List view
# Overview This is the main issue which will serve as `overview` and `context` for all the `subtasks`. Blockaid is a third-party security service integrated into Freighter to scan and verify domains, assets, and transactions for malicious behavior. The integration is comprehensive and covers multiple security aspects of the wallet. We'll be using `extension`'s implementation as reference to port it over to the `mobile wallet`. Since this is a big feature we'll split it into multiple subtasks by existing flows (features) so we can tackle them gradually. Please get in touch with `Aristides` to understand how Blockaid works on the extension to get more context before starting those subtasks. Thread with some [info here](https://stellarfoundation.slack.com/archives/C03347FNAHK/p1750460504657759). # Core Integration Points ## 1. API Endpoints and Infrastructure - **Base URL**: - Uses `INDEXER_URL` environment variable pointing to the backend service - **API Endpoints**: - `/scan-dapp` - Domain/website scanning - `/scan-tx` - Transaction scanning - `/scan-asset` - Individual asset scanning - `/scan-asset-bulk` - Bulk asset scanning - `/report-asset-warning` - Report asset warnings - `/report-transaction-warning` - Report transaction warnings - **Deepwiki**: - https://deepwiki.com/stellar/freighter-backend/4-blockaid-integration - https://deepwiki.com/stellar/freighter-backend/4.1-asset-scanning - https://deepwiki.com/stellar/freighter-backend/4.2-transaction-scanning - **Blockaid Client**: - Uses `@blockaid/[email protected]` as a dependency - **Blockaid API docs**: - https://docs.blockaid.io/reference/openapi-schema ## 2. Data Types and Structures ```typescript // Core Blockaid result types type BlockAidScanAssetResult = Blockaid.TokenScanResponse; type BlockAidScanSiteResult = Blockaid.SiteScanResponse; type BlockAidScanTxResult = Blockaid.StellarTransactionScanResponse & { request_id: string }; type BlockAidBulkScanAssetResult = Blockaid.TokenBulkScanResponse; ``` ## 3. Metrics and Analytics **Location**: `extension/src/popup/constants/metricsNames.ts` ```typescript blockaidDomainScan: "blockaid: scanned domain", blockaidTxScan: "blockaid: scanned transaction", blockaidAssetScan: "blockaid: scanned asset", ``` ## 4. Network Restrictions **Important**: Blockaid scanning is **only enabled on Mainnet**: - Custom networks are not supported - Testnet transactions are not scanned - Only mainnet assets are scanned for suspicious activity # Integration Points by Feature ## 1. [Grant Access Flow](https://github.com/stellar/freighter-mobile/issues/206) **Files**: - `extension/src/popup/views/GrantAccess/index.tsx` - `extension/src/popup/views/GrantAccess/hooks/useGetGrantAccessData.ts` **Blockaid Usage**: - Scans the requesting domain for malicious behavior - Shows site scan results before allowing connection - Blocks connections to malicious domains ## 2. [Sign Transaction Flow](https://github.com/stellar/freighter-mobile/issues/207) **Files**: - `extension/src/popup/views/SignTransaction/index.tsx` - `extension/src/popup/views/SignTransaction/hooks/useGetSignTxData.tsx` **Blockaid Usage**: - Scans external transaction requests before signing - Shows transaction warnings in the signing interface - Validates transaction simulation results ## 3. [Add Asset Flow](https://github.com/stellar/freighter-mobile/issues/159) **Files**: - `extension/src/popup/views/AddToken/index.tsx` - `extension/src/popup/components/manageAssets/SearchAsset/hooks/useAssetLookup.ts` **Blockaid Usage**: - Scans assets when users search for new tokens to add - Shows warnings for suspicious assets during the add token process - Integrates with asset verification lists - Displays Blockaid warnings in the add token confirmation modal ## 4. [Send Flow](https://github.com/stellar/freighter-mobile/issues/208) **Files**: - `extension/src/popup/views/SendPayment/index.tsx` - `extension/src/popup/components/sendPayment/SendConfirm/TransactionDetails/` **Blockaid Usage**: - Scans the asset being sent for suspicious activity - Scans the transaction before confirmation - Shows warnings in the confirmation screen - Blocks malicious transactions ## 5. [Swap Flow](https://github.com/stellar/freighter-mobile/issues/209) **Files**: - `extension/src/popup/views/Swap/index.tsx` - `extension/src/popup/components/sendPayment/SendConfirm/TransactionDetails/` **Blockaid Usage**: - Scans the assets being swapped for suspicious activity - Scans the swap transaction before confirmation - Shows warnings in the swap confirmation screen - Blocks malicious swap transactions - Uses the same transaction scanning as the send payment flow since swaps use the same confirmation component ## 6. [Search Asset Flow](https://github.com/stellar/freighter-mobile/issues/210) **Files**: - `extension/src/popup/components/manageAssets/SearchAsset/hooks/useAssetLookup.ts` - `extension/src/popup/components/manageAssets/SearchAsset/index.tsx` **Blockaid Usage**: - Scans assets when users search for assets to add to their wallet - Shows warnings for suspicious assets in search results - Integrates with asset verification lists - Displays Blockaid warnings for both verified and unverified assets - Bulk scans multiple assets for efficiency when displaying search results ## 7. [Account Balances](https://github.com/stellar/freighter-mobile/issues/211) **Files**: - `@shared/helpers/stellar.ts` - `makeDisplayableBalances()` **Blockaid Usage**: - Bulk scans all account assets on mainnet - Integrates scan results into balance display - Shows warnings for suspicious assets in account view
Due by July 28, 2025•0/7 issues closed- Due by August 31, 2025•2/5 issues closed
- Due by August 1, 2025•26/32 issues closed