCount = await provider.getTransactionCount(address);
|
||||
if (txCount === 0) {
|
||||
warnings.push({
|
||||
type: "new-address",
|
||||
message:
|
||||
"This address has never sent a transaction. Double-check it is correct.",
|
||||
severity: "info",
|
||||
});
|
||||
}
|
||||
} catch (e) {
|
||||
log.errorf("tx count check failed:", e.message);
|
||||
}
|
||||
} catch (e) {
|
||||
log.errorf("tx count check failed:", e.message);
|
||||
}
|
||||
|
||||
// Etherscan label check (best-effort async — network failures are silent).
|
||||
// Runs for ALL addresses including contracts, since many dangerous
|
||||
// flagged addresses on Etherscan (drainers, phishing contracts) are contracts.
|
||||
try {
|
||||
const etherscanWarning = await checkEtherscanLabel(address);
|
||||
if (etherscanWarning) {
|
||||
|
||||
Reference in New Issue
Block a user