From 4b2cc67168d0099ab9f96a1e9d7c48dfd6af2b9e Mon Sep 17 00:00:00 2001
From: Taconut <alex@alexhulbert.com>
Date: Fri, 16 Mar 2018 20:30:36 -0400
Subject: [PATCH 1/2] Blocked people from sending to addresses listed in
 CityOfZion/phishing (fixes #878)

---
 app/components/Modals/SendModal/SendModal.jsx | 32 +++++++++++--------
 app/core/wallet.js                            | 13 ++++++++
 package.json                                  |  1 +
 yarn.lock                                     |  4 +++
 4 files changed, 37 insertions(+), 13 deletions(-)

diff --git a/app/components/Modals/SendModal/SendModal.jsx b/app/components/Modals/SendModal/SendModal.jsx
index abcf0e31b..5fca298b0 100644
--- a/app/components/Modals/SendModal/SendModal.jsx
+++ b/app/components/Modals/SendModal/SendModal.jsx
@@ -7,7 +7,7 @@ import AddRecipientDisplay from './AddRecipientDisplay'
 import ConfirmDisplay from './ConfirmDisplay'
 import withAddressCheck from './withAddressCheck'
 
-import { validateTransactionBeforeSending, getTokenBalancesMap } from '../../../core/wallet'
+import { validateTransactionBeforeSending, getTokenBalancesMap, isInBlacklist } from '../../../core/wallet'
 import { ASSETS } from '../../../core/constants'
 import { toBigNumber } from '../../../core/math'
 
@@ -110,19 +110,25 @@ export default class SendModal extends Component<Props, State> {
   handleConfirmAddRecipient = (entry: SendEntryType) => {
     const { showErrorNotification } = this.props
     const { balances } = this.state
-    const error = validateTransactionBeforeSending(balances[entry.symbol], entry)
 
-    if (error) {
-      showErrorNotification({ message: error })
-    } else {
-      const newBalance = toBigNumber(balances[entry.symbol]).minus(entry.amount).toString()
-
-      this.setState({
-        entries: [...this.state.entries, entry],
-        balances: { ...balances, [entry.symbol]: newBalance },
-        display: DISPLAY_MODES.CONFIRM
-      })
-    }
+    isInBlacklist(entry.address).then(inBlacklist => {
+      if (inBlacklist) {
+        showErrorNotification({ message: 'You have attempted enter a phishing address.' })
+      } else {
+        const error = validateTransactionBeforeSending(balances[entry.symbol], entry)
+        if (error) {
+          showErrorNotification({ message: error })
+        } else {
+          const newBalance = toBigNumber(balances[entry.symbol]).minus(entry.amount).toString()
+
+          this.setState({
+            entries: [...this.state.entries, entry],
+            balances: { ...balances, [entry.symbol]: newBalance },
+            display: DISPLAY_MODES.CONFIRM
+          })
+        }
+      }
+    })
   }
 
   handleCancelAddRecipient = () => {
diff --git a/app/core/wallet.js b/app/core/wallet.js
index 352e3ae11..86c3205ef 100644
--- a/app/core/wallet.js
+++ b/app/core/wallet.js
@@ -1,12 +1,25 @@
 // @flow
 import { wallet } from 'neon-js'
 import { map, extend } from 'lodash'
+import fetch from 'node-fetch'
 
 import { ASSETS } from './constants'
 import { toBigNumber } from './math'
 
 const MIN_PASSPHRASE_LEN = 4
 
+let addressBlacklist: Array<string> | null = null
+export const isInBlacklist = (address: string): Promise<boolean> => {
+  if (addressBlacklist !== null) return Promise.resolve(addressBlacklist.includes(address))
+  return fetch('https://raw.githubusercontent.com/CityOfZion/phishing/master/blockedAddresses.json')
+    .catch(() => false)
+    .then(res => res.json())
+    .then(blacklist => {
+      addressBlacklist = blacklist
+      return blacklist.includes(address)
+    })
+}
+
 export const validatePassphraseLength = (passphrase: string): boolean =>
   passphrase.length >= MIN_PASSPHRASE_LEN
 
diff --git a/package.json b/package.json
index 65781ed03..3938284a7 100644
--- a/package.json
+++ b/package.json
@@ -81,6 +81,7 @@
     "isomorphic-fetch": "2.2.1",
     "lodash": "4.17.4",
     "neon-js": "git+https://github.com/cityofzion/neon-js.git#3.3.3",
+    "node-fetch": "^2.1.1",
     "qrcode": "0.9.0",
     "raf": "3.4.0",
     "react": "16.1.1",
diff --git a/yarn.lock b/yarn.lock
index 97d3d9f69..3a10fc833 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -6598,6 +6598,10 @@ node-fetch@^1.0.1:
     encoding "^0.1.11"
     is-stream "^1.0.1"
 
+node-fetch@^2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.1.1.tgz#369ca70b82f50c86496104a6c776d274f4e4a2d4"
+
 node-forge@0.7.1:
   version "0.7.1"
   resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.7.1.tgz#9da611ea08982f4b94206b3beb4cc9665f20c300"

From f52e5828a0d6d515aeae4e76b112afaa0afce4a9 Mon Sep 17 00:00:00 2001
From: Taconut <alex@alexhulbert.com>
Date: Sat, 17 Mar 2018 00:41:03 -0400
Subject: [PATCH 2/2] Modified phishing detection method to use
 axios/async/await instead of node-fetch/promises

---
 app/core/wallet.js | 17 +++++++----------
 package.json       |  1 -
 yarn.lock          |  4 ----
 3 files changed, 7 insertions(+), 15 deletions(-)

diff --git a/app/core/wallet.js b/app/core/wallet.js
index 86c3205ef..a93c2d487 100644
--- a/app/core/wallet.js
+++ b/app/core/wallet.js
@@ -1,7 +1,7 @@
 // @flow
 import { wallet } from 'neon-js'
 import { map, extend } from 'lodash'
-import fetch from 'node-fetch'
+import axios from 'axios'
 
 import { ASSETS } from './constants'
 import { toBigNumber } from './math'
@@ -9,15 +9,12 @@ import { toBigNumber } from './math'
 const MIN_PASSPHRASE_LEN = 4
 
 let addressBlacklist: Array<string> | null = null
-export const isInBlacklist = (address: string): Promise<boolean> => {
-  if (addressBlacklist !== null) return Promise.resolve(addressBlacklist.includes(address))
-  return fetch('https://raw.githubusercontent.com/CityOfZion/phishing/master/blockedAddresses.json')
-    .catch(() => false)
-    .then(res => res.json())
-    .then(blacklist => {
-      addressBlacklist = blacklist
-      return blacklist.includes(address)
-    })
+export const isInBlacklist = async (address: string): Promise<boolean> => {
+  if (addressBlacklist === null) {
+    const { data } = await axios.get('https://raw.githubusercontent.com/CityOfZion/phishing/master/blockedAddresses.json')
+    addressBlacklist = data
+  }
+  return addressBlacklist.includes(address)
 }
 
 export const validatePassphraseLength = (passphrase: string): boolean =>
diff --git a/package.json b/package.json
index 3938284a7..65781ed03 100644
--- a/package.json
+++ b/package.json
@@ -81,7 +81,6 @@
     "isomorphic-fetch": "2.2.1",
     "lodash": "4.17.4",
     "neon-js": "git+https://github.com/cityofzion/neon-js.git#3.3.3",
-    "node-fetch": "^2.1.1",
     "qrcode": "0.9.0",
     "raf": "3.4.0",
     "react": "16.1.1",
diff --git a/yarn.lock b/yarn.lock
index 3a10fc833..97d3d9f69 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -6598,10 +6598,6 @@ node-fetch@^1.0.1:
     encoding "^0.1.11"
     is-stream "^1.0.1"
 
-node-fetch@^2.1.1:
-  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.1.1.tgz#369ca70b82f50c86496104a6c776d274f4e4a2d4"
-
 node-forge@0.7.1:
   version "0.7.1"
   resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.7.1.tgz#9da611ea08982f4b94206b3beb4cc9665f20c300"