feat(transaction): add SecurityCheck component#2636
Open
lau90eth wants to merge 1 commit into
Open
Conversation
Adds SecurityCheck component that analyzes contract security before user signs a transaction. - Reads contract addresses from Transaction context - Fetches verification data from Basescan API - Shows: verified, proxy, unverified status with risk indicators - Standalone implementation — no dependency on other PRs - 5 tests covering: loading, verified, unverified, proxy, empty state Refs: coinbase#2572
|
@lau90eth is attempting to deploy a commit to the Coinbase Team on Vercel. A member of the Team first needs to authorize it. |
🟡 Heimdall Review Status
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
OnchainKit makes it easy to send transactions, but users have zero
visibility into what they're signing. Is the contract verified?
Is it a proxy?
This PR adds
<SecurityCheck />, a component that automatically analyzescontract security before the user signs — no configuration required.
What changed
SecurityCheckcomponent — reads contract addresses fromTransactionContext, fetches verification data from Basescan API,and renders a security status banner before the user signs
Fetches data directly from Basescan API internally.
src/transaction/index.tsUsage
The component renders
nullwhen there are no calls or all checks passsilently — zero impact on existing Transaction flows.
Notes to reviewers
apiKeyis present inOnchainKitProvider,it is passed for higher rate limits. Works without a key for
low-volume usage.
callsfromuseTransactionContext— automatically workswith any existing
<Transaction />usagenullwhen no calls are present — zero impact onexisting behavior
(
cn,text,borderfrom theme)Testing
SecurityCheck.test.tsx— 5 testsTest cases covered:
Risk
Low. Additive component. Does not modify
TransactionProvider,TransactionButton, or any existing transaction logic.Renders
nullby default when checks pass — invisible to usersunless a risk is detected.
Refs: #2637