@exodus/ethereum-api 8.75.0 → 8.76.0

package/CHANGELOG.md

@@ -3,6 +3,26 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [8.76.0](https://github.com/ExodusMovement/assets/compare/@exodus/ethereum-api@8.75.1...@exodus/ethereum-api@8.76.0) (2026-05-25)
+
+
+### Features
+
+
+* feat(ethereum-api): warn on risky recipients for native ETH sends (#8110)
+
+
+
+## [8.75.1](https://github.com/ExodusMovement/assets/compare/@exodus/ethereum-api@8.75.0...@exodus/ethereum-api@8.75.1) (2026-05-19)
+
+
+### Bug Fixes
+
+
+* fix: use correct fromAddress for gasLimit multiplication (#8078)
+
+
+
 ## [8.75.0](https://github.com/ExodusMovement/assets/compare/@exodus/ethereum-api@8.74.1...@exodus/ethereum-api@8.75.0) (2026-05-13)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@exodus/ethereum-api",
-  "version": "8.75.0",
+  "version": "8.76.0",
   "description": "Transaction monitors, fee monitors, RPC with the blockchain node, and other networking code for Ethereum and EVM-based blockchains",
   "type": "module",
   "main": "src/index.js",
@@ -36,10 +36,12 @@
     "@exodus/fetch": "^1.3.0",
     "@exodus/models": "^13.0.0",
     "@exodus/safe-string": "^1.4.0",
+    "@exodus/send-validation-model": "^1.2.0",
     "@exodus/simple-retry": "^0.0.6",
     "@exodus/solidity-contract": "^1.3.0",
     "@exodus/traceparent": "^3.0.1",
     "@exodus/web3-ethereum-utils": "^4.7.4",
+    "@exodus/web3-utils": "^1.51.2",
     "bn.js": "^5.2.1",
     "delay": "^4.0.1",
     "eventemitter3": "^4.0.7",
@@ -58,7 +60,8 @@
     "@exodus/ethereumarbone-meta": "^2.1.2",
     "@exodus/fantommainnet-meta": "^2.0.5",
     "@exodus/matic-meta": "^2.2.7",
-    "@exodus/rootstock-meta": "^2.0.5"
+    "@exodus/rootstock-meta": "^2.0.5",
+    "@exodus/send-validation": "^5.4.1"
   },
   "bugs": {
     "url": "https://github.com/ExodusMovement/assets/issues?q=is%3Aissue+is%3Aopen+label%3Aethereum-api"
@@ -67,5 +70,5 @@
     "type": "git",
     "url": "git+https://github.com/ExodusMovement/assets.git"
   },
-  "gitHead": "8cf5e6a5fc7d235c2c57ea51219bb1e3469329c5"
+  "gitHead": "73ff97a75479c3b25fccc11f31879ec634818d63"
 }

package/src/allowance/index.js

@@ -120,11 +120,9 @@ export const buildLegacyApproveTx = async ({
   const baseAsset = asset.baseAsset
 
   return {
-    asset: baseAsset.name,
-    receiver: {
-      address: unsignedTx.txData.to,
-      amount: buffer2currency({ asset: baseAsset, value: unsignedTx.txData.value }),
-    },
+    asset: baseAsset,
+    address: unsignedTx.txData.to,
+    amount: buffer2currency({ asset: baseAsset, value: unsignedTx.txData.value }),
     txInput: unsignedTx.txData.data,
     gasPrice: buffer2currency({ asset: baseAsset, value: unsignedTx.txData.gasPrice }),
     tipGasPrice: unsignedTx.txData.tipGasPrice
@@ -132,13 +130,12 @@ export const buildLegacyApproveTx = async ({
       : undefined,
     gasLimit: bufferToInt(unsignedTx.txData.gasLimit),
     fromAddress: unsignedTx.txMeta.fromAddress,
-    silent: true,
   }
 }
 
 // @deprecated use buildApproveTx instead
 export const createApprove =
-  ({ assetClientInterface, sendTx }) =>
+  ({ assetClientInterface } = Object.create(null)) =>
   async ({
     spenderAddress,
     asset,
@@ -164,7 +161,16 @@ export const createApprove =
         walletAccount,
       })
 
-      const txData = await sendTx({ walletAccount, ...approveTx, ...extras })
+      const { unsignedTx } = await asset.baseAsset.api.createTx({
+        walletAccount,
+        ...approveTx,
+        ...extras,
+      })
+      const txData = await asset.baseAsset.api.sendTx({
+        asset: asset.baseAsset,
+        walletAccount,
+        unsignedTx,
+      })
 
       if (!txData || !txData.txId) {
         throw new Error(`Failed to approve ${asset.displayTicker} - ${spenderAddress}`)
@@ -185,25 +191,20 @@ export const createApprove =
       walletAccount,
     })
 
-    const { txId, rawTx } = await assetClientInterface.signTransaction({
-      assetName: asset.baseAsset.name,
-      unsignedTx,
-      walletAccount,
-    })
+    const { txId } = await asset.baseAsset.api.sendTx({ asset, walletAccount, unsignedTx })
 
-    await asset.baseAsset.api.broadcastTx(rawTx.toString('hex'))
     return { txId }
   }
 
 const createSendApprovalAndWatchConfirmation =
-  ({ sendTx, watchTxConfirmation }) =>
+  ({ watchTxConfirmation }) =>
   async (data) => {
     // To change the approve amount you first have to reduce the addresses`
     // allowance to zero by calling `approve(_spender, 0)` if it is not
     // already 0 to mitigate the race condition described here:
     // see: https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
     // see: https://etherscan.io/address/0xdac17f958d2ee523a2206206994597c13d831ec7#code
-    const approve = createApprove({ sendTx })
+    const approve = createApprove()
     const { txId } = await approve(data)
     await watchTxConfirmation(
       { asset: data.asset.baseAsset.name, walletAccount: data.walletAccount },
@@ -215,11 +216,10 @@ const createSendApprovalAndWatchConfirmation =
   }
 
 export const createApproveSpendingTokens =
-  ({ sendTx, watchTxConfirmation }) =>
+  ({ watchTxConfirmation }) =>
   async (data) => {
     const txIds = []
     const sendApprovalAndWatchConfirmation = createSendApprovalAndWatchConfirmation({
-      sendTx,
       watchTxConfirmation,
     })
     if (ZERO_ALLOWANCE_ASSETS.includes(data.asset.name) && !data.approveAmount.isZero) {
@@ -235,7 +235,7 @@ export const createApproveSpendingTokens =
       data.gasLimit = Math.max(data.gasLimit || 0, APPROVAL_GAS_LIMIT)
     }
 
-    const tokenApprovalTxId = await sendApprovalAndWatchConfirmation({ ...data, sendTx })
+    const tokenApprovalTxId = await sendApprovalAndWatchConfirmation(data)
     txIds.push(tokenApprovalTxId)
 
     return txIds

package/src/check-tx/create-check-tx.js

@@ -0,0 +1,116 @@
+import { memoizeLruCache } from '@exodus/asset-lib'
+import { makeSimulationAPICall } from '@exodus/web3-utils'
+import assert from 'minimalistic-assert'
+import ms from 'ms'
+
+const DEFAULT_TIMEOUT_MS = 5000
+const DEFAULT_CACHE_MAX = 500
+// Short TTL to dedupe rapid retypes without holding stale verdicts.
+const DEFAULT_CACHE_TTL_MS = ms('1m')
+const GENERIC_RISK_REASON = 'This transaction was flagged as risky.'
+const RECIPIENT_INVOLVEMENT_TYPES = new Set(['scammer', 'destination'])
+
+const normalizeAddress = (address) => (typeof address === 'string' ? address.toLowerCase() : '')
+
+// `input` and `hash` are part of the key so different calldata gets its own verdict.
+const buildCacheKey = ({ chain, fromAddress, toAddress, value, input, hash }) =>
+  [
+    chain,
+    normalizeAddress(fromAddress),
+    normalizeAddress(toAddress),
+    String(value),
+    input ?? '',
+    hash ?? '',
+  ].join(':')
+
+const isRecipientFinding = ({ finding, recipientAddress }) => {
+  const relatedAssets = Array.isArray(finding?.relatedAssets) ? finding.relatedAssets : []
+  return relatedAssets.some((relatedAsset) => {
+    if (normalizeAddress(relatedAsset?.address) !== normalizeAddress(recipientAddress)) {
+      return false
+    }
+
+    const involvementTypes = Array.isArray(relatedAsset.involvementTypes)
+      ? relatedAsset.involvementTypes
+      : []
+    return involvementTypes.some((type) => RECIPIENT_INVOLVEMENT_TYPES.has(type))
+  })
+}
+
+const pickFindingForRecipient = ({ findings, recipientAddress }) => {
+  if (!Array.isArray(findings) || !recipientAddress) return GENERIC_RISK_REASON
+  const finding = findings.find((candidate) =>
+    isRecipientFinding({ finding: candidate, recipientAddress })
+  )
+  return finding?.title || GENERIC_RISK_REASON
+}
+
+const parseAssessment = ({ body, recipientAddress }) => {
+  if (!body?.success) return { action: 'NONE' }
+  if (body.data?.recommendation !== 'deny') return { action: 'NONE' }
+  return {
+    action: 'WARN',
+    reason: pickFindingForRecipient({ findings: body.data?.findings, recipientAddress }),
+  }
+}
+
+// Rejects after `timeoutMs`. The underlying request keeps running because
+// `makeSimulationAPICall` doesn't accept an AbortSignal.
+const withTimeout = async (promise, timeoutMs) => {
+  let timeoutId
+  const timeoutPromise = new Promise((_resolve, reject) => {
+    timeoutId = setTimeout(() => reject(new Error('checkTx: timeout')), timeoutMs)
+  })
+  try {
+    return await Promise.race([promise, timeoutPromise])
+  } finally {
+    clearTimeout(timeoutId)
+  }
+}
+
+const noopLogger = { warn: () => {} }
+
+export const createCheckTx = (
+  {
+    apiUrl,
+    timeout = DEFAULT_TIMEOUT_MS,
+    makeApiCall = makeSimulationAPICall,
+    logger = noopLogger,
+  } = Object.create(null)
+) => {
+  assert(apiUrl, 'apiUrl is required')
+
+  const warn = typeof logger?.warn === 'function' ? logger.warn.bind(logger) : noopLogger.warn
+
+  // Errors and timeouts throw and are evicted by memoize-lru-cache, so only
+  // vendor-confirmed verdicts get cached.
+  const fetchVerdict = memoizeLruCache(
+    async ({ chain, fromAddress, toAddress, value, input, hash }) => {
+      const transaction = { chain, fromAddress, toAddress, value }
+      if (input !== undefined) transaction.input = input
+      if (hash !== undefined) transaction.hash = hash
+
+      const body = await withTimeout(
+        makeApiCall({
+          url: apiUrl,
+          payload: { serviceProvider: 'hypernative', transaction },
+        }),
+        timeout
+      )
+
+      if (!body) throw new Error('checkTx: empty response')
+      return parseAssessment({ body, recipientAddress: toAddress })
+    },
+    buildCacheKey,
+    { max: DEFAULT_CACHE_MAX, maxAge: DEFAULT_CACHE_TTL_MS }
+  )
+
+  return async (payload) => {
+    try {
+      return await fetchVerdict(payload)
+    } catch (error) {
+      warn('checkTx: failing open', error)
+      return { action: 'NONE' }
+    }
+  }
+}

package/src/check-tx/index.js

@@ -0,0 +1 @@
+export { createCheckTx } from './create-check-tx.js'

package/src/create-asset-utils.js

@@ -12,7 +12,9 @@ import { ClarityMonitorV2 } from './tx-log/clarity-monitor-v2.js'
 import { ClarityTruncatedHistoryMonitor } from './tx-log/clarity-truncated-history-monitor.js'
 import { EthereumMonitor } from './tx-log/ethereum-monitor.js'
 import { EthereumNoHistoryMonitor } from './tx-log/ethereum-no-history-monitor.js'
+import { getOptimisticTxLogEffects } from './tx-log/get-optimistic-txlog-effects.js'
 import { BLOCK_TAG_LATEST, BLOCK_TAG_PENDING, resolveNonce } from './tx-send/nonce-utils.js'
+import { signTx } from './tx-sign/index.js'
 
 // Determines the appropriate `monitorType`, `serverUrl` and `monitorInterval`
 // to use for a given config.
@@ -121,7 +123,126 @@ const broadcastPrivateBundleFactory =
     return null
   }
 
-export const createTransactionPrivacyFactory = ({ assetName, privacyRpcUrl }) => {
+const assertSendPrivateTxProps = ({ asset, unsignedTx, walletAccount }) => {
+  assert(asset, 'expected asset')
+  assert(unsignedTx, 'expected unsignedTx')
+  assert(walletAccount, 'expected walletAccount')
+}
+
+export const createTransactionPrivacyResult = ({
+  assetClientInterface,
+  broadcastPrivateBundle,
+  broadcastPrivateTx,
+  privacyServer,
+}) => {
+  assert(assetClientInterface, 'expected assetClientInterface')
+  assert(typeof broadcastPrivateBundle === 'function')
+  assert(typeof broadcastPrivateTx === 'function')
+  assert(privacyServer, 'expected privacyServer')
+
+  const sendPrivateTx = async ({ asset, unsignedTx, walletAccount }) => {
+    assertSendPrivateTxProps({ asset, unsignedTx, walletAccount })
+
+    const { rawTx, txId } = await signTx({
+      asset,
+      assetClientInterface,
+      unsignedTx,
+      walletAccount,
+    })
+
+    await broadcastPrivateTx(rawTx.toString('hex'))
+
+    const fromAddress = unsignedTx.txMeta?.fromAddress
+    assert(typeof fromAddress === 'string', 'expected fromAddress')
+
+    const { nonce, optimisticTxLogEffects } = await getOptimisticTxLogEffects({
+      asset,
+      assetClientInterface,
+      fromAddress,
+      txId,
+      unsignedTx,
+      walletAccount,
+    })
+
+    for (const optimisticTxLogEffect of optimisticTxLogEffects) {
+      await assetClientInterface.updateTxLogAndNotify(optimisticTxLogEffect)
+    }
+
+    return { nonce, txId }
+  }
+
+  const sendPrivateBundle = async ({ unsignedTxBundle }) => {
+    assert(
+      Array.isArray(unsignedTxBundle) && unsignedTxBundle.length > 0,
+      'expected non-empty unsignedTxBundle'
+    )
+
+    unsignedTxBundle.forEach(assertSendPrivateTxProps)
+
+    const signTxResults = await Promise.all(
+      unsignedTxBundle.map(({ asset, unsignedTx, walletAccount }) =>
+        signTx({ assetClientInterface, asset, unsignedTx, walletAccount })
+      )
+    )
+
+    const maybeBundleResult = await broadcastPrivateBundle({
+      txs: signTxResults.map(({ rawTx }) => rawTx.toString('hex')),
+    })
+
+    const bundleHash = maybeBundleResult?.bundleHash || undefined
+
+    const getOptimisticTxLogEffectsResults = []
+
+    for (const [i, { txId }] of signTxResults.entries()) {
+      const { asset, unsignedTx, walletAccount } = unsignedTxBundle[i]
+
+      const fromAddress = unsignedTx.txMeta?.fromAddress
+      assert(typeof fromAddress === 'string', 'expected fromAddress')
+
+      void getOptimisticTxLogEffectsResults.push(
+        await getOptimisticTxLogEffects({
+          asset,
+          assetClientInterface,
+          fromAddress,
+          txId,
+          unsignedTx,
+          walletAccount,
+          // TODO: use consistent naming
+          bundleId: bundleHash,
+        })
+      )
+    }
+
+    const optimisticTxLogEffects = getOptimisticTxLogEffectsResults.flatMap(
+      ({ optimisticTxLogEffects }) => optimisticTxLogEffects
+    )
+
+    for (const optimisticTxLogEffect of optimisticTxLogEffects) {
+      await assetClientInterface.updateTxLogAndNotify(optimisticTxLogEffect)
+    }
+
+    return {
+      bundleHash,
+      txIds: signTxResults.map(({ txId }) => txId),
+    }
+  }
+
+  return {
+    broadcastPrivateBundle,
+    broadcastPrivateTx,
+    privacyServer,
+    sendPrivateTx,
+    sendPrivateBundle,
+  }
+}
+
+export const createTransactionPrivacyFactory = ({
+  assetClientInterface,
+  assetName,
+  privacyRpcUrl,
+}) => {
+  assert(assetClientInterface, 'expected assetClientInterface')
+
   if (!privacyRpcUrl) return Object.create(null)
 
   const privacyServer = createEvmServer({
@@ -130,11 +251,16 @@ export const createTransactionPrivacyFactory = ({ assetName, privacyRpcUrl }) =>
     monitorType: 'no-history',
   })
 
-  return {
-    broadcastPrivateBundle: broadcastPrivateBundleFactory({ privacyServer }),
-    broadcastPrivateTx: (...args) => privacyServer.sendRawTransaction(...args),
+  const broadcastPrivateBundle = broadcastPrivateBundleFactory({ privacyServer })
+
+  const broadcastPrivateTx = (...args) => privacyServer.sendRawTransaction(...args)
+
+  return createTransactionPrivacyResult({
+    assetClientInterface,
+    broadcastPrivateBundle,
+    broadcastPrivateTx,
     privacyServer,
-  }
+  })
 }
 
 export const createHistoryMonitorFactory = ({

package/src/create-asset.js

@@ -21,6 +21,7 @@ import lodash from 'lodash'
 import assert from 'minimalistic-assert'
 
 import { addressHasHistoryFactory } from './address-has-history.js'
+import { createCheckTx } from './check-tx/index.js'
 import {
   createGetBlackListStatus,
   createHistoryMonitorFactory,
@@ -39,6 +40,7 @@ import { getBalancesFactory } from './get-balances.js'
 import { getFeeFactory } from './get-fee.js'
 import { moveFundsFactory } from './move-funds.js'
 import { estimateL1DataFeeFactory, getL1GetFeeFactory } from './optimism-gas/index.js'
+import { createSendValidations } from './send-validations.js'
 import { serverBasedFeeMonitorFactoryFactory } from './server-based-fee-monitor.js'
 import { stakingApiFactory } from './staking/api/index.js'
 import { createTxFactory } from './tx-create.js'
@@ -76,6 +78,7 @@ export const createAssetFactory = ({
   useAbsoluteBalanceAndNonce = false,
   delisted = false,
   privacyRpcUrl: defaultPrivacyRpcUrl,
+  riskAssessment: defaultRiskAssessment,
   wsGatewayUri: defaultWsGatewayUri,
   eip7702Supported,
 }) => {
@@ -101,6 +104,7 @@ export const createAssetFactory = ({
     nfts: defaultNfts,
     customTokens: defaultCustomTokens,
     privacyRpcUrl: defaultPrivacyRpcUrl,
+    riskAssessment: defaultRiskAssessment,
   }
   return (
     {
@@ -121,6 +125,7 @@ export const createAssetFactory = ({
       supportsCustomFees,
       useAbsoluteBalanceAndNonce: overrideUseAbsoluteBalanceAndNonce,
       privacyRpcUrl,
+      riskAssessment,
     } = configWithOverrides
 
     const asset = assets[base.name]
@@ -195,11 +200,17 @@ export const createAssetFactory = ({
       server,
     })
 
-    const { broadcastPrivateBundle, broadcastPrivateTx, privacyServer } =
-      createTransactionPrivacyFactory({
-        assetName: asset.name,
-        privacyRpcUrl,
-      })
+    const {
+      broadcastPrivateBundle,
+      broadcastPrivateTx,
+      privacyServer,
+      sendPrivateTx,
+      sendPrivateBundle,
+    } = createTransactionPrivacyFactory({
+      assetClientInterface,
+      assetName: asset.name,
+      privacyRpcUrl,
+    })
 
     const features = {
       accountState: true,
@@ -283,6 +294,16 @@ export const createAssetFactory = ({
 
     const securityChecks = createSecurityChecks({ eip7702Supported })
 
+    let checkTx
+    if (riskAssessment?.apiUrl) {
+      checkTx = createCheckTx({
+        apiUrl: riskAssessment.apiUrl,
+        logger: riskAssessment.logger,
+      })
+    }
+
+    const sendValidations = checkTx ? createSendValidations({ assetClientInterface, checkTx }) : []
+
     const moveFunds = moveFundsFactory({
       baseAssetName: asset.name,
       assetClientInterface,
@@ -318,6 +339,7 @@ export const createAssetFactory = ({
         assetName: asset.name,
       }),
       getSupportedPurposes: () => [44],
+      ...(sendValidations.length > 0 && { getSendValidations: () => sendValidations }),
       getTokens,
       hasFeature: (feature) => !!features[feature], // @deprecated use api.features instead
       moveFunds,
@@ -330,6 +352,7 @@ export const createAssetFactory = ({
       signHardware: signHardwareFactory({ baseAssetName: asset.name }),
       signMessage: ({ message, privateKey, signer }) =>
         signer ? signMessageWithSigner({ message, signer }) : signMessage({ privateKey, message }),
+      ...(checkTx && { checkTx }),
       ...(supportsStaking &&
         stakingDependencies[asset.name] && {
           staking: stakingApiFactory({
@@ -354,16 +377,18 @@ export const createAssetFactory = ({
       chainId,
       monitorType,
       estimateL1DataFee,
-      broadcastPrivateBundle,
-      broadcastPrivateTx,
       forceGasLimitEstimation,
       eip7702Supported,
       getEIP7702Delegation: (addr) => getEIP7702Delegation({ address: addr, server }),
       getNonce,
-      privacyServer,
       server,
       ...(erc20FuelBuffer && { erc20FuelBuffer }),
       ...(fuelThreshold && { fuelThreshold: asset.currency.defaultUnit(fuelThreshold) }),
+      broadcastPrivateBundle,
+      broadcastPrivateTx,
+      privacyServer,
+      sendPrivateTx,
+      sendPrivateBundle,
     }
     return overrideCallback({
       asset: fullAsset,

package/src/gas-estimation.js

@@ -157,7 +157,7 @@ export async function fetchGasLimit({
   const gasLimitMultiplier = await resolveGasLimitMultiplier({
     asset,
     feeData,
-    fromAddress: providedFromAddress,
+    fromAddress,
     toAddress: txToAddress,
   })
 

package/src/index.js

@@ -99,6 +99,7 @@ export {
 export { txSendFactory } from './tx-send/index.js'
 
 export { createAssetFactory } from './create-asset.js'
+export { createCheckTx } from './check-tx/index.js'
 
 export { moveFundsFactory } from './move-funds.js'
 

package/src/send-validations.js

@@ -0,0 +1,59 @@
+import sendValidationModel from '@exodus/send-validation-model'
+import assert from 'minimalistic-assert'
+
+const { FIELDS, PRIORITY_LEVELS, VALIDATION_TYPES } = sendValidationModel
+
+export const SCAM_RECIPIENT = 'SCAM_RECIPIENT'
+export const SCAM_RECIPIENT_MESSAGE =
+  'This recipient was flagged as risky. Please verify before sending.'
+
+const toWalletAccountId = (fromWalletAccount) =>
+  typeof fromWalletAccount === 'string' ? fromWalletAccount : fromWalletAccount?.toString?.()
+
+export const createSendValidations = ({ assetClientInterface, checkTx }) => {
+  assert(assetClientInterface, 'assetClientInterface is required')
+  assert(typeof checkTx === 'function', 'checkTx must be a function')
+
+  const scamRecipientValidator = {
+    id: SCAM_RECIPIENT,
+    type: VALIDATION_TYPES.WARN,
+    field: FIELDS.ADDRESS,
+    priority: PRIORITY_LEVELS.MIDDLE,
+    validateAndGetMessage: async ({ asset, destinationAddress, sendAmount, fromWalletAccount }) => {
+      // M1: native sends only. M2 will cover tokens/approvals/contract calls
+      // via a post-createTx call site on the review screen.
+      if (!asset || asset.name !== asset.baseAsset.name) return
+      if (!destinationAddress || !sendAmount) return
+      if (sendAmount.isZero) return
+
+      const isValidAddress = await asset.address.validate(destinationAddress)
+      if (!isValidAddress) return
+
+      const walletAccountId = toWalletAccountId(fromWalletAccount)
+      if (!walletAccountId) return
+
+      const fromAddress = await assetClientInterface.getReceiveAddress({
+        assetName: asset.name,
+        walletAccount: walletAccountId,
+        useCache: true,
+      })
+      if (!fromAddress) return
+
+      // Match Hypernative's documented native-send payload shape.
+      const result = await checkTx({
+        chain: asset.chainId,
+        fromAddress,
+        toAddress: destinationAddress,
+        value: sendAmount.toBaseString({ unit: false }),
+        input: '0x',
+        hash: '0x1',
+      })
+
+      if (result?.action !== 'WARN') return
+
+      return result.reason || SCAM_RECIPIENT_MESSAGE
+    },
+  }
+
+  return [scamRecipientValidator]
+}

package/src/staking/ethereum/service.js

@@ -66,7 +66,6 @@ import NumberUnit from '@exodus/currency'
 import assert from 'minimalistic-assert'
 
 import { estimateGasLimit, scaleGasLimitEstimate } from '../../gas-estimation.js'
-import { getOptimisticTxLogEffects } from '../../tx-log/get-optimistic-txlog-effects.js'
 import { createWatchTx as defaultCreateWatch } from '../../watch-tx.js'
 import { stakingProviderClientFactory } from '../staking-provider-client.js'
 import { amountToCurrency, DISABLE_BALANCE_CHECKS, resolveFeeData } from '../utils/index.js'
@@ -281,8 +280,6 @@ export function createEthereumStakingService({
       asset,
       fromAddress: delegatorAddress,
       walletAccount,
-      tag: 'latest',
-      forceFromNode: true,
     })
 
     return {
@@ -369,14 +366,12 @@ export function createEthereumStakingService({
         plan: null,
         gasLimit: null,
         unsignedTx: null,
-        signedTx: null,
         txId: null,
       },
       undelegate: {
         plan: null,
         gasLimit: null,
         unsignedTx: null,
-        signedTx: null,
         txId: null,
       },
     }
@@ -465,34 +460,16 @@ export function createEthereumStakingService({
       revertOnSimulationError,
     })
 
-    // 4. Sign transactions
-    const signedTxEntries = await Promise.all(
-      Object.entries(txSteps)
-        .filter(([, txStep]) => txStep.unsignedTx)
-        .map(async ([key, txStep]) => {
-          const signedTx = await assetClientInterface.signTransaction({
-            assetName: asset.baseAsset.name,
-            unsignedTx: txStep.unsignedTx,
-            walletAccount,
-          })
-          const txId = `0x${signedTx.txId.toString('hex')}`
-          return [key, { signedTx, txId }]
-        })
-    )
-
-    for (const [key, { signedTx, txId }] of signedTxEntries) {
-      txSteps[key].signedTx = signedTx
-      txSteps[key].txId = txId
-    }
+    const unsignedTxBundle = createdTxEntries.map(([_, unsignedTx]) => ({
+      asset,
+      unsignedTx,
+      walletAccount,
+    }))
 
+    // 4. Sign transactions
+    //
     // 5. Broadcast transactions via bundle and get bundle hash
-    const bundleResponse = await asset.broadcastPrivateBundle({
-      txs: Object.values(txSteps)
-        .filter((txStep) => txStep.signedTx)
-        .map(({ signedTx }) => signedTx.rawTx),
-    })
-    const bundleHash = bundleResponse?.bundleHash
-
+    //
     // 6. Optimistic tx-log effects: reflect tx presence and fee consumption only.
     // The ETH returned to the user via the contract's internal transfer is not
     // captured here — it will be picked up once the tx is confirmed on-chain.
@@ -518,26 +495,14 @@ export function createEthereumStakingService({
     // That is incompatible with the current tx-log side-effect hook, which only
     // receives tx-local data (method id, calldata, nonce, gas, etc.) and not
     // staking snapshots or precomputed ETH-return amounts.
-    const optimisticEffects = await Promise.all(
-      Object.values(txSteps)
-        .filter((txStep) => txStep.txId)
-        .map((txStep) =>
-          getOptimisticTxLogEffects({
-            asset: asset.baseAsset,
-            assetClientInterface,
-            fromAddress: delegatorAddress,
-            txId: txStep.txId,
-            unsignedTx: txStep.unsignedTx,
-            walletAccount,
-            bundleId: bundleHash ?? undefined,
-          })
-        )
-    )
+    const {
+      bundleHash,
+      txIds: [...txIds],
+    } = await asset.baseAsset.sendPrivateBundle({ unsignedTxBundle })
 
-    for (const { optimisticTxLogEffects } of optimisticEffects) {
-      for (const effect of optimisticTxLogEffects) {
-        await assetClientInterface.updateTxLogAndNotify(effect)
-      }
+    for (const txStep of Object.values(txSteps)) {
+      if (!txStep.unsignedTx) continue
+      assert((txStep.txId = txIds.shift()), 'expected txId')
     }
 
     // Testnet assets do not support delegations tracking
@@ -770,7 +735,7 @@ export function createEthereumStakingService({
     waitForConfirmation = false,
     feeData,
   }) {
-    const sendTxArgs = {
+    const { unsignedTx } = await asset.baseAsset.api.createTx({
       asset,
       walletAccount,
       address: to,
@@ -781,9 +746,9 @@ export function createEthereumStakingService({
       // HACK: Override the `tipGasPrice` to use a custom `maxPriorityFeePerGas`.
       tipGasPrice,
       feeData,
-    }
+    })
 
-    const { txId } = await asset.baseAsset.api.sendTx(sendTxArgs)
+    const { txId } = await asset.baseAsset.api.sendTx({ asset, walletAccount, unsignedTx })
 
     const baseAsset = asset.baseAsset
     if (waitForConfirmation) {

package/src/tx-send/tx-send.js

@@ -1,8 +1,9 @@
-import { normalizeTxId, parseUnsignedTx, updateNonce } from '@exodus/ethereum-lib'
+import { parseUnsignedTx, updateNonce } from '@exodus/ethereum-lib'
 import { safeString } from '@exodus/safe-string'
 import assert from 'minimalistic-assert'
 
 import { getOptimisticTxLogEffects } from '../tx-log/index.js'
+import { signTx } from '../tx-sign/index.js'
 import { ARBITRARY_ADDRESS } from '../tx-type/index.js'
 import { handleBroadcastError } from './broadcast-error-handler.js'
 
@@ -10,16 +11,6 @@ const txSendFactory = ({ assetClientInterface, createTx }) => {
   assert(assetClientInterface, 'assetClientInterface is required')
   assert(createTx, 'createTx is required')
 
-  async function signTx({ asset, unsignedTx, walletAccount }) {
-    const { rawTx, txId } = await assetClientInterface.signTransaction({
-      assetName: asset.baseAsset.name,
-      unsignedTx,
-      walletAccount,
-    })
-
-    return { rawTx, txId: normalizeTxId(txId) }
-  }
-
   return async ({ asset, walletAccount, unsignedTx: providedUnsignedTx, ...legacyParams }) => {
     const baseAsset = asset.baseAsset
 
@@ -41,6 +32,7 @@ const txSendFactory = ({ assetClientInterface, createTx }) => {
     // Are there any signin-level errors that should be caught here?
     let { txId, rawTx } = await signTx({
       asset,
+      assetClientInterface,
       unsignedTx,
       walletAccount,
     })
@@ -92,7 +84,12 @@ const txSendFactory = ({ assetClientInterface, createTx }) => {
           unsignedTx.txData.nonce = newNonce
         }
 
-        ;({ txId, rawTx } = await signTx({ asset, unsignedTx, walletAccount }))
+        ;({ txId, rawTx } = await signTx({
+          asset,
+          assetClientInterface,
+          unsignedTx,
+          walletAccount,
+        }))
 
         try {
           await baseAsset.api.broadcastTx(rawTx.toString('hex'))

package/src/tx-sign/index.js

@@ -0,0 +1,17 @@
+import { normalizeTxId } from '@exodus/ethereum-lib'
+import assert from 'minimalistic-assert'
+
+export const signTx = async ({ asset, assetClientInterface, unsignedTx, walletAccount }) => {
+  assert(asset, 'expected asset')
+  assert(assetClientInterface, 'expected assetClientInterface')
+  assert(unsignedTx, 'expected unsignedTx')
+  assert(walletAccount, 'expected walletAccount')
+
+  const { rawTx, txId } = await assetClientInterface.signTransaction({
+    assetName: asset.baseAsset.name,
+    unsignedTx,
+    walletAccount,
+  })
+
+  return { rawTx, txId: normalizeTxId(txId) }
+}