feat: blockaid integration

[schmanu]

What it solves

Integrates the BlockAid API for security scanning.

How this PR fixes it

• exchanges redefine for blockaid
• redesigns warning component

How to test it

Do any tx or message signing

TODO

• Better error handling
• Figure out how we handle the prod API key
• (optional): Pass Safe App / Wallet Connect URI as domain field

Screenshots

Checklist

• I've tested the branch on mobile 📱
• I've documented how it affects the analytics (if at all) 📊
• I've written a unit/e2e test for it (if applicable) 🧑‍💻

[github-actions]

Branch preview

✅ Deploy successful!

Website:
https://feat_switch_security_provider--walletweb.review.5afe.dev/home?safe=eth:0xA77DE01e157f9f57C7c4A326eeE9C4874D0598b6

Storybook:
https://feat_switch_security_provider--walletweb.review.5afe.dev/storybook/

[notion-workspace]

Integrate Blockaid Scans

[github-actions]

ESLint Summary View Full Report

Annotations are provided inline on the Files Changed tab. You can also see all annotations that were generated on the annotations page.

Type	Occurrences	Fixable
Errors	0	0
Warnings	0	0
Ignored	0	N/A

• Result: ✅ success
• Annotations: 0 total

---

^{Report generated by eslint-plus-action}

[github-actions]

📦 Next.js Bundle Analysis for safe-wallet-web

This analysis was generated by the Next.js Bundle Analysis action. 🤖

⚠️ Global Bundle Size Increased

Page	Size (compressed)
global	949.6 KB (🟡 +19 B)

Details

The global bundle is the javascript bundle that loads alongside every page. It is in its own category because its impact is much higher - an increase to its size means that every page on your website loads slower, and a decrease means every page loads faster.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

If you want further insight into what is behind the changes, give @next/bundle-analyzer a try!

One Page Changed Size

The following page changed size from the code in this PR compared to its base branch:

Page	Size (compressed)	First Load
/balances	30.64 KB (🟡 +1 B)	980.24 KB

Details

Only the gzipped size is provided here based on an expert tip.

First Load is the size of the global bundle plus the bundle for the individual page. If a user were to show up to your website and land on a given page, the first load size represents the amount of javascript that user would need to download. If next/link is used, subsequent page loads would only need to download that page's bundle (the number in the "Size" column), since the global bundle has already been downloaded.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

Next to the size is how much the size has increased or decreased compared with the base branch of this PR. If this percentage has increased by 20% or more, there will be a red status indicator applied, indicating that special attention should be given to this.

[github-actions]

Coverage report

St.❔	Category	Percentage	Covered / Total
🟡	Statements	78.45% (-0.05% 🔻)	11859/15116
🔴	Branches	59.02% (-0.08% 🔻)	3042/5154
🟡	Functions	65.82% (-0.13% 🔻)	1885/2864
🟡	Lines	79.89% (-0.05% 🔻)	10701/13394

Show new covered files 🐣

St.❔	File	Statements	Branches	Functions	Lines
🟢	... / useBlockaid.ts	100%	100%	100%	100%
🟢	... / index.ts	83.78%	41.18%	50%	83.78%
🔴	... / index.tsx	50.85%	3.45%	8.33%	52.94%
🟢	... / utils.ts	85.71%	100%	100%	100%
🟡	... / BlockaidHint.tsx	50%	100%	0%	66.67%
🟡	... / BlockaidBalanceChange.tsx	66.67%	4.76%	10%	65.85%

Show files with reduced coverage 🔻

St.❔	File	Statements	Branches	Functions	Lines
🟢	... / config.tsx	86.96% (-0.54% 🔻)	100%	100%	100%
🟢	... / SecurityWarnings.tsx	66.67% (-8.33% 🔻)	100%	100%	100%

Test suite run success

1483 tests passing in 203 suites.

Report generated by 🧪jest coverage report action from cc7f22b

[github-actions]

ESLint Summary View Full Report

Annotations are provided inline on the Files Changed tab. You can also see all annotations that were generated on the annotations page.

Type	Occurrences	Fixable
Errors	0	0
Warnings	0	0
Ignored	0	N/A

• Result: ✅ success
• Annotations: 0 total

---

^{Report generated by eslint-plus-action}

[github-actions]

ESLint Summary View Full Report

Annotations are provided inline on the Files Changed tab. You can also see all annotations that were generated on the annotations page.

Type	Occurrences	Fixable
Errors	0	0
Warnings	0	0
Ignored	0	N/A

• Result: ✅ success
• Annotations: 0 total

---

^{Report generated by eslint-plus-action}

[katspaugh]

Some unit tests are failing but we can already send this to QA.

[schmanu]

Some unit tests are failing but we can already send this to QA.

They are not really failing. The job just fails when trying to publish results -.- but the test cases all pass.

[katspaugh]

This var has to be added to the build.yml action too.

[francovenica]

I tried using the tool provided and tried to trigger some transactions, but all of them would show this message (bening and malicious ones the same)

It seems that the validation of the tx is failing, thus not being able to tell you if the tx is malicious or not.

I got the message to show up once when the SDK initialialize correctly, but I'd assume this is a mistake because the message seems to be there by default as soon as the tx pop's up and then it should be updated depending on if the tx is malicious or not, so I think in this particular case the message simply didn't update

Also I don't think the message should be green if the tx is malicious

[schmanu]

@francovenica could you share what those transactions did?
I cannot reproduce any of those cases :/

[francovenica]

I used the tool you shsared with Lily https://examples.blockaid.io/. Every malicious tx would show what I reported in my comment

[schmanu]

I used the tool you shsared with Lily https://examples.blockaid.io/. Every malicious tx would show what I reported in my comment

@francovenica And the last case where it says "Transaction is malicious" in the success color? Do you remember how that happened?

[katspaugh]

Blocked on BlockAid's side due to some errors (we reached out for help).

[github-actions]

ESLint Summary View Full Report

Annotations are provided inline on the Files Changed tab. You can also see all annotations that were generated on the annotations page.

Type	Occurrences	Fixable
Errors	0	0
Warnings	0	0
Ignored	0	N/A

• Result: ✅ success
• Annotations: 0 total

---

^{Report generated by eslint-plus-action}

[francovenica]

@schmanu I never got to see it twice. There was that SDK error that happened once and the green message just popped.
I tested several times after and it seems that there is a split second that the green text shows up, like if it is loaded by default, and then is covered by the "could not check" warning message

[liliya-soroka]

approved internally together with @kirkkonen

[github-actions]

ESLint Summary View Full Report

Annotations are provided inline on the Files Changed tab. You can also see all annotations that were generated on the annotations page.

Type	Occurrences	Fixable
Errors	0	0
Warnings	0	0
Ignored	0	N/A

• Result: ✅ success
• Annotations: 0 total

---

^{Report generated by eslint-plus-action}