@exodus/ethereum-api 8.75.1 → 8.76.0

package/CHANGELOG.md

@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [8.76.0](https://github.com/ExodusMovement/assets/compare/@exodus/ethereum-api@8.75.1...@exodus/ethereum-api@8.76.0) (2026-05-25)
+
+
+### Features
+
+
+* feat(ethereum-api): warn on risky recipients for native ETH sends (#8110)
+
+
+
 ## [8.75.1](https://github.com/ExodusMovement/assets/compare/@exodus/ethereum-api@8.75.0...@exodus/ethereum-api@8.75.1) (2026-05-19)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@exodus/ethereum-api",
-  "version": "8.75.1",
+  "version": "8.76.0",
   "description": "Transaction monitors, fee monitors, RPC with the blockchain node, and other networking code for Ethereum and EVM-based blockchains",
   "type": "module",
   "main": "src/index.js",
@@ -36,10 +36,12 @@
     "@exodus/fetch": "^1.3.0",
     "@exodus/models": "^13.0.0",
     "@exodus/safe-string": "^1.4.0",
+    "@exodus/send-validation-model": "^1.2.0",
     "@exodus/simple-retry": "^0.0.6",
     "@exodus/solidity-contract": "^1.3.0",
     "@exodus/traceparent": "^3.0.1",
     "@exodus/web3-ethereum-utils": "^4.7.4",
+    "@exodus/web3-utils": "^1.51.2",
     "bn.js": "^5.2.1",
     "delay": "^4.0.1",
     "eventemitter3": "^4.0.7",
@@ -58,7 +60,8 @@
     "@exodus/ethereumarbone-meta": "^2.1.2",
     "@exodus/fantommainnet-meta": "^2.0.5",
     "@exodus/matic-meta": "^2.2.7",
-    "@exodus/rootstock-meta": "^2.0.5"
+    "@exodus/rootstock-meta": "^2.0.5",
+    "@exodus/send-validation": "^5.4.1"
   },
   "bugs": {
     "url": "https://github.com/ExodusMovement/assets/issues?q=is%3Aissue+is%3Aopen+label%3Aethereum-api"
@@ -67,5 +70,5 @@
     "type": "git",
     "url": "git+https://github.com/ExodusMovement/assets.git"
   },
-  "gitHead": "ee5bf2d01055d8822c6421fa0ad4da84d4a33402"
+  "gitHead": "73ff97a75479c3b25fccc11f31879ec634818d63"
 }

package/src/check-tx/create-check-tx.js

@@ -0,0 +1,116 @@
+import { memoizeLruCache } from '@exodus/asset-lib'
+import { makeSimulationAPICall } from '@exodus/web3-utils'
+import assert from 'minimalistic-assert'
+import ms from 'ms'
+
+const DEFAULT_TIMEOUT_MS = 5000
+const DEFAULT_CACHE_MAX = 500
+// Short TTL to dedupe rapid retypes without holding stale verdicts.
+const DEFAULT_CACHE_TTL_MS = ms('1m')
+const GENERIC_RISK_REASON = 'This transaction was flagged as risky.'
+const RECIPIENT_INVOLVEMENT_TYPES = new Set(['scammer', 'destination'])
+
+const normalizeAddress = (address) => (typeof address === 'string' ? address.toLowerCase() : '')
+
+// `input` and `hash` are part of the key so different calldata gets its own verdict.
+const buildCacheKey = ({ chain, fromAddress, toAddress, value, input, hash }) =>
+  [
+    chain,
+    normalizeAddress(fromAddress),
+    normalizeAddress(toAddress),
+    String(value),
+    input ?? '',
+    hash ?? '',
+  ].join(':')
+
+const isRecipientFinding = ({ finding, recipientAddress }) => {
+  const relatedAssets = Array.isArray(finding?.relatedAssets) ? finding.relatedAssets : []
+  return relatedAssets.some((relatedAsset) => {
+    if (normalizeAddress(relatedAsset?.address) !== normalizeAddress(recipientAddress)) {
+      return false
+    }
+
+    const involvementTypes = Array.isArray(relatedAsset.involvementTypes)
+      ? relatedAsset.involvementTypes
+      : []
+    return involvementTypes.some((type) => RECIPIENT_INVOLVEMENT_TYPES.has(type))
+  })
+}
+
+const pickFindingForRecipient = ({ findings, recipientAddress }) => {
+  if (!Array.isArray(findings) || !recipientAddress) return GENERIC_RISK_REASON
+  const finding = findings.find((candidate) =>
+    isRecipientFinding({ finding: candidate, recipientAddress })
+  )
+  return finding?.title || GENERIC_RISK_REASON
+}
+
+const parseAssessment = ({ body, recipientAddress }) => {
+  if (!body?.success) return { action: 'NONE' }
+  if (body.data?.recommendation !== 'deny') return { action: 'NONE' }
+  return {
+    action: 'WARN',
+    reason: pickFindingForRecipient({ findings: body.data?.findings, recipientAddress }),
+  }
+}
+
+// Rejects after `timeoutMs`. The underlying request keeps running because
+// `makeSimulationAPICall` doesn't accept an AbortSignal.
+const withTimeout = async (promise, timeoutMs) => {
+  let timeoutId
+  const timeoutPromise = new Promise((_resolve, reject) => {
+    timeoutId = setTimeout(() => reject(new Error('checkTx: timeout')), timeoutMs)
+  })
+  try {
+    return await Promise.race([promise, timeoutPromise])
+  } finally {
+    clearTimeout(timeoutId)
+  }
+}
+
+const noopLogger = { warn: () => {} }
+
+export const createCheckTx = (
+  {
+    apiUrl,
+    timeout = DEFAULT_TIMEOUT_MS,
+    makeApiCall = makeSimulationAPICall,
+    logger = noopLogger,
+  } = Object.create(null)
+) => {
+  assert(apiUrl, 'apiUrl is required')
+
+  const warn = typeof logger?.warn === 'function' ? logger.warn.bind(logger) : noopLogger.warn
+
+  // Errors and timeouts throw and are evicted by memoize-lru-cache, so only
+  // vendor-confirmed verdicts get cached.
+  const fetchVerdict = memoizeLruCache(
+    async ({ chain, fromAddress, toAddress, value, input, hash }) => {
+      const transaction = { chain, fromAddress, toAddress, value }
+      if (input !== undefined) transaction.input = input
+      if (hash !== undefined) transaction.hash = hash
+
+      const body = await withTimeout(
+        makeApiCall({
+          url: apiUrl,
+          payload: { serviceProvider: 'hypernative', transaction },
+        }),
+        timeout
+      )
+
+      if (!body) throw new Error('checkTx: empty response')
+      return parseAssessment({ body, recipientAddress: toAddress })
+    },
+    buildCacheKey,
+    { max: DEFAULT_CACHE_MAX, maxAge: DEFAULT_CACHE_TTL_MS }
+  )
+
+  return async (payload) => {
+    try {
+      return await fetchVerdict(payload)
+    } catch (error) {
+      warn('checkTx: failing open', error)
+      return { action: 'NONE' }
+    }
+  }
+}

package/src/check-tx/index.js

@@ -0,0 +1 @@
+export { createCheckTx } from './create-check-tx.js'

package/src/create-asset.js

@@ -21,6 +21,7 @@ import lodash from 'lodash'
 import assert from 'minimalistic-assert'
 
 import { addressHasHistoryFactory } from './address-has-history.js'
+import { createCheckTx } from './check-tx/index.js'
 import {
   createGetBlackListStatus,
   createHistoryMonitorFactory,
@@ -39,6 +40,7 @@ import { getBalancesFactory } from './get-balances.js'
 import { getFeeFactory } from './get-fee.js'
 import { moveFundsFactory } from './move-funds.js'
 import { estimateL1DataFeeFactory, getL1GetFeeFactory } from './optimism-gas/index.js'
+import { createSendValidations } from './send-validations.js'
 import { serverBasedFeeMonitorFactoryFactory } from './server-based-fee-monitor.js'
 import { stakingApiFactory } from './staking/api/index.js'
 import { createTxFactory } from './tx-create.js'
@@ -76,6 +78,7 @@ export const createAssetFactory = ({
   useAbsoluteBalanceAndNonce = false,
   delisted = false,
   privacyRpcUrl: defaultPrivacyRpcUrl,
+  riskAssessment: defaultRiskAssessment,
   wsGatewayUri: defaultWsGatewayUri,
   eip7702Supported,
 }) => {
@@ -101,6 +104,7 @@ export const createAssetFactory = ({
     nfts: defaultNfts,
     customTokens: defaultCustomTokens,
     privacyRpcUrl: defaultPrivacyRpcUrl,
+    riskAssessment: defaultRiskAssessment,
   }
   return (
     {
@@ -121,6 +125,7 @@ export const createAssetFactory = ({
       supportsCustomFees,
       useAbsoluteBalanceAndNonce: overrideUseAbsoluteBalanceAndNonce,
       privacyRpcUrl,
+      riskAssessment,
     } = configWithOverrides
 
     const asset = assets[base.name]
@@ -289,6 +294,16 @@ export const createAssetFactory = ({
 
     const securityChecks = createSecurityChecks({ eip7702Supported })
 
+    let checkTx
+    if (riskAssessment?.apiUrl) {
+      checkTx = createCheckTx({
+        apiUrl: riskAssessment.apiUrl,
+        logger: riskAssessment.logger,
+      })
+    }
+
+    const sendValidations = checkTx ? createSendValidations({ assetClientInterface, checkTx }) : []
+
     const moveFunds = moveFundsFactory({
       baseAssetName: asset.name,
       assetClientInterface,
@@ -324,6 +339,7 @@ export const createAssetFactory = ({
         assetName: asset.name,
       }),
       getSupportedPurposes: () => [44],
+      ...(sendValidations.length > 0 && { getSendValidations: () => sendValidations }),
       getTokens,
       hasFeature: (feature) => !!features[feature], // @deprecated use api.features instead
       moveFunds,
@@ -336,6 +352,7 @@ export const createAssetFactory = ({
       signHardware: signHardwareFactory({ baseAssetName: asset.name }),
       signMessage: ({ message, privateKey, signer }) =>
         signer ? signMessageWithSigner({ message, signer }) : signMessage({ privateKey, message }),
+      ...(checkTx && { checkTx }),
       ...(supportsStaking &&
         stakingDependencies[asset.name] && {
           staking: stakingApiFactory({

package/src/index.js

@@ -99,6 +99,7 @@ export {
 export { txSendFactory } from './tx-send/index.js'
 
 export { createAssetFactory } from './create-asset.js'
+export { createCheckTx } from './check-tx/index.js'
 
 export { moveFundsFactory } from './move-funds.js'
 

package/src/send-validations.js

@@ -0,0 +1,59 @@
+import sendValidationModel from '@exodus/send-validation-model'
+import assert from 'minimalistic-assert'
+
+const { FIELDS, PRIORITY_LEVELS, VALIDATION_TYPES } = sendValidationModel
+
+export const SCAM_RECIPIENT = 'SCAM_RECIPIENT'
+export const SCAM_RECIPIENT_MESSAGE =
+  'This recipient was flagged as risky. Please verify before sending.'
+
+const toWalletAccountId = (fromWalletAccount) =>
+  typeof fromWalletAccount === 'string' ? fromWalletAccount : fromWalletAccount?.toString?.()
+
+export const createSendValidations = ({ assetClientInterface, checkTx }) => {
+  assert(assetClientInterface, 'assetClientInterface is required')
+  assert(typeof checkTx === 'function', 'checkTx must be a function')
+
+  const scamRecipientValidator = {
+    id: SCAM_RECIPIENT,
+    type: VALIDATION_TYPES.WARN,
+    field: FIELDS.ADDRESS,
+    priority: PRIORITY_LEVELS.MIDDLE,
+    validateAndGetMessage: async ({ asset, destinationAddress, sendAmount, fromWalletAccount }) => {
+      // M1: native sends only. M2 will cover tokens/approvals/contract calls
+      // via a post-createTx call site on the review screen.
+      if (!asset || asset.name !== asset.baseAsset.name) return
+      if (!destinationAddress || !sendAmount) return
+      if (sendAmount.isZero) return
+
+      const isValidAddress = await asset.address.validate(destinationAddress)
+      if (!isValidAddress) return
+
+      const walletAccountId = toWalletAccountId(fromWalletAccount)
+      if (!walletAccountId) return
+
+      const fromAddress = await assetClientInterface.getReceiveAddress({
+        assetName: asset.name,
+        walletAccount: walletAccountId,
+        useCache: true,
+      })
+      if (!fromAddress) return
+
+      // Match Hypernative's documented native-send payload shape.
+      const result = await checkTx({
+        chain: asset.chainId,
+        fromAddress,
+        toAddress: destinationAddress,
+        value: sendAmount.toBaseString({ unit: false }),
+        input: '0x',
+        hash: '0x1',
+      })
+
+      if (result?.action !== 'WARN') return
+
+      return result.reason || SCAM_RECIPIENT_MESSAGE
+    },
+  }
+
+  return [scamRecipientValidator]
+}