Description:
I was made aware of a couple of instances where a user lost funds because they sent a transaction to an address which is not a contract.
This usually happens when MetaMask is connected to a different network than the user expected. Take this tx (txHash 0x02334917f5b45f2dc0c2e84fd7593bbd0b8701705b447c289edbaa2b99e58570 on blast) for example. The user clearly wanted to wrap some ETH on mainnet (judging by the calldata and to address). However, they sent the request on Blast where no contract is actually deployed on that address.
This is primarily a concern for transactions which send native ETH. If you don’t send ETH the worst that could happen is that you waste a bunch of money on gas. But if you send ETH (e.g. for wrapping it) the transaction will not revert, not do anything useful but still take and lose your ETH in the process.
A very simple way to protect against this is to first check if there is even a contract deployed at that address for transactions that contain calldata and warn when there is no contract.
I know some people send calldata as a way to send messages to EOAs but surely there is a way to make this possible while still protecting the user with good UX.
Just a small lower bound how much user money could have been protected with this feature:
WETH address on blast has 18.8 ETH
base: 1.2 ETH
arbitrum: 22.8 ETH
Purpose:
Prevent users from losing ETH (either for gas or sent in their tx).
Extension/Mobile/Both:
I believe this security feature makes sense on any wallet.
we will share it with the team 