Automatic recognition of unverified ETH tokens

[mkolar242]

Design

Spec:
The prerequisite for this ticket is this #6595 and #6442

As a user, I expect Trezor Suite will be able to recognize unverified tokens in my account and add them to “Unverified” tokens list. Based on this action I can decide if I want to hide these tokens or not. When an “unverified” token lands in my account, I want to be notified about it.

Acceptance criteria

• “Tokens” tab located in the Ethereum account detail has 4 tabs (list-of-tokens.png)
  • “All” - list of all available coins in the Ethereum account
  • “Tokens” - list of all coins excluding “Unverified” and “Hidden” tokens
    • “Tokens” tab indicates the number of tokens in the list
  • “Unverified” - list of all coins which are not whitelisted by Ethereum definitions database and which hasn’t been moved to whether “Tokens” or “Hidden” tokens list (unverified.png)
    • “Unverified” tab indicates the number of tokens in the list
    • Trezor Suite can look up the Ethereum definitions database with whitelisted tokens to identify any potential scam tokens
      • If the token is not found in the Ethereum definitions database then it has to be moved to “Unverified” tokens list
    • There is a description right below the list name: “These tokens have been flagged as unverified, which means their authenticity as legitimate projects cannot be confirmed. Please be cautious when interacting with these tokens.”
    • Each token has a warning icon next to its name - triangle with exclamation mark
      • If the token is moved to another list, the warning icon is removed
    • Each token has a button “Hide token”
      • Clicking the “Hide token” button moves the token to a “Hidden” list
    • Each token has a button “Approve token”
      • Clicking the “Approve token” button moves the token to a “Tokens” list
    • List of unverified tokens is collapsible
    • The list is collapsed by default
  • “Hidden” - list of all coins which where marked as hidden by the user (hidden.png)
    • “Hidden” tokens tab indicates the number of tokens in the list
    • List of hidden tokens is collapsible
    • The list is collapsed by default
• Transaction with received “unverified” token needs to be displayed in the transaction history with a warning. Same logic as in the Address poisoning attack: Label zero value transactions in TX detail #7278 (comment)
  • There is a triangle icon with exclamation mark next to “Sent” or “Received” token (Alert.png)
    • Hovering over the warning icon displays a tool tip
    • Tool tip says: “Unverified token! This looks like a phishing attack (airdrop scam) and the token should not be used. Learn more.”
      • “Learn more” is a link to the knowledge base article: https://trezor.io/support/a/airdrop-scam-tokens
  • There is a red warning banner in the transaction detail modal window (Alert-tx-detail.png)
    • The banner is displayd right under the “Details” heading
    • The banner says: “This transaction is flagged as suspicious and could be a scam. Please proceed with caution. Learn more.”
      • “Learn more” is a link to the knowledge base article: https://trezor.io/support/a/airdrop-scam-tokens

[mjollnir14]

Or a simpler fix in the first time: sort tokens by Ascending USD value. This will put the "fake/scam tokens" at the end of the list.

[AdamSchinzel]

I don't think there is any official database of spam tokens published by the Ethereum Foundation or any other company.

Some Web3 APIs such as Moralis has it inside their own API or Etherscan has ERC-20 token reputation (seems to not be public based on their docs).

So there must be some metrics on blockbook what makes the ERC-20 token a spam token I guess.

[marian001]

Or allow user to enable tokens he/she wants to work with. And include an option to automatically enable tokens with non-zero balances.

[tomasklim]

@Hannsek maybe close in favor of #12165?