Feature/token allowlist #1115
Feature/token allowlist #1115
Conversation
piyalbasu
commented
Feb 14, 2024
•
piyalbasu
commented
|
New dependencies detected. Learn more about Socket for GitHub ↗︎
|
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is network access?This module accesses the network. Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
| type="button" | ||
| data-testid="ManageAssetRowButton" | ||
| > | ||
| {isTrustlineActive ? ( |
There was a problem hiding this comment.
Should this still be isTrustlineActive || isContract?
There was a problem hiding this comment.
Ah, good callout. I actually refactored isTrustlineActive up above to include all assets in balances (classic or token) and tokensWithNoBalance, so this should cover all asset/tokens a user has associated with their account. (at least in my testing it does 😬 )
| <div className="UnverifiedTokenWarning__description__icon"> | ||
| <Icon.VerifiedUser /> | ||
| </div> | ||
| <div className="UnverifiedTokenWarning__description__text"> |
There was a problem hiding this comment.
Would we show this even when adding a Soroban token? My thought here is that they don't have trustlines so maybe this inly belongs on classic assets or SACs?
There was a problem hiding this comment.
Yup, we would show this if a user is adding a contract ID that doesn't appear on this list:
https://api.stellar.expert/explorer/testnet/asset-list/top50
So we just flag that a user is adding a contract ID that has not been vetted
Lmk if that answers your question!
There was a problem hiding this comment.
Sounds good. I was mainly curious if the badge could be confused with the concept of having a trustline to a classic asset. As in this case we're "trusting" the asset by means of it being on the list which is different than having a trust line on the classic asset side.
# Conflicts: # extension/src/popup/components/WarningMessages/index.tsx
* refactors set allowed flow for new preview designs * adds Tabs component and first pass at summary preview tab * first pass at preview detail tab * first pass at data tab * Added translations * adds auth review route and component, wip auth review details * organizes auth review details, adds auth review signing, adds account selection back * Added translations * adds warnings back, updates warning style and tweaks dimensions to fit window * adds warnings back, updates warning style and tweaks dimensions to fit window * refactors invocation tree renderer to display key vals instead of tree * Added translations * cleans up dupe import * accounts for FeeBump tx, and account verification * tweak warning modal container styles * replaces missing icons, tweaks grant domain overflow, cleans up unused imports * fixes import order in preview tabs, adds memo into summary * removes unused TransactionInfo component, uses pubkey KeyVal in some missing spots, adds better predicate renderer for claimants * Added translations * use correct logic to step through auth entry review * show root invocation in details instead of stacked auth entry invocations * Feature/token allowlist (#1115) * adding warning message to unverified tokens * Added translations * don't error on Freighter BE sending malformed response * fix issue removing token with no balance (#1117) * updates copy on GrantAccess and auth entry continue button * Bugfix/add verified warnings (#1119) * add verified warnings and update copy * Added translations * Added translations * update border color for default warning * small style update --------- Co-authored-by: Aristides Staffieri <aristides.staffieri@stellar.org>
