Prevent send-to-self for EVM assets#6026
Open
j0ntz wants to merge 1 commit into
Open
Conversation
Reject an entered/pasted/scanned address in the Send flow when it matches the sending wallet's own receive address, scoped to EVM wallets (single static address per wallet, so a self-send is always a mistake). Cross-wallet self transfer to a different wallet of the same asset is unaffected. Consolidate the duplicated isEvmWallet helper into CurrencyInfoHelpers.
Contributor
Author
📸 Test evidence (iOS, EVM Fantom wallet)agent proof 1213742694496279 01 own receive address
agent proof 1213742694496279 02 send to self error
Captured by the agent's in-app test run (build-and-test). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CHANGELOG
Does this branch warrant an entry to the CHANGELOG?
Dependencies
none
Requirements
If you have made any visual changes to the GUI. Make sure you have:
Description
Asana: https://app.asana.com/0/1215088146871429/1213742694496279
Previously a user could paste their own wallet's receive address into the Send
flow and successfully send to themselves. For EVM assets this is always a
mistake (a single static address per wallet across all EVM chains).
This rejects an entered/pasted/scanned address in the Send flow when it matches
the sending wallet's own receive address, scoped to EVM wallets, surfacing the
error "You cannot send to the same wallet" instead of allowing the send.
AddressTile2.changeAddress, right after the URI is parsed— the single choke point every entered address passes through (used only by
SendScene2). It comparesparsedUri.publicAddressagainstgetReceiveAddress({ tokenId: null })case-insensitively (EVM addresses arechecksummed hex).
(
handleSelfTransfer, which excludes the current wallet) is unaffected.stays legal).
isEvmWallethelper (previously copied inSendScene2andPendingTxModal) is consolidated intoCurrencyInfoHelpers.Verified in-app on the iOS simulator with an EVM (Fantom) wallet: entering the
wallet's own address shows the error and leaves the recipient empty, while a
different address is accepted and advances to the amount entry. See the attached
screenshots.
Note
Low Risk
Send-path validation only for EVM wallets; no auth or payment logic changes, and behavior is limited to rejecting own-address recipients.
Overview
Blocks EVM send flows when the parsed recipient is the same wallet’s own receive address (paste, scan, or manual entry), since one static address is shared across EVM chains and self-sends are almost always user error.
The check runs in
AddressTile2immediately after URI parsing: for EVM wallets it comparesparsedUri.publicAddresstogetReceiveAddress({ tokenId: null })case-insensitively and showssend_to_self_error_messageinstead of accepting the address. Cross-wallet “Myself” transfers and non-EVM sends are unchanged.isEvmWallet(WalletConnecteip155namespace) is moved intoCurrencyInfoHelpersand reused fromSendScene2andPendingTxModal, removing duplicated helpers.Reviewed by Cursor Bugbot for commit 15ac90a. Bugbot is set up for automated code reviews on this repo. Configure here.