@metamask-previews/phishing-controller 17.1.2-preview-fe92f4bb3 → 17.2.0-preview-9b6bf0851

package/CHANGELOG.md

@@ -7,8 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [17.2.0]
+
 ### Added
 
+- Add `findSimilarAddresses` utility and `PhishingController:checkAddressPoisoning` messenger action to detect address poisoning attempts against known recipients ([#8171](https://github.com/MetaMask/core/pull/8171))
+  - The controller now hydrates and maintains a set of known recipient addresses from confirmed transactions (`TransactionController`) and the address book (`AddressBookController`)
+  - Exposes match metadata including prefix/suffix match lengths, poisoning score, and diff indices
+- Add `@metamask/address-book-controller` as a dependency ([#8171](https://github.com/MetaMask/core/pull/8171))
 - Support path-based phishing lists (`blocklistPaths`, `whitelistPaths`) and path-aware URL scanning for shared gateways (for example IPFS gateways and `sites.google.com`) via `getPhishingDetectionScanUrlParam`, `isPhishingDetectionPathBasedHostname`, and `PHISHING_DETECTION_PATH_BASED_ROOT_DOMAINS` ([#8662](https://github.com/MetaMask/core/pull/8662))
 
 ### Changed
@@ -284,8 +290,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- Bump `@metamask/base-controller` from `^7.0.2` to `^8.0.0` ([#5079](https://github.com/MetaMask/core/pull/5079)), ([#5135](https://github.com/MetaMask/core/pull/5135)), ([#5305](https://github.com/MetaMask/core/pull/5305))
-- Bump `@metamask/controller-utils` from `^11.4.4` to `^11.5.0` ([#5135](https://github.com/MetaMask/core/pull/5135)), ([#5272](https://github.com/MetaMask/core/pull/5272))
+- Bump `@metamask/base-controller` from `^7.0.2` to `^8.0.0`,, ([#5079](https://github.com/MetaMask/core/pull/5079), [#5135](https://github.com/MetaMask/core/pull/5135), [#5305](https://github.com/MetaMask/core/pull/5305))
+- Bump `@metamask/controller-utils` from `^11.4.4` to `^11.5.0`, ([#5135](https://github.com/MetaMask/core/pull/5135), [#5272](https://github.com/MetaMask/core/pull/5272))
 
 ## [12.3.1]
 
@@ -329,7 +335,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
     ["Are the Types Wrong?"](https://arethetypeswrong.github.io/) tool as
     ["masquerading as CJS"](https://github.com/arethetypeswrong/arethetypeswrong.github.io/blob/main/docs/problems/FalseCJS.md).
     All of the ATTW checks now pass.
-- Remove chunk files ([#4648](https://github.com/MetaMask/core/pull/4648)).
+- Remove chunk files. ([#4648](https://github.com/MetaMask/core/pull/4648))
   - Previously, the build tool we used to generate JavaScript files extracted
     common code to "chunk" files. While this was intended to make this package
     more tree-shakeable, it also made debugging more difficult for our
@@ -357,7 +363,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
-- Add allowlist functionality to the C2 domain detection system ([#4464](https://github.com/MetaMask/core/pull/4644))
+- Add allowlist functionality to the C2 domain detection system ([#4464](https://github.com/MetaMask/core/pull/4464))
 - Add `PhishingController` functionality for blocking client-side C2 requests by managing a hashed C2 request blocklist ([#4526](https://github.com/MetaMask/core/pull/4526))
   - Add `requestBlocklist` type to `ListTypes`.
   - Add `isBlockedRequest` method to `PhishingController`.
@@ -595,7 +601,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
     All changes listed after this point were applied to this package following the monorepo conversion.
 
-[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/phishing-controller@17.1.2...HEAD
+[Unreleased]: https://github.com/MetaMask/core/compare/@metamask/phishing-controller@17.2.0...HEAD
+[17.2.0]: https://github.com/MetaMask/core/compare/@metamask/phishing-controller@17.1.2...@metamask/phishing-controller@17.2.0
 [17.1.2]: https://github.com/MetaMask/core/compare/@metamask/phishing-controller@17.1.1...@metamask/phishing-controller@17.1.2
 [17.1.1]: https://github.com/MetaMask/core/compare/@metamask/phishing-controller@17.1.0...@metamask/phishing-controller@17.1.1
 [17.1.0]: https://github.com/MetaMask/core/compare/@metamask/phishing-controller@17.0.0...@metamask/phishing-controller@17.1.0

package/dist/PhishingController-method-action-types.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"PhishingController-method-action-types.cjs","sourceRoot":"","sources":["../src/PhishingController-method-action-types.ts"],"names":[],"mappings":";AAAA;;;GAGG","sourcesContent":["/**\n * This file is auto generated.\n * Do not edit manually.\n */\n\nimport type { PhishingController } from './PhishingController';\n\n/**\n * Conditionally update the phishing configuration.\n *\n * If the stalelist configuration is out of date, this function will call `updateStalelist`\n * to update the configuration. This will automatically grab the hotlist,\n * so it isn't necessary to continue on to download the hotlist and the c2 domain blocklist.\n *\n */\nexport type PhishingControllerMaybeUpdateStateAction = {\n  type: `PhishingController:maybeUpdateState`;\n  handler: PhishingController['maybeUpdateState'];\n};\n\n/**\n * Determines if a given origin is unapproved.\n *\n * It is strongly recommended that you call {@link maybeUpdateState} before calling this,\n * to check whether the phishing configuration is up-to-date. It will be updated if necessary\n * by calling {@link updateStalelist} or {@link updateHotlist}.\n *\n * @param origin - Domain origin of a website.\n * @returns Whether the origin is an unapproved origin.\n */\nexport type PhishingControllerTestOriginAction = {\n  type: `PhishingController:testOrigin`;\n  handler: PhishingController['testOrigin'];\n};\n\n/**\n * Checks if a request URL's domain is blocked against the request blocklist.\n *\n * This method is used to determine if a specific request URL is associated with a malicious\n * command and control (C2) domain. The URL's hostname is hashed and checked against a configured\n * blocklist of known malicious domains.\n *\n * @param origin - The full request URL to be checked.\n * @returns An object indicating whether the URL's domain is blocked and relevant metadata.\n */\nexport type PhishingControllerIsBlockedRequestAction = {\n  type: `PhishingController:isBlockedRequest`;\n  handler: PhishingController['isBlockedRequest'];\n};\n\n/**\n * Temporarily marks a given origin as approved.\n *\n * @param origin - The origin to mark as approved.\n */\nexport type PhishingControllerBypassAction = {\n  type: `PhishingController:bypass`;\n  handler: PhishingController['bypass'];\n};\n\n/**\n * Scan a URL for phishing. For most hosts only the hostname is sent to the API; for known\n * shared gateways the pathname is included (see `PHISHING_DETECTION_PATH_BASED_ROOT_DOMAINS`).\n * Only supports web URLs (`http:` / `https:`).\n *\n * @param url - The URL to scan.\n * @returns The phishing detection scan result.\n */\nexport type PhishingControllerScanUrlAction = {\n  type: `PhishingController:scanUrl`;\n  handler: PhishingController['scanUrl'];\n};\n\n/**\n * Scan multiple URLs for phishing in bulk. It will only scan the hostnames of the URLs.\n * It also only supports web URLs.\n *\n * @param urls - The URLs to scan.\n * @returns A mapping of URLs to their phishing detection scan results and errors.\n */\nexport type PhishingControllerBulkScanUrlsAction = {\n  type: `PhishingController:bulkScanUrls`;\n  handler: PhishingController['bulkScanUrls'];\n};\n\n/**\n * Scan an address for security alerts.\n *\n * @param chainId - The chain ID in hex format (e.g., '0x1' for Ethereum).\n * @param address - The address to scan.\n * @returns The address scan result.\n */\nexport type PhishingControllerScanAddressAction = {\n  type: `PhishingController:scanAddress`;\n  handler: PhishingController['scanAddress'];\n};\n\n/**\n * Scan multiple tokens for malicious activity in bulk.\n *\n * @param request - The bulk scan request containing chainId and tokens.\n * @param request.chainId - The chain identifier. Accepts a hex chain ID for\n * EVM chains (e.g. `'0x1'` for Ethereum) or a chain name for non-EVM chains\n * (e.g. `'solana'`).\n * @param request.tokens - Array of token addresses to scan.\n * @returns A mapping of token addresses to their scan results. For EVM chains,\n * addresses are lowercased; for non-EVM chains, original casing is preserved.\n * Tokens that fail to scan are omitted.\n */\nexport type PhishingControllerBulkScanTokensAction = {\n  type: `PhishingController:bulkScanTokens`;\n  handler: PhishingController['bulkScanTokens'];\n};\n\nexport type PhishingControllerGetApprovalsAction = {\n  type: `PhishingController:getApprovals`;\n  handler: PhishingController['getApprovals'];\n};\n\n/**\n * Union of all PhishingController action types.\n */\nexport type PhishingControllerMethodActions =\n  | PhishingControllerMaybeUpdateStateAction\n  | PhishingControllerTestOriginAction\n  | PhishingControllerIsBlockedRequestAction\n  | PhishingControllerBypassAction\n  | PhishingControllerScanUrlAction\n  | PhishingControllerBulkScanUrlsAction\n  | PhishingControllerScanAddressAction\n  | PhishingControllerBulkScanTokensAction\n  | PhishingControllerGetApprovalsAction;\n"]}
+{"version":3,"file":"PhishingController-method-action-types.cjs","sourceRoot":"","sources":["../src/PhishingController-method-action-types.ts"],"names":[],"mappings":";AAAA;;;GAGG","sourcesContent":["/**\n * This file is auto generated.\n * Do not edit manually.\n */\n\nimport type { PhishingController } from './PhishingController';\n\n/**\n * Finds known recipient addresses that look like an address poisoning match.\n *\n * @param candidate - The recipient address being checked.\n * @returns Similar known recipient matches sorted by score.\n */\nexport type PhishingControllerCheckAddressPoisoningAction = {\n  type: `PhishingController:checkAddressPoisoning`;\n  handler: PhishingController['checkAddressPoisoning'];\n};\n\n/**\n * Conditionally update the phishing configuration.\n *\n * If the stalelist configuration is out of date, this function will call `updateStalelist`\n * to update the configuration. This will automatically grab the hotlist,\n * so it isn't necessary to continue on to download the hotlist and the c2 domain blocklist.\n *\n */\nexport type PhishingControllerMaybeUpdateStateAction = {\n  type: `PhishingController:maybeUpdateState`;\n  handler: PhishingController['maybeUpdateState'];\n};\n\n/**\n * Determines if a given origin is unapproved.\n *\n * It is strongly recommended that you call {@link maybeUpdateState} before calling this,\n * to check whether the phishing configuration is up-to-date. It will be updated if necessary\n * by calling {@link updateStalelist} or {@link updateHotlist}.\n *\n * @param origin - Domain origin of a website.\n * @returns Whether the origin is an unapproved origin.\n */\nexport type PhishingControllerTestOriginAction = {\n  type: `PhishingController:testOrigin`;\n  handler: PhishingController['testOrigin'];\n};\n\n/**\n * Checks if a request URL's domain is blocked against the request blocklist.\n *\n * This method is used to determine if a specific request URL is associated with a malicious\n * command and control (C2) domain. The URL's hostname is hashed and checked against a configured\n * blocklist of known malicious domains.\n *\n * @param origin - The full request URL to be checked.\n * @returns An object indicating whether the URL's domain is blocked and relevant metadata.\n */\nexport type PhishingControllerIsBlockedRequestAction = {\n  type: `PhishingController:isBlockedRequest`;\n  handler: PhishingController['isBlockedRequest'];\n};\n\n/**\n * Temporarily marks a given origin as approved.\n *\n * @param origin - The origin to mark as approved.\n */\nexport type PhishingControllerBypassAction = {\n  type: `PhishingController:bypass`;\n  handler: PhishingController['bypass'];\n};\n\n/**\n * Scan a URL for phishing. For most hosts only the hostname is sent to the API; for known\n * shared gateways the pathname is included (see `PHISHING_DETECTION_PATH_BASED_ROOT_DOMAINS`).\n * Only supports web URLs (`http:` / `https:`).\n *\n * @param url - The URL to scan.\n * @returns The phishing detection scan result.\n */\nexport type PhishingControllerScanUrlAction = {\n  type: `PhishingController:scanUrl`;\n  handler: PhishingController['scanUrl'];\n};\n\n/**\n * Scan multiple URLs for phishing in bulk. It will only scan the hostnames of the URLs.\n * It also only supports web URLs.\n *\n * @param urls - The URLs to scan.\n * @returns A mapping of URLs to their phishing detection scan results and errors.\n */\nexport type PhishingControllerBulkScanUrlsAction = {\n  type: `PhishingController:bulkScanUrls`;\n  handler: PhishingController['bulkScanUrls'];\n};\n\n/**\n * Scan an address for security alerts.\n *\n * @param chainId - The chain ID in hex format (e.g., '0x1' for Ethereum).\n * @param address - The address to scan.\n * @returns The address scan result.\n */\nexport type PhishingControllerScanAddressAction = {\n  type: `PhishingController:scanAddress`;\n  handler: PhishingController['scanAddress'];\n};\n\n/**\n * Scan multiple tokens for malicious activity in bulk.\n *\n * @param request - The bulk scan request containing chainId and tokens.\n * @param request.chainId - The chain identifier. Accepts a hex chain ID for\n * EVM chains (e.g. `'0x1'` for Ethereum) or a chain name for non-EVM chains\n * (e.g. `'solana'`).\n * @param request.tokens - Array of token addresses to scan.\n * @returns A mapping of token addresses to their scan results. For EVM chains,\n * addresses are lowercased; for non-EVM chains, original casing is preserved.\n * Tokens that fail to scan are omitted.\n */\nexport type PhishingControllerBulkScanTokensAction = {\n  type: `PhishingController:bulkScanTokens`;\n  handler: PhishingController['bulkScanTokens'];\n};\n\nexport type PhishingControllerGetApprovalsAction = {\n  type: `PhishingController:getApprovals`;\n  handler: PhishingController['getApprovals'];\n};\n\n/**\n * Union of all PhishingController action types.\n */\nexport type PhishingControllerMethodActions =\n  | PhishingControllerCheckAddressPoisoningAction\n  | PhishingControllerMaybeUpdateStateAction\n  | PhishingControllerTestOriginAction\n  | PhishingControllerIsBlockedRequestAction\n  | PhishingControllerBypassAction\n  | PhishingControllerScanUrlAction\n  | PhishingControllerBulkScanUrlsAction\n  | PhishingControllerScanAddressAction\n  | PhishingControllerBulkScanTokensAction\n  | PhishingControllerGetApprovalsAction;\n"]}

package/dist/PhishingController-method-action-types.d.cts

@@ -3,6 +3,16 @@
  * Do not edit manually.
  */
 import type { PhishingController } from "./PhishingController.cjs";
+/**
+ * Finds known recipient addresses that look like an address poisoning match.
+ *
+ * @param candidate - The recipient address being checked.
+ * @returns Similar known recipient matches sorted by score.
+ */
+export type PhishingControllerCheckAddressPoisoningAction = {
+    type: `PhishingController:checkAddressPoisoning`;
+    handler: PhishingController['checkAddressPoisoning'];
+};
 /**
  * Conditionally update the phishing configuration.
  *
@@ -109,5 +119,5 @@ export type PhishingControllerGetApprovalsAction = {
 /**
  * Union of all PhishingController action types.
  */
-export type PhishingControllerMethodActions = PhishingControllerMaybeUpdateStateAction | PhishingControllerTestOriginAction | PhishingControllerIsBlockedRequestAction | PhishingControllerBypassAction | PhishingControllerScanUrlAction | PhishingControllerBulkScanUrlsAction | PhishingControllerScanAddressAction | PhishingControllerBulkScanTokensAction | PhishingControllerGetApprovalsAction;
+export type PhishingControllerMethodActions = PhishingControllerCheckAddressPoisoningAction | PhishingControllerMaybeUpdateStateAction | PhishingControllerTestOriginAction | PhishingControllerIsBlockedRequestAction | PhishingControllerBypassAction | PhishingControllerScanUrlAction | PhishingControllerBulkScanUrlsAction | PhishingControllerScanAddressAction | PhishingControllerBulkScanTokensAction | PhishingControllerGetApprovalsAction;
 //# sourceMappingURL=PhishingController-method-action-types.d.cts.map

package/dist/PhishingController-method-action-types.d.cts.map

@@ -1 +1 @@
-{"version":3,"file":"PhishingController-method-action-types.d.cts","sourceRoot":"","sources":["../src/PhishingController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,iCAA6B;AAE/D;;;;;;;GAOG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,MAAM,kCAAkC,GAAG;IAC/C,IAAI,EAAE,+BAA+B,CAAC;IACtC,OAAO,EAAE,kBAAkB,CAAC,YAAY,CAAC,CAAC;CAC3C,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,8BAA8B,GAAG;IAC3C,IAAI,EAAE,2BAA2B,CAAC;IAClC,OAAO,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;CACvC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,+BAA+B,GAAG;IAC5C,IAAI,EAAE,4BAA4B,CAAC;IACnC,OAAO,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC;CACxC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,kBAAkB,CAAC,cAAc,CAAC,CAAC;CAC7C,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,mCAAmC,GAAG;IAChD,IAAI,EAAE,gCAAgC,CAAC;IACvC,OAAO,EAAE,kBAAkB,CAAC,aAAa,CAAC,CAAC;CAC5C,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,sCAAsC,GAAG;IACnD,IAAI,EAAE,mCAAmC,CAAC;IAC1C,OAAO,EAAE,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;CAC/C,CAAC;AAEF,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,kBAAkB,CAAC,cAAc,CAAC,CAAC;CAC7C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,+BAA+B,GACvC,wCAAwC,GACxC,kCAAkC,GAClC,wCAAwC,GACxC,8BAA8B,GAC9B,+BAA+B,GAC/B,oCAAoC,GACpC,mCAAmC,GACnC,sCAAsC,GACtC,oCAAoC,CAAC"}
+{"version":3,"file":"PhishingController-method-action-types.d.cts","sourceRoot":"","sources":["../src/PhishingController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,iCAA6B;AAE/D;;;;;GAKG;AACH,MAAM,MAAM,6CAA6C,GAAG;IAC1D,IAAI,EAAE,0CAA0C,CAAC;IACjD,OAAO,EAAE,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;CACtD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,MAAM,kCAAkC,GAAG;IAC/C,IAAI,EAAE,+BAA+B,CAAC;IACtC,OAAO,EAAE,kBAAkB,CAAC,YAAY,CAAC,CAAC;CAC3C,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,8BAA8B,GAAG;IAC3C,IAAI,EAAE,2BAA2B,CAAC;IAClC,OAAO,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;CACvC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,+BAA+B,GAAG;IAC5C,IAAI,EAAE,4BAA4B,CAAC;IACnC,OAAO,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC;CACxC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,kBAAkB,CAAC,cAAc,CAAC,CAAC;CAC7C,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,mCAAmC,GAAG;IAChD,IAAI,EAAE,gCAAgC,CAAC;IACvC,OAAO,EAAE,kBAAkB,CAAC,aAAa,CAAC,CAAC;CAC5C,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,sCAAsC,GAAG;IACnD,IAAI,EAAE,mCAAmC,CAAC;IAC1C,OAAO,EAAE,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;CAC/C,CAAC;AAEF,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,kBAAkB,CAAC,cAAc,CAAC,CAAC;CAC7C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,+BAA+B,GACvC,6CAA6C,GAC7C,wCAAwC,GACxC,kCAAkC,GAClC,wCAAwC,GACxC,8BAA8B,GAC9B,+BAA+B,GAC/B,oCAAoC,GACpC,mCAAmC,GACnC,sCAAsC,GACtC,oCAAoC,CAAC"}

package/dist/PhishingController-method-action-types.d.mts

@@ -3,6 +3,16 @@
  * Do not edit manually.
  */
 import type { PhishingController } from "./PhishingController.mjs";
+/**
+ * Finds known recipient addresses that look like an address poisoning match.
+ *
+ * @param candidate - The recipient address being checked.
+ * @returns Similar known recipient matches sorted by score.
+ */
+export type PhishingControllerCheckAddressPoisoningAction = {
+    type: `PhishingController:checkAddressPoisoning`;
+    handler: PhishingController['checkAddressPoisoning'];
+};
 /**
  * Conditionally update the phishing configuration.
  *
@@ -109,5 +119,5 @@ export type PhishingControllerGetApprovalsAction = {
 /**
  * Union of all PhishingController action types.
  */
-export type PhishingControllerMethodActions = PhishingControllerMaybeUpdateStateAction | PhishingControllerTestOriginAction | PhishingControllerIsBlockedRequestAction | PhishingControllerBypassAction | PhishingControllerScanUrlAction | PhishingControllerBulkScanUrlsAction | PhishingControllerScanAddressAction | PhishingControllerBulkScanTokensAction | PhishingControllerGetApprovalsAction;
+export type PhishingControllerMethodActions = PhishingControllerCheckAddressPoisoningAction | PhishingControllerMaybeUpdateStateAction | PhishingControllerTestOriginAction | PhishingControllerIsBlockedRequestAction | PhishingControllerBypassAction | PhishingControllerScanUrlAction | PhishingControllerBulkScanUrlsAction | PhishingControllerScanAddressAction | PhishingControllerBulkScanTokensAction | PhishingControllerGetApprovalsAction;
 //# sourceMappingURL=PhishingController-method-action-types.d.mts.map

package/dist/PhishingController-method-action-types.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"PhishingController-method-action-types.d.mts","sourceRoot":"","sources":["../src/PhishingController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,iCAA6B;AAE/D;;;;;;;GAOG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,MAAM,kCAAkC,GAAG;IAC/C,IAAI,EAAE,+BAA+B,CAAC;IACtC,OAAO,EAAE,kBAAkB,CAAC,YAAY,CAAC,CAAC;CAC3C,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,8BAA8B,GAAG;IAC3C,IAAI,EAAE,2BAA2B,CAAC;IAClC,OAAO,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;CACvC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,+BAA+B,GAAG;IAC5C,IAAI,EAAE,4BAA4B,CAAC;IACnC,OAAO,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC;CACxC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,kBAAkB,CAAC,cAAc,CAAC,CAAC;CAC7C,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,mCAAmC,GAAG;IAChD,IAAI,EAAE,gCAAgC,CAAC;IACvC,OAAO,EAAE,kBAAkB,CAAC,aAAa,CAAC,CAAC;CAC5C,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,sCAAsC,GAAG;IACnD,IAAI,EAAE,mCAAmC,CAAC;IAC1C,OAAO,EAAE,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;CAC/C,CAAC;AAEF,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,kBAAkB,CAAC,cAAc,CAAC,CAAC;CAC7C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,+BAA+B,GACvC,wCAAwC,GACxC,kCAAkC,GAClC,wCAAwC,GACxC,8BAA8B,GAC9B,+BAA+B,GAC/B,oCAAoC,GACpC,mCAAmC,GACnC,sCAAsC,GACtC,oCAAoC,CAAC"}
+{"version":3,"file":"PhishingController-method-action-types.d.mts","sourceRoot":"","sources":["../src/PhishingController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,iCAA6B;AAE/D;;;;;GAKG;AACH,MAAM,MAAM,6CAA6C,GAAG;IAC1D,IAAI,EAAE,0CAA0C,CAAC;IACjD,OAAO,EAAE,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;CACtD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,MAAM,kCAAkC,GAAG;IAC/C,IAAI,EAAE,+BAA+B,CAAC;IACtC,OAAO,EAAE,kBAAkB,CAAC,YAAY,CAAC,CAAC;CAC3C,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,8BAA8B,GAAG;IAC3C,IAAI,EAAE,2BAA2B,CAAC;IAClC,OAAO,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;CACvC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,+BAA+B,GAAG;IAC5C,IAAI,EAAE,4BAA4B,CAAC;IACnC,OAAO,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC;CACxC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,kBAAkB,CAAC,cAAc,CAAC,CAAC;CAC7C,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,mCAAmC,GAAG;IAChD,IAAI,EAAE,gCAAgC,CAAC;IACvC,OAAO,EAAE,kBAAkB,CAAC,aAAa,CAAC,CAAC;CAC5C,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,sCAAsC,GAAG;IACnD,IAAI,EAAE,mCAAmC,CAAC;IAC1C,OAAO,EAAE,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;CAC/C,CAAC;AAEF,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,kBAAkB,CAAC,cAAc,CAAC,CAAC;CAC7C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,+BAA+B,GACvC,6CAA6C,GAC7C,wCAAwC,GACxC,kCAAkC,GAClC,wCAAwC,GACxC,8BAA8B,GAC9B,+BAA+B,GAC/B,oCAAoC,GACpC,mCAAmC,GACnC,sCAAsC,GACtC,oCAAoC,CAAC"}

package/dist/PhishingController-method-action-types.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"PhishingController-method-action-types.mjs","sourceRoot":"","sources":["../src/PhishingController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG","sourcesContent":["/**\n * This file is auto generated.\n * Do not edit manually.\n */\n\nimport type { PhishingController } from './PhishingController';\n\n/**\n * Conditionally update the phishing configuration.\n *\n * If the stalelist configuration is out of date, this function will call `updateStalelist`\n * to update the configuration. This will automatically grab the hotlist,\n * so it isn't necessary to continue on to download the hotlist and the c2 domain blocklist.\n *\n */\nexport type PhishingControllerMaybeUpdateStateAction = {\n  type: `PhishingController:maybeUpdateState`;\n  handler: PhishingController['maybeUpdateState'];\n};\n\n/**\n * Determines if a given origin is unapproved.\n *\n * It is strongly recommended that you call {@link maybeUpdateState} before calling this,\n * to check whether the phishing configuration is up-to-date. It will be updated if necessary\n * by calling {@link updateStalelist} or {@link updateHotlist}.\n *\n * @param origin - Domain origin of a website.\n * @returns Whether the origin is an unapproved origin.\n */\nexport type PhishingControllerTestOriginAction = {\n  type: `PhishingController:testOrigin`;\n  handler: PhishingController['testOrigin'];\n};\n\n/**\n * Checks if a request URL's domain is blocked against the request blocklist.\n *\n * This method is used to determine if a specific request URL is associated with a malicious\n * command and control (C2) domain. The URL's hostname is hashed and checked against a configured\n * blocklist of known malicious domains.\n *\n * @param origin - The full request URL to be checked.\n * @returns An object indicating whether the URL's domain is blocked and relevant metadata.\n */\nexport type PhishingControllerIsBlockedRequestAction = {\n  type: `PhishingController:isBlockedRequest`;\n  handler: PhishingController['isBlockedRequest'];\n};\n\n/**\n * Temporarily marks a given origin as approved.\n *\n * @param origin - The origin to mark as approved.\n */\nexport type PhishingControllerBypassAction = {\n  type: `PhishingController:bypass`;\n  handler: PhishingController['bypass'];\n};\n\n/**\n * Scan a URL for phishing. For most hosts only the hostname is sent to the API; for known\n * shared gateways the pathname is included (see `PHISHING_DETECTION_PATH_BASED_ROOT_DOMAINS`).\n * Only supports web URLs (`http:` / `https:`).\n *\n * @param url - The URL to scan.\n * @returns The phishing detection scan result.\n */\nexport type PhishingControllerScanUrlAction = {\n  type: `PhishingController:scanUrl`;\n  handler: PhishingController['scanUrl'];\n};\n\n/**\n * Scan multiple URLs for phishing in bulk. It will only scan the hostnames of the URLs.\n * It also only supports web URLs.\n *\n * @param urls - The URLs to scan.\n * @returns A mapping of URLs to their phishing detection scan results and errors.\n */\nexport type PhishingControllerBulkScanUrlsAction = {\n  type: `PhishingController:bulkScanUrls`;\n  handler: PhishingController['bulkScanUrls'];\n};\n\n/**\n * Scan an address for security alerts.\n *\n * @param chainId - The chain ID in hex format (e.g., '0x1' for Ethereum).\n * @param address - The address to scan.\n * @returns The address scan result.\n */\nexport type PhishingControllerScanAddressAction = {\n  type: `PhishingController:scanAddress`;\n  handler: PhishingController['scanAddress'];\n};\n\n/**\n * Scan multiple tokens for malicious activity in bulk.\n *\n * @param request - The bulk scan request containing chainId and tokens.\n * @param request.chainId - The chain identifier. Accepts a hex chain ID for\n * EVM chains (e.g. `'0x1'` for Ethereum) or a chain name for non-EVM chains\n * (e.g. `'solana'`).\n * @param request.tokens - Array of token addresses to scan.\n * @returns A mapping of token addresses to their scan results. For EVM chains,\n * addresses are lowercased; for non-EVM chains, original casing is preserved.\n * Tokens that fail to scan are omitted.\n */\nexport type PhishingControllerBulkScanTokensAction = {\n  type: `PhishingController:bulkScanTokens`;\n  handler: PhishingController['bulkScanTokens'];\n};\n\nexport type PhishingControllerGetApprovalsAction = {\n  type: `PhishingController:getApprovals`;\n  handler: PhishingController['getApprovals'];\n};\n\n/**\n * Union of all PhishingController action types.\n */\nexport type PhishingControllerMethodActions =\n  | PhishingControllerMaybeUpdateStateAction\n  | PhishingControllerTestOriginAction\n  | PhishingControllerIsBlockedRequestAction\n  | PhishingControllerBypassAction\n  | PhishingControllerScanUrlAction\n  | PhishingControllerBulkScanUrlsAction\n  | PhishingControllerScanAddressAction\n  | PhishingControllerBulkScanTokensAction\n  | PhishingControllerGetApprovalsAction;\n"]}
+{"version":3,"file":"PhishingController-method-action-types.mjs","sourceRoot":"","sources":["../src/PhishingController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG","sourcesContent":["/**\n * This file is auto generated.\n * Do not edit manually.\n */\n\nimport type { PhishingController } from './PhishingController';\n\n/**\n * Finds known recipient addresses that look like an address poisoning match.\n *\n * @param candidate - The recipient address being checked.\n * @returns Similar known recipient matches sorted by score.\n */\nexport type PhishingControllerCheckAddressPoisoningAction = {\n  type: `PhishingController:checkAddressPoisoning`;\n  handler: PhishingController['checkAddressPoisoning'];\n};\n\n/**\n * Conditionally update the phishing configuration.\n *\n * If the stalelist configuration is out of date, this function will call `updateStalelist`\n * to update the configuration. This will automatically grab the hotlist,\n * so it isn't necessary to continue on to download the hotlist and the c2 domain blocklist.\n *\n */\nexport type PhishingControllerMaybeUpdateStateAction = {\n  type: `PhishingController:maybeUpdateState`;\n  handler: PhishingController['maybeUpdateState'];\n};\n\n/**\n * Determines if a given origin is unapproved.\n *\n * It is strongly recommended that you call {@link maybeUpdateState} before calling this,\n * to check whether the phishing configuration is up-to-date. It will be updated if necessary\n * by calling {@link updateStalelist} or {@link updateHotlist}.\n *\n * @param origin - Domain origin of a website.\n * @returns Whether the origin is an unapproved origin.\n */\nexport type PhishingControllerTestOriginAction = {\n  type: `PhishingController:testOrigin`;\n  handler: PhishingController['testOrigin'];\n};\n\n/**\n * Checks if a request URL's domain is blocked against the request blocklist.\n *\n * This method is used to determine if a specific request URL is associated with a malicious\n * command and control (C2) domain. The URL's hostname is hashed and checked against a configured\n * blocklist of known malicious domains.\n *\n * @param origin - The full request URL to be checked.\n * @returns An object indicating whether the URL's domain is blocked and relevant metadata.\n */\nexport type PhishingControllerIsBlockedRequestAction = {\n  type: `PhishingController:isBlockedRequest`;\n  handler: PhishingController['isBlockedRequest'];\n};\n\n/**\n * Temporarily marks a given origin as approved.\n *\n * @param origin - The origin to mark as approved.\n */\nexport type PhishingControllerBypassAction = {\n  type: `PhishingController:bypass`;\n  handler: PhishingController['bypass'];\n};\n\n/**\n * Scan a URL for phishing. For most hosts only the hostname is sent to the API; for known\n * shared gateways the pathname is included (see `PHISHING_DETECTION_PATH_BASED_ROOT_DOMAINS`).\n * Only supports web URLs (`http:` / `https:`).\n *\n * @param url - The URL to scan.\n * @returns The phishing detection scan result.\n */\nexport type PhishingControllerScanUrlAction = {\n  type: `PhishingController:scanUrl`;\n  handler: PhishingController['scanUrl'];\n};\n\n/**\n * Scan multiple URLs for phishing in bulk. It will only scan the hostnames of the URLs.\n * It also only supports web URLs.\n *\n * @param urls - The URLs to scan.\n * @returns A mapping of URLs to their phishing detection scan results and errors.\n */\nexport type PhishingControllerBulkScanUrlsAction = {\n  type: `PhishingController:bulkScanUrls`;\n  handler: PhishingController['bulkScanUrls'];\n};\n\n/**\n * Scan an address for security alerts.\n *\n * @param chainId - The chain ID in hex format (e.g., '0x1' for Ethereum).\n * @param address - The address to scan.\n * @returns The address scan result.\n */\nexport type PhishingControllerScanAddressAction = {\n  type: `PhishingController:scanAddress`;\n  handler: PhishingController['scanAddress'];\n};\n\n/**\n * Scan multiple tokens for malicious activity in bulk.\n *\n * @param request - The bulk scan request containing chainId and tokens.\n * @param request.chainId - The chain identifier. Accepts a hex chain ID for\n * EVM chains (e.g. `'0x1'` for Ethereum) or a chain name for non-EVM chains\n * (e.g. `'solana'`).\n * @param request.tokens - Array of token addresses to scan.\n * @returns A mapping of token addresses to their scan results. For EVM chains,\n * addresses are lowercased; for non-EVM chains, original casing is preserved.\n * Tokens that fail to scan are omitted.\n */\nexport type PhishingControllerBulkScanTokensAction = {\n  type: `PhishingController:bulkScanTokens`;\n  handler: PhishingController['bulkScanTokens'];\n};\n\nexport type PhishingControllerGetApprovalsAction = {\n  type: `PhishingController:getApprovals`;\n  handler: PhishingController['getApprovals'];\n};\n\n/**\n * Union of all PhishingController action types.\n */\nexport type PhishingControllerMethodActions =\n  | PhishingControllerCheckAddressPoisoningAction\n  | PhishingControllerMaybeUpdateStateAction\n  | PhishingControllerTestOriginAction\n  | PhishingControllerIsBlockedRequestAction\n  | PhishingControllerBypassAction\n  | PhishingControllerScanUrlAction\n  | PhishingControllerBulkScanUrlsAction\n  | PhishingControllerScanAddressAction\n  | PhishingControllerBulkScanTokensAction\n  | PhishingControllerGetApprovalsAction;\n"]}

package/dist/PhishingController.cjs

@@ -10,12 +10,14 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
-var _PhishingController_instances, _PhishingController_detector, _PhishingController_stalelistRefreshInterval, _PhishingController_hotlistRefreshInterval, _PhishingController_c2DomainBlocklistRefreshInterval, _PhishingController_urlScanCache, _PhishingController_tokenScanCache, _PhishingController_addressScanCache, _PhishingController_inProgressHotlistUpdate, _PhishingController_inProgressStalelistUpdate, _PhishingController_isProgressC2DomainBlocklistUpdate, _PhishingController_transactionControllerStateChangeHandler, _PhishingController_subscribeToTransactionControllerStateChange, _PhishingController_isTransactionPatch, _PhishingController_isSimulationDataPatch, _PhishingController_onTransactionControllerStateChange, _PhishingController_getTokensFromTransaction, _PhishingController_scanTokensByChain, _PhishingController_fetchTokenScanBulkResults, _PhishingController_processBatch, _PhishingController_updateStalelist, _PhishingController_updateHotlist, _PhishingController_updateC2DomainBlocklist, _PhishingController_queryConfig;
+var _PhishingController_instances, _PhishingController_detector, _PhishingController_stalelistRefreshInterval, _PhishingController_hotlistRefreshInterval, _PhishingController_c2DomainBlocklistRefreshInterval, _PhishingController_urlScanCache, _PhishingController_tokenScanCache, _PhishingController_addressScanCache, _PhishingController_knownRecipients, _PhishingController_transactionRecipients, _PhishingController_transactionRecipientsByTransactionId, _PhishingController_transactionRecipientCounts, _PhishingController_addressBookRecipients, _PhishingController_inProgressHotlistUpdate, _PhishingController_inProgressStalelistUpdate, _PhishingController_isProgressC2DomainBlocklistUpdate, _PhishingController_transactionControllerStateChangeHandler, _PhishingController_addressBookControllerStateChangeHandler, _PhishingController_subscribeToAddressBookControllerStateChange, _PhishingController_subscribeToTransactionControllerStateChange, _PhishingController_isTransactionPatch, _PhishingController_isSimulationDataPatch, _PhishingController_onTransactionControllerStateChange, _PhishingController_onAddressBookControllerStateChange, _PhishingController_getTokensFromTransaction, _PhishingController_scanTokensByChain, _PhishingController_hydrateKnownRecipients, _PhishingController_hydrateKnownRecipientsFromTransactionState, _PhishingController_hydrateKnownRecipientsFromAddressBookState, _PhishingController_setKnownRecipientsFromTransactionState, _PhishingController_updateKnownRecipientsFromTransactionPatches, _PhishingController_getTransactionFromPatchValue, _PhishingController_updateTransactionRecipients, _PhishingController_addTransactionRecipients, _PhishingController_removeTransactionRecipients, _PhishingController_setKnownRecipientsFromAddressBookState, _PhishingController_rebuildKnownRecipients, _PhishingController_getAddressBookRecipients, _PhishingController_getRecipientAddressesFromTransaction, _PhishingController_normalizeAddress, _PhishingController_fetchTokenScanBulkResults, _PhishingController_processBatch, _PhishingController_updateStalelist, _PhishingController_updateHotlist, _PhishingController_updateC2DomainBlocklist, _PhishingController_queryConfig;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PhishingController = exports.phishingListKeyNameMap = exports.ListNames = exports.ListKeys = exports.C2_DOMAIN_BLOCKLIST_URL = exports.METAMASK_HOTLIST_DIFF_URL = exports.METAMASK_STALELIST_URL = exports.STALELIST_REFRESH_INTERVAL = exports.HOTLIST_REFRESH_INTERVAL = exports.C2_DOMAIN_BLOCKLIST_REFRESH_INTERVAL = exports.DEFAULT_ADDRESS_SCAN_CACHE_MAX_SIZE = exports.DEFAULT_ADDRESS_SCAN_CACHE_TTL = exports.DEFAULT_TOKEN_SCAN_CACHE_MAX_SIZE = exports.DEFAULT_TOKEN_SCAN_CACHE_TTL = exports.DEFAULT_URL_SCAN_CACHE_MAX_SIZE = exports.DEFAULT_URL_SCAN_CACHE_TTL = exports.APPROVALS_ENDPOINT = exports.ADDRESS_SCAN_ENDPOINT = exports.TOKEN_BULK_SCANNING_ENDPOINT = exports.SECURITY_ALERTS_BASE_URL = exports.PHISHING_DETECTION_BULK_SCAN_ENDPOINT = exports.PHISHING_DETECTION_SCAN_ENDPOINT = exports.PHISHING_DETECTION_BASE_URL = exports.C2_DOMAIN_BLOCKLIST_ENDPOINT = exports.CLIENT_SIDE_DETECION_BASE_URL = exports.METAMASK_HOTLIST_DIFF_FILE = exports.METAMASK_STALELIST_FILE = exports.PHISHING_CONFIG_BASE_URL = void 0;
 const base_controller_1 = require("@metamask/base-controller");
 const controller_utils_1 = require("@metamask/controller-utils");
+const transaction_controller_1 = require("@metamask/transaction-controller");
 const punycode_js_1 = require("punycode/punycode.js");
+const address_poisoning_1 = require("./address-poisoning.cjs");
 const CacheManager_1 = require("./CacheManager.cjs");
 const PathTrie_1 = require("./PathTrie.cjs");
 const PhishingDetector_1 = require("./PhishingDetector.cjs");
@@ -160,6 +162,7 @@ const MESSENGER_EXPOSED_METHODS = [
     'bulkScanTokens',
     'scanAddress',
     'getApprovals',
+    'checkAddressPoisoning',
 ];
 /**
  * Controller that manages community-maintained lists of approved and unapproved website origins.
@@ -201,10 +204,16 @@ class PhishingController extends base_controller_1.BaseController {
         _PhishingController_urlScanCache.set(this, void 0);
         _PhishingController_tokenScanCache.set(this, void 0);
         _PhishingController_addressScanCache.set(this, void 0);
+        _PhishingController_knownRecipients.set(this, void 0);
+        _PhishingController_transactionRecipients.set(this, void 0);
+        _PhishingController_transactionRecipientsByTransactionId.set(this, void 0);
+        _PhishingController_transactionRecipientCounts.set(this, void 0);
+        _PhishingController_addressBookRecipients.set(this, void 0);
         _PhishingController_inProgressHotlistUpdate.set(this, void 0);
         _PhishingController_inProgressStalelistUpdate.set(this, void 0);
         _PhishingController_isProgressC2DomainBlocklistUpdate.set(this, void 0);
         _PhishingController_transactionControllerStateChangeHandler.set(this, void 0);
+        _PhishingController_addressBookControllerStateChangeHandler.set(this, void 0);
         /**
          * Determines if a given origin is unapproved.
          *
@@ -252,10 +261,9 @@ class PhishingController extends base_controller_1.BaseController {
                 console.error(`Error scanning tokens: timeout of ${timeout}ms exceeded`);
                 return null;
             }
-            if ('error' in apiResponse &&
-                'status' in apiResponse &&
-                'statusText' in apiResponse) {
-                console.warn(`Token bulk screening API error: ${apiResponse.status} ${apiResponse.statusText}`);
+            if (apiResponse.error) {
+                const { status, statusText } = apiResponse;
+                console.warn(`Token bulk screening API error: ${status} ${statusText}`);
                 return null;
             }
             return apiResponse;
@@ -295,8 +303,10 @@ class PhishingController extends base_controller_1.BaseController {
                 const data = await res.json();
                 return data;
             }, true, 5000);
-            if (!apiResponse ||
-                'error' in apiResponse ||
+            if (!apiResponse) {
+                return { approvals: [] };
+            }
+            if (apiResponse.error ||
                 !Array.isArray(apiResponse.approvals)) {
                 return { approvals: [] };
             }
@@ -338,13 +348,12 @@ class PhishingController extends base_controller_1.BaseController {
                 };
             }
             // Handle HTTP error responses
-            if ('error' in apiResponse &&
-                'status' in apiResponse &&
-                'statusText' in apiResponse) {
+            if (apiResponse.error) {
+                const { status, statusText } = apiResponse;
                 return {
                     results: {},
                     errors: {
-                        api_error: [`${apiResponse.status} ${apiResponse.statusText}`],
+                        api_error: [`${status} ${statusText}`],
                     },
                 };
             }
@@ -353,7 +362,13 @@ class PhishingController extends base_controller_1.BaseController {
         __classPrivateFieldSet(this, _PhishingController_stalelistRefreshInterval, stalelistRefreshInterval, "f");
         __classPrivateFieldSet(this, _PhishingController_hotlistRefreshInterval, hotlistRefreshInterval, "f");
         __classPrivateFieldSet(this, _PhishingController_c2DomainBlocklistRefreshInterval, c2DomainBlocklistRefreshInterval, "f");
+        __classPrivateFieldSet(this, _PhishingController_knownRecipients, new Set(), "f");
+        __classPrivateFieldSet(this, _PhishingController_transactionRecipients, new Set(), "f");
+        __classPrivateFieldSet(this, _PhishingController_transactionRecipientsByTransactionId, new Map(), "f");
+        __classPrivateFieldSet(this, _PhishingController_transactionRecipientCounts, new Map(), "f");
+        __classPrivateFieldSet(this, _PhishingController_addressBookRecipients, new Set(), "f");
         __classPrivateFieldSet(this, _PhishingController_transactionControllerStateChangeHandler, __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_onTransactionControllerStateChange).bind(this), "f");
+        __classPrivateFieldSet(this, _PhishingController_addressBookControllerStateChangeHandler, __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_onAddressBookControllerStateChange).bind(this), "f");
         __classPrivateFieldSet(this, _PhishingController_urlScanCache, new CacheManager_1.CacheManager({
             cacheTTL: urlScanCacheTTL,
             maxCacheSize: urlScanCacheMaxSize,
@@ -386,6 +401,8 @@ class PhishingController extends base_controller_1.BaseController {
         }), "f");
         this.messenger.registerMethodActionHandlers(this, MESSENGER_EXPOSED_METHODS);
         this.updatePhishingDetector();
+        __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_hydrateKnownRecipients).call(this);
+        __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_subscribeToAddressBookControllerStateChange).call(this);
         __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_subscribeToTransactionControllerStateChange).call(this);
     }
     /**
@@ -394,6 +411,15 @@ class PhishingController extends base_controller_1.BaseController {
     updatePhishingDetector() {
         __classPrivateFieldSet(this, _PhishingController_detector, new PhishingDetector_1.PhishingDetector(this.state.phishingLists), "f");
     }
+    /**
+     * Finds known recipient addresses that look like an address poisoning match.
+     *
+     * @param candidate - The recipient address being checked.
+     * @returns Similar known recipient matches sorted by score.
+     */
+    checkAddressPoisoning(candidate) {
+        return (0, address_poisoning_1.findSimilarAddresses)(candidate, Array.from(__classPrivateFieldGet(this, _PhishingController_knownRecipients, "f")));
+    }
     /**
      * Determine if an update to the stalelist configuration is needed.
      *
@@ -613,16 +639,17 @@ class PhishingController extends base_controller_1.BaseController {
                 fetchError: 'timeout of 8000ms exceeded',
             };
         }
-        else if ('error' in apiResponse) {
+        else if (apiResponse.error) {
             return {
                 hostname: '',
                 recommendedAction: types_1.RecommendedAction.None,
                 fetchError: apiResponse.error,
             };
         }
+        const scanResult = apiResponse;
         const result = {
             hostname,
-            recommendedAction: apiResponse.recommendedAction,
+            recommendedAction: scanResult.recommendedAction,
         };
         __classPrivateFieldGet(this, _PhishingController_urlScanCache, "f").set(scanUrlParam, result);
         return result;
@@ -773,20 +800,21 @@ class PhishingController extends base_controller_1.BaseController {
                 label: '',
             };
         }
-        else if ('error' in apiResponse) {
+        else if (apiResponse.error) {
             return {
                 result_type: types_1.AddressScanResultType.ErrorResult,
                 label: '',
             };
         }
+        const scanResult = apiResponse;
         const result = {
-            result_type: apiResponse.result_type,
-            label: apiResponse.label,
+            result_type: scanResult.result_type,
+            label: scanResult.label,
         };
         __classPrivateFieldGet(this, _PhishingController_addressScanCache, "f").set(cacheKey, result);
         return {
-            result_type: apiResponse.result_type,
-            label: apiResponse.label,
+            result_type: scanResult.result_type,
+            label: scanResult.label,
         };
     }
     /**
@@ -853,8 +881,14 @@ class PhishingController extends base_controller_1.BaseController {
     }
 }
 exports.PhishingController = PhishingController;
-_PhishingController_detector = new WeakMap(), _PhishingController_stalelistRefreshInterval = new WeakMap(), _PhishingController_hotlistRefreshInterval = new WeakMap(), _PhishingController_c2DomainBlocklistRefreshInterval = new WeakMap(), _PhishingController_urlScanCache = new WeakMap(), _PhishingController_tokenScanCache = new WeakMap(), _PhishingController_addressScanCache = new WeakMap(), _PhishingController_inProgressHotlistUpdate = new WeakMap(), _PhishingController_inProgressStalelistUpdate = new WeakMap(), _PhishingController_isProgressC2DomainBlocklistUpdate = new WeakMap(), _PhishingController_transactionControllerStateChangeHandler = new WeakMap(), _PhishingController_fetchTokenScanBulkResults = new WeakMap(), _PhishingController_processBatch = new WeakMap(), _PhishingController_instances = new WeakSet(), _PhishingController_subscribeToTransactionControllerStateChange = function _PhishingController_subscribeToTransactionControllerStateChange() {
-    this.messenger.subscribe('TransactionController:stateChange', __classPrivateFieldGet(this, _PhishingController_transactionControllerStateChangeHandler, "f"));
+_PhishingController_detector = new WeakMap(), _PhishingController_stalelistRefreshInterval = new WeakMap(), _PhishingController_hotlistRefreshInterval = new WeakMap(), _PhishingController_c2DomainBlocklistRefreshInterval = new WeakMap(), _PhishingController_urlScanCache = new WeakMap(), _PhishingController_tokenScanCache = new WeakMap(), _PhishingController_addressScanCache = new WeakMap(), _PhishingController_knownRecipients = new WeakMap(), _PhishingController_transactionRecipients = new WeakMap(), _PhishingController_transactionRecipientsByTransactionId = new WeakMap(), _PhishingController_transactionRecipientCounts = new WeakMap(), _PhishingController_addressBookRecipients = new WeakMap(), _PhishingController_inProgressHotlistUpdate = new WeakMap(), _PhishingController_inProgressStalelistUpdate = new WeakMap(), _PhishingController_isProgressC2DomainBlocklistUpdate = new WeakMap(), _PhishingController_transactionControllerStateChangeHandler = new WeakMap(), _PhishingController_addressBookControllerStateChangeHandler = new WeakMap(), _PhishingController_fetchTokenScanBulkResults = new WeakMap(), _PhishingController_processBatch = new WeakMap(), _PhishingController_instances = new WeakSet(), _PhishingController_subscribeToAddressBookControllerStateChange = function _PhishingController_subscribeToAddressBookControllerStateChange() {
+    this.messenger.subscribe(
+    // eslint-disable-next-line no-restricted-syntax
+    'AddressBookController:stateChange', __classPrivateFieldGet(this, _PhishingController_addressBookControllerStateChangeHandler, "f"));
+}, _PhishingController_subscribeToTransactionControllerStateChange = function _PhishingController_subscribeToTransactionControllerStateChange() {
+    this.messenger.subscribe(
+    // eslint-disable-next-line no-restricted-syntax
+    'TransactionController:stateChange', __classPrivateFieldGet(this, _PhishingController_transactionControllerStateChangeHandler, "f"));
 }, _PhishingController_isTransactionPatch = function _PhishingController_isTransactionPatch(patch) {
     const { path } = patch;
     return (path.length === 2 &&
@@ -868,6 +902,12 @@ _PhishingController_detector = new WeakMap(), _PhishingController_stalelistRefre
         path[2] === 'simulationData');
 }, _PhishingController_onTransactionControllerStateChange = function _PhishingController_onTransactionControllerStateChange(_state, patches) {
     try {
+        try {
+            __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_updateKnownRecipientsFromTransactionPatches).call(this, _state, patches);
+        }
+        catch (error) {
+            console.error('Error updating known recipients from transaction state:', error);
+        }
         const tokensByChain = new Map();
         for (const patch of patches) {
             if (patch.op === 'remove') {
@@ -889,6 +929,8 @@ _PhishingController_detector = new WeakMap(), _PhishingController_stalelistRefre
     catch (error) {
         console.error('Error processing transaction state change:', error);
     }
+}, _PhishingController_onAddressBookControllerStateChange = function _PhishingController_onAddressBookControllerStateChange(state) {
+    __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_setKnownRecipientsFromAddressBookState).call(this, state);
 }, _PhishingController_getTokensFromTransaction = function _PhishingController_getTokensFromTransaction(transaction, tokensByChain) {
     // extract token addresses from simulation data
     const tokenAddresses = transaction.simulationData?.tokenBalanceChanges?.map((tokenChange) => tokenChange.address.toLowerCase());
@@ -915,6 +957,139 @@ _PhishingController_detector = new WeakMap(), _PhishingController_stalelistRefre
             }).catch((error) => console.error(`Error scanning tokens for chain ${chainId}:`, error));
         }
     }
+}, _PhishingController_hydrateKnownRecipients = function _PhishingController_hydrateKnownRecipients() {
+    __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_hydrateKnownRecipientsFromTransactionState).call(this);
+    __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_hydrateKnownRecipientsFromAddressBookState).call(this);
+}, _PhishingController_hydrateKnownRecipientsFromTransactionState = function _PhishingController_hydrateKnownRecipientsFromTransactionState() {
+    try {
+        const state = this.messenger.call('TransactionController:getState');
+        __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_setKnownRecipientsFromTransactionState).call(this, state);
+    }
+    catch (error) {
+        console.error('Unable to hydrate known recipients from TransactionController state; address poisoning checks will not include existing confirmed transactions.', error);
+    }
+}, _PhishingController_hydrateKnownRecipientsFromAddressBookState = function _PhishingController_hydrateKnownRecipientsFromAddressBookState() {
+    try {
+        const state = this.messenger.call('AddressBookController:getState');
+        __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_setKnownRecipientsFromAddressBookState).call(this, state);
+    }
+    catch (error) {
+        console.error('Unable to hydrate known recipients from AddressBookController state; address poisoning checks will not include existing address book entries.', error);
+    }
+}, _PhishingController_setKnownRecipientsFromTransactionState = function _PhishingController_setKnownRecipientsFromTransactionState(state) {
+    __classPrivateFieldGet(this, _PhishingController_transactionRecipients, "f").clear();
+    __classPrivateFieldGet(this, _PhishingController_transactionRecipientsByTransactionId, "f").clear();
+    __classPrivateFieldGet(this, _PhishingController_transactionRecipientCounts, "f").clear();
+    for (const transaction of state.transactions) {
+        __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_addTransactionRecipients).call(this, transaction);
+    }
+    __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_rebuildKnownRecipients).call(this);
+}, _PhishingController_updateKnownRecipientsFromTransactionPatches = function _PhishingController_updateKnownRecipientsFromTransactionPatches(state, patches) {
+    let recipientsChanged = false;
+    for (const patch of patches) {
+        if (patch.path[0] !== 'transactions') {
+            continue;
+        }
+        if (patch.path.length === 1) {
+            __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_setKnownRecipientsFromTransactionState).call(this, state);
+            return;
+        }
+        const transactionIndex = patch.path[1];
+        if (transactionIndex === 'length') {
+            __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_setKnownRecipientsFromTransactionState).call(this, state);
+            return;
+        }
+        if (patch.op === 'remove') {
+            __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_setKnownRecipientsFromTransactionState).call(this, state);
+            return;
+        }
+        if (typeof transactionIndex !== 'number') {
+            __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_setKnownRecipientsFromTransactionState).call(this, state);
+            return;
+        }
+        const transaction = __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_getTransactionFromPatchValue).call(this, patch.value) ??
+            state.transactions[transactionIndex];
+        if (!transaction) {
+            continue;
+        }
+        recipientsChanged =
+            __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_updateTransactionRecipients).call(this, transaction) || recipientsChanged;
+    }
+    if (recipientsChanged) {
+        __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_rebuildKnownRecipients).call(this);
+    }
+}, _PhishingController_getTransactionFromPatchValue = function _PhishingController_getTransactionFromPatchValue(value) {
+    const transaction = value;
+    if (value &&
+        typeof value === 'object' &&
+        typeof transaction.id === 'string' &&
+        transaction.txParams !== undefined) {
+        return value;
+    }
+    return undefined;
+}, _PhishingController_updateTransactionRecipients = function _PhishingController_updateTransactionRecipients(transaction) {
+    const recipientsRemoved = __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_removeTransactionRecipients).call(this, transaction.id);
+    const recipientsAdded = __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_addTransactionRecipients).call(this, transaction);
+    return recipientsRemoved || recipientsAdded;
+}, _PhishingController_addTransactionRecipients = function _PhishingController_addTransactionRecipients(transaction) {
+    const recipients = __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_getRecipientAddressesFromTransaction).call(this, transaction);
+    if (recipients.length === 0) {
+        return false;
+    }
+    __classPrivateFieldGet(this, _PhishingController_transactionRecipientsByTransactionId, "f").set(transaction.id, new Set(recipients));
+    for (const address of recipients) {
+        const count = __classPrivateFieldGet(this, _PhishingController_transactionRecipientCounts, "f").get(address) ?? 0;
+        __classPrivateFieldGet(this, _PhishingController_transactionRecipientCounts, "f").set(address, count + 1);
+        __classPrivateFieldGet(this, _PhishingController_transactionRecipients, "f").add(address);
+    }
+    return true;
+}, _PhishingController_removeTransactionRecipients = function _PhishingController_removeTransactionRecipients(transactionId) {
+    const recipients = __classPrivateFieldGet(this, _PhishingController_transactionRecipientsByTransactionId, "f").get(transactionId);
+    if (!recipients) {
+        return false;
+    }
+    __classPrivateFieldGet(this, _PhishingController_transactionRecipientsByTransactionId, "f").delete(transactionId);
+    for (const address of recipients) {
+        const count = __classPrivateFieldGet(this, _PhishingController_transactionRecipientCounts, "f").get(address);
+        if (count <= 1) {
+            __classPrivateFieldGet(this, _PhishingController_transactionRecipientCounts, "f").delete(address);
+            __classPrivateFieldGet(this, _PhishingController_transactionRecipients, "f").delete(address);
+        }
+        else {
+            __classPrivateFieldGet(this, _PhishingController_transactionRecipientCounts, "f").set(address, count - 1);
+        }
+    }
+    return true;
+}, _PhishingController_setKnownRecipientsFromAddressBookState = function _PhishingController_setKnownRecipientsFromAddressBookState(state) {
+    __classPrivateFieldGet(this, _PhishingController_addressBookRecipients, "f").clear();
+    for (const address of __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_getAddressBookRecipients).call(this, state)) {
+        __classPrivateFieldGet(this, _PhishingController_addressBookRecipients, "f").add(address);
+    }
+    __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_rebuildKnownRecipients).call(this);
+}, _PhishingController_rebuildKnownRecipients = function _PhishingController_rebuildKnownRecipients() {
+    __classPrivateFieldGet(this, _PhishingController_knownRecipients, "f").clear();
+    for (const address of __classPrivateFieldGet(this, _PhishingController_transactionRecipients, "f")) {
+        __classPrivateFieldGet(this, _PhishingController_knownRecipients, "f").add(address);
+    }
+    for (const address of __classPrivateFieldGet(this, _PhishingController_addressBookRecipients, "f")) {
+        __classPrivateFieldGet(this, _PhishingController_knownRecipients, "f").add(address);
+    }
+}, _PhishingController_getAddressBookRecipients = function _PhishingController_getAddressBookRecipients(state) {
+    return new Set(Object.values(state.addressBook)
+        .flatMap((entriesByAddress) => Object.values(entriesByAddress))
+        .map((entry) => entry.address.toLowerCase()));
+}, _PhishingController_getRecipientAddressesFromTransaction = function _PhishingController_getRecipientAddressesFromTransaction(transaction) {
+    if (transaction.status !== transaction_controller_1.TransactionStatus.confirmed) {
+        return [];
+    }
+    const transactionRecipient = __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_normalizeAddress).call(this, transaction.txParams.to);
+    const swapAndSendRecipient = __classPrivateFieldGet(this, _PhishingController_instances, "m", _PhishingController_normalizeAddress).call(this, transaction.swapAndSendRecipient);
+    return Array.from(new Set([transactionRecipient, swapAndSendRecipient].filter((address) => Boolean(address))));
+}, _PhishingController_normalizeAddress = function _PhishingController_normalizeAddress(address) {
+    if (!address || !(0, controller_utils_1.isValidHexAddress)(address, { allowNonPrefixed: false })) {
+        return null;
+    }
+    return address.toLowerCase();
 }, _PhishingController_updateStalelist = 
 /**
  * Update the stalelist configuration.