Skip to content

feat: add warning regarding smart contract wallet usage #123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

feat: add warning regarding smart contract wallet usage #123

wants to merge 5 commits into from

Conversation

kyrers
Copy link
Contributor

@kyrers kyrers commented Aug 23, 2025
edited by coderabbitai bot
Loading

PR-Codex overview

This PR introduces a new component called SmartContractWalletWarning to alert users when they are using a smart contract wallet. It includes styling for the warning and logic to determine if the connected wallet is a smart contract wallet.

Detailed summary

  • Added SmartContractWalletWarning component in src/components/sc-wallet-warning/index.js.
  • Implemented logic to check if the wallet is a smart contract wallet.
  • Included state management for showing or hiding the warning.
  • Styled the warning in src/components/sc-wallet-warning/sc-wallet-warning.scss.
  • Integrated the warning component in src/bootstrap/app.js.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

  • New Features

    • Added a header warning banner that notifies users when connected with a smart contract wallet; includes a "Learn more" link and a dismiss control persisted per account and respected across sessions and account changes.

  • Style

    • Added a top-fixed, full-width warning banner with pale yellow background, left accent border, subtle shadow, bold text, and a compact close button with hover state.

@kyrers kyrers self-assigned this Aug 23, 2025
@netlify Netlify
Copy link

netlify bot commented Aug 23, 2025
edited
Loading

Deploy Preview for escrow ready!

Name Link
🔨 Latest commit 05bb42a
🔍 Latest deploy log https://app.netlify.com/projects/escrow/deploys/68af584dfe33ec0008821c88
😎 Deploy Preview https://deploy-preview-123--escrow.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Aug 23, 2025
edited
Loading

Walkthrough

Adds a dismissible SmartContractWalletWarning React component mounted in the app header that detects smart-contract wallets via web3.eth.getCode(account) (with an EIP7702 prefix check), persists dismissal per-account in localStorage, and includes new CSS/SCSS for a fixed top warning banner. No exported API signature changes.

Changes

Cohort / File(s) Summary
Header integration
src/bootstrap/app.js		 Imports SmartContractWalletWarning and renders it in the Main header before the header logo; minor whitespace changes.
Warning component logic
src/components/sc-wallet-warning/index.js		 New default-exported React component using useWeb3React and web3.eth.getCode(account) to detect smart-contract wallets. Implements EIP7702 prefix check (0xef0100) when interpreting bytecode. Persists dismissal per-account to localStorage under keys derived from @kleros/escrow/alert/smart-contract-wallet-warning:<account>. Handles getCode errors by logging and treating the account as non-smart-contract. Dismissible via an "X" button; effect runs on account/library changes.
Styling for warning banner
src/components/sc-wallet-warning/sc-wallet-warning.css, src/components/sc-wallet-warning/sc-wallet-warning.scss		 New styles for a fixed top, full-width warning bar with pale-yellow background, left accent border, bold 14px text, compact dismiss button and hover state.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant App as App/Header
  participant SCW as SmartContractWalletWarning
  participant Web3 as web3.eth
  participant LS as localStorage
  participant User

  App->>SCW: Mount component in header
  SCW->>LS: Read "@kleros/escrow/alert/smart-contract-wallet-warning:<account>"
  alt no stored value
    SCW->>SCW: showWarning = true
  else stored value
    SCW->>SCW: showWarning = parsed stored value (boolean)
  end

  Note over SCW,Web3: On account/library change or mount
  SCW->>Web3: getCode(account)
  Web3-->>SCW: bytecode (e.g., 0x... or 0x)
  SCW->>SCW: isEip7702Eoa = bytecode.toLowerCase().startsWith("0xef0100")
  alt bytecode == "0x" or isEip7702Eoa
    SCW->>SCW: isSmartContractWallet = false
    SCW-->>App: Render nothing
  else
    SCW->>SCW: isSmartContractWallet = true
    SCW-->>App: Render top warning banner
  end

  User-->>SCW: Click dismiss (X)
  SCW->>SCW: showWarning = false
  SCW->>LS: Set "@kleros/escrow/alert/smart-contract-wallet-warning:<account>" = false
  SCW-->>App: Hide banner
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

I nibble code and sniff the chain,
A pale-yellow banner warns in vain.
Tap the X, I stash the caution away,
Per-account burrowed for another day.
Hops and bytes — I guard your pathway. 🥕🐇

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch feat/sc-wallet-warning
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot requested changes Aug 23, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Nitpick comments (5)
src/components/sc-wallet-warning/sc-wallet-warning.css (2)

1-17: Fixed banner may overlap header/content; reserve vertical space or move component outside header.

Because the banner is position: fixed; top: 0; and inserted inside <header>, it can visually overlap the header/logo or the page’s first content. Consider either:

  • Rendering the banner just inside .App and before <header>; or
  • Reserving space when visible (e.g., add top padding to main/body equal to the banner height).

If you keep it fixed, adding a spacer when visible avoids layout shift and overlap.

Also applies to: 19-23

24-31: Improve close button usability and accessibility.

  • Increase hit area for touch (recommended 32–44px).
  • Add focus-visible styles for keyboard users.
  • Ensure sufficient color contrast on default and hover states.

Example CSS tweaks:

 .sc-wallet-warning button {
   background: transparent;
   border: none;
   cursor: pointer;
-  color: rgba(0, 0, 0, 0.45);
-  font-size: 16px;
-  line-height: 1;
-  padding: 0 4px;
+  color: rgba(0, 0, 0, 0.65);
+  font-size: 16px;
+  line-height: 1;
+  width: 32px;
+  height: 32px;
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  padding: 0;
+  border-radius: 4px;
 }
 
 .sc-wallet-warning button:hover {
-  color: rgba(0, 0, 0, 0.75);
+  color: rgba(0, 0, 0, 0.85);
+}
+
+.sc-wallet-warning button:focus-visible {
+  outline: 2px solid #2f54eb;
+  outline-offset: 2px;
 }

Also applies to: 33-34

src/bootstrap/app.js (1)

71-72: Consider rendering the banner outside <header> to avoid stacking/layout issues.

Placing a fixed banner inside the header can interfere with header layout and z-index. Rendering it just inside .App and before <header> is often safer:

 function Main({ children }) {
   return (
     <div className="App">
-      <header className="header">
-        <SmartContractWalletWarning />
+      <SmartContractWalletWarning />
+      <header className="header">
src/components/sc-wallet-warning/index.js (2)

27-30: Persist booleans as JSON and handle storage errors.

Store a string via JSON.stringify(false) and wrap in try/catch to avoid QUOTA/Privacy errors.

   const handleClose = () => {
     setShowWarning(false);
-    localStorage.setItem(storageKey, false);
+    try {
+      localStorage.setItem(storageKey, JSON.stringify(false));
+    } catch {}
   }

33-37: A11y: add role and labels; improve semantics of the dismiss control.

Give the container role="alert" (or aria-live="polite") and the button an accessible name plus type.

-  return (
-    <div className="sc-wallet-warning">
-      <p>You are using a smart contract wallet. This is not recommended.</p>
-      <button onClick={handleClose}>X</button>
-    </div>
-  );
+  return (
+    <div className="sc-wallet-warning" role="alert" aria-live="polite">
+      <p>You are using a smart contract wallet. This is not recommended.</p>
+      <button
+        type="button"
+        aria-label="Dismiss smart contract wallet warning"
+        onClick={handleClose}
+      >
+        ×
+      </button>
+    </div>
+  );
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f03b4d2 and bd2b544.

📒 Files selected for processing (4)
  • src/bootstrap/app.js (2 hunks)
  • src/components/sc-wallet-warning/index.js (1 hunks)
  • src/components/sc-wallet-warning/sc-wallet-warning.css (1 hunks)
  • src/components/sc-wallet-warning/sc-wallet-warning.scss (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (2)
src/bootstrap/app.js (1)
src/components/sc-wallet-warning/index.js (1)
  • SmartContractWalletWarning (8-38)
src/components/sc-wallet-warning/index.js (1)
src/bootstrap/dapp-api.js (1)
  • web3 (12-12)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: Redirect rules - escrow
  • GitHub Check: Header rules - escrow
  • GitHub Check: Pages changed - escrow
🔇 Additional comments (1)
src/bootstrap/app.js (1)

17-17: Import location is fine; ensure the component does not rely on a different Web3 instance.

Given Web3ReactProvider supplies a Web3 instance via context, prefer using that inside the warning component instead of importing a separate web3 from dapp-api to avoid provider mismatches.

coderabbitai[bot]
coderabbitai bot previously approved these changes Aug 23, 2025
View reviewed changes
coderabbitai[bot]
coderabbitai bot previously approved these changes Aug 25, 2025
View reviewed changes
jaybuidl
jaybuidl previously approved these changes Aug 27, 2025
View reviewed changes
@kyrers kyrers dismissed stale reviews from jaybuidl and coderabbitai[bot] via 746e604 August 27, 2025 18:55
coderabbitai[bot]
coderabbitai bot requested changes Aug 27, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (3)
src/components/sc-wallet-warning/index.js (3)

3-3: Replace static web3 with the active provider (library).

Using a static web3 can desync from the user’s wallet/provider.

Apply:

-import { web3 } from '../../bootstrap/dapp-api';

10-10: Plumb library from Web3React.

Needed to call eth.getCode on the active provider.

-  const { account } = useWeb3React();
+  const { account, library } = useWeb3React();

40-49: Harden the effect: require library, add it to deps.

Prevents calls before provider is ready and reacts to provider changes.

-  useEffect(() => {
-    if (!account) {
+  useEffect(() => {
+    if (!account || !library) {
       setIsSmartContractWallet(false)
       return;
     }
 
     updateAccountWarningDismissalState(account);
     checkIfSmartContractWallet(account);
-  }, [account]);
+  }, [account, library]);
🧹 Nitpick comments (2)
src/components/sc-wallet-warning/index.js (2)

14-25: Normalize storage key by address casing and stringify booleans; wrap setItem in try/catch.

Avoid duplicate keys due to checksum casing and guard against storage errors.

   const updateAccountWarningDismissalState = (account) => {
     try {
-      const storedValue = localStorage.getItem(`${STORAGE_KEY}:${account}`)
+      const key = `${STORAGE_KEY}:${String(account).toLowerCase()}`
+      const storedValue = localStorage.getItem(key)
       if (storedValue === null) {
         setShowWarning(true)
       } else {
         setShowWarning(JSON.parse(storedValue))
       }
     } catch {
       setShowWarning(true)
     }
   }
@@
   const handleClose = () => {
     setShowWarning(false);
-    localStorage.setItem(`${STORAGE_KEY}:${account}`, false);
+    const key = `${STORAGE_KEY}:${String(account).toLowerCase()}`
+    try {
+      localStorage.setItem(key, JSON.stringify(false));
+    } catch {}
   }

Also applies to: 54-57

59-73: A11y: add role/aria-live and a labeled close button.

Improves screen-reader UX and prevents form-submit side effects.

-    <div className="sc-wallet-warning">
+    <div className="sc-wallet-warning" role="alert" aria-live="polite">
@@
-      <button onClick={handleClose}>X</button>
+      <button type="button" onClick={handleClose} aria-label="Dismiss smart contract wallet warning">×</button>
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 3b9d63f and 746e604.

📒 Files selected for processing (1)
  • src/components/sc-wallet-warning/index.js (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
src/components/sc-wallet-warning/index.js (1)
src/bootstrap/dapp-api.js (1)
  • web3 (12-12)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: Redirect rules - escrow
  • GitHub Check: Header rules - escrow
  • GitHub Check: Pages changed - escrow
🔇 Additional comments (2)
src/components/sc-wallet-warning/index.js (2)

4-4: Confirmed stylesheet import is correct

The file src/components/sc-wallet-warning/sc-wallet-warning.css exists alongside its SCSS source, so the import in index.js is valid.

6-6: EIP-7702 prefix constant confirmed

  • Per the EIP-7702 specification, each delegation indicator is defined as the fixed byte sequence 0xef0100 followed by the 20-byte target address (0xef0100 || address) (eips.ethereum.org).
  • In practice, calls to eth_getCode on upgraded EOAs consistently return values beginning with 0xef0100, confirming this prefix is both canonical and stable (netbasal.medium.com).

No changes needed—0xef0100 is the correct discriminator for EOA-with-7702 code.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

coderabbitai[bot]
coderabbitai bot reviewed Aug 27, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (2)
src/components/sc-wallet-warning/index.js (2)

39-47: Harden the effect against races and RPC failures.

Guarding for missing account/library is good. Consider cancellation to avoid setState after unmount/account switch, and add a .catch path surfaced to the user (e.g., log once or telemetry). No diff provided to keep the change minimal with your current structure.

26-37: Fix SC wallet detection: normalize code, handle empty variants, and support both ethers/web3 providers.

Currently compares against raw code and only checks '0x', which can misclassify ('0x0', '0x00'). Also hard-codes web3.js API. Refactor as below.

-  const checkIfSmartContractWallet = (account, library) => {
-    library.eth.getCode(account).then((code) => {
-      const formattedCode = code.toLowerCase()
-      const isEip7702Eoa = formattedCode.startsWith(EIP7702_PREFIX)
-
-      //Do not show warning for EIP-7702 EOAs
-      setIsSmartContractWallet(code !== '0x' && !isEip7702Eoa)
-    }).catch((error) => {
-      console.error('Error checking smart contract wallet', error)
-      setIsSmartContractWallet(false)
-    });
-  }
+  const checkIfSmartContractWallet = (account, library) => {
+    if (!account || !library) {
+      setIsSmartContractWallet(false);
+      return;
+    }
+    const getCode =
+      typeof library?.getCode === 'function'
+        ? library.getCode.bind(library)              // ethers.js
+        : library?.eth?.getCode?.bind(library.eth);  // web3.js
+    if (!getCode) {
+      console.warn('Provider does not support getCode');
+      setIsSmartContractWallet(false);
+      return;
+    }
+    getCode(account)
+      .then((code) => {
+        const normalized = ((code ?? '0x') + '').toLowerCase();
+        const isEip7702Eoa = normalized.startsWith(EIP7702_PREFIX);
+        const isEmpty = normalized === '0x' || normalized === '0x0' || normalized === '0x00';
+        // Do not show warning for EOAs or EIP-7702-authorized EOAs
+        setIsSmartContractWallet(!isEmpty && !isEip7702Eoa);
+      })
+      .catch((error) => {
+        console.error('Error checking smart contract wallet', error);
+        setIsSmartContractWallet(false);
+      });
+  }
🧹 Nitpick comments (2)
src/components/sc-wallet-warning/index.js (2)

53-56: Persist a stringified boolean and guard storage errors.

localStorage.setItem coerces to string implicitly; use JSON.stringify(false) for consistency with the read path and wrap in try/catch.

   const handleClose = () => {
     setShowWarning(false);
-    localStorage.setItem(`${STORAGE_KEY}:${account}`, false);
+    try {
+      if (account) {
+        localStorage.setItem(`${STORAGE_KEY}:${account}`, JSON.stringify(false));
+      }
+    } catch {
+      // ignore storage errors
+    }
   }

58-71: Improve accessibility of the banner and close button.

Add role="alert" and aria-live, and label the close button for screen readers.

-    <div className="sc-wallet-warning">
+    <div className="sc-wallet-warning" role="alert" aria-live="polite">
       <p>
         You are using a smart contract wallet. This is not recommended.{" "}
         <a
           href="https://docs.kleros.io/kleros-faq#can-i-use-a-smart-contract-account-to-stake-in-the-court"
           target="_blank"
           rel="noopener noreferrer"
         >
           Learn more.
         </a>
       </p>
-      <button onClick={handleClose}>X</button>
+      <button type="button" onClick={handleClose} aria-label="Dismiss smart contract wallet warning">×</button>
     </div>
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 746e604 and 05bb42a.

📒 Files selected for processing (1)
  • src/components/sc-wallet-warning/index.js (1 hunks)
🔇 Additional comments (3)
src/components/sc-wallet-warning/index.js (3)

13-24: LocalStorage read path looks solid.

Null-safe read + JSON.parse with try/catch is correct for booleans.

49-51: Render guard is correct.

Early-return when hidden or not a SC wallet keeps the DOM clean.

9-10: Smart contract wallet detection is correct with the current Web3 provider

The application’s getLibrary implementation in src/bootstrap/app.js explicitly returns a Web3.js instance (new Web3(provider)), so library.eth.getCode is defined and will work as expected. No changes to the SC-wallet warning component are needed at this time.

– You can remove the verification note; if the provider strategy ever changes to Ethers.js in the future, the detection logic should be revisited.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

@jaybuidl jaybuidl jaybuidl left review comments

Assignees

@kyrers kyrers

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kyrers @jaybuidl