search

safe-global / safe-wallet-web

Safe{Wallet} – smart contract wallet for Ethereum (ex-Gnosis Safe multisig)
https://app.safe.global
GNU General Public License v3.0
311 stars 360 forks source link

fix: address poison copy confirmation modal #3891

Closed schmanu closed 10 hours ago

schmanu commented 2 days ago

What it solves

We currently do not show the "Before you copy" confirmation modal for transactions using real tokens to perform address poisoning.

How this PR fixes it

Show the Copy modal warning for transactions that are detected as imitations but use trusted tokens.

How to test it

Open a Safe with an address poisoning attempt using a real token (e.g. USDC)

Screenshots

Checklist

github-actions[bot] commented 2 days ago

Branch preview

βœ… Deploy successful!

Website: https://fix_address_poison_modal--walletweb.review.5afe.dev/home?safe=eth:0xA77DE01e157f9f57C7c4A326eeE9C4874D0598b6

Storybook: https://fix_address_poison_modal--walletweb.review.5afe.dev/storybook/

github-actions[bot] commented 2 days ago

ESLint Summary View Full Report

Annotations are provided inline on the Files Changed tab. You can also see all annotations that were generated on the annotations page.

Type Occurrences Fixable
Errors 0 0
Warnings 0 0
Ignored 0 N/A

Report generated by eslint-plus-action

github-actions[bot] commented 2 days ago

πŸ“¦ Next.js Bundle Analysis for safe-wallet-web

This analysis was generated by the Next.js Bundle Analysis action. πŸ€–

⚠️ Global Bundle Size Increased

Page Size (compressed)
global 1000.19 KB (🟑 +4 B)
Details

The global bundle is the javascript bundle that loads alongside every page. It is in its own category because its impact is much higher - an increase to its size means that every page on your website loads slower, and a decrease means every page loads faster.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

If you want further insight into what is behind the changes, give @next/bundle-analyzer a try!

github-actions[bot] commented 2 days ago

Coverage report

St.:grey_question:
 Category Percentage Covered / Total
🟑 Statements
78.94% (+0.18% πŸ”Ό)
 11419/14466
πŸ”΄ Branches
58.62% (+0.59% πŸ”Ό)
 2787/4754
🟑 Functions
66.02% (+0.29% πŸ”Ό)
 1836/2781
🟒 Lines
80.28% (+0.15% πŸ”Ό)
 10286/12812

Test suite run success

1420 tests passing in 196 suites.

Report generated by πŸ§ͺjest coverage report action from d6219529e97c19be35779a8a040cf38bc7e1d89b

francovenica commented 10 hours ago

We tested it with Manu, since finding a real address that had the issue to see it was difficult. I cannot share the address of the safe since it is private, but I can ensure that, for tx where you receive real tokens from obviously dubious addresses you see the "are you sure" modal before copying such address image