From bca4594f0af6b36d7d931f384c42d8e8226fb7a0 Mon Sep 17 00:00:00 2001
From: Dan Finlay <542863+danfinlay@users.noreply.github.com>
Date: Fri, 14 Feb 2020 12:32:56 -0800
Subject: [PATCH] Add warning to watchAsset API when editing a known token
 (#8049)

* Add warning when editing a known token with watchAsset API

* Add warning when watchAsset attempts to reuse token symbol
---
 app/_locales/en/messages.json                 |  6 +++
 .../confirm-add-suggested-token.component.js  | 47 ++++++++++++++++++-
 .../confirm-add-suggested-token.container.js  |  3 +-
 3 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/app/_locales/en/messages.json b/app/_locales/en/messages.json
index c9e1b02db..73c59555e 100644
--- a/app/_locales/en/messages.json
+++ b/app/_locales/en/messages.json
@@ -715,6 +715,12 @@
   "knownAddressRecipient": {
     "message": "Known contract address."
   },
+  "knownTokenWarning": {
+    "message": "This action will edit tokens that are already listed in your wallet, which can be used to phish you. Only approve if you are certain that you mean to change what these tokens represent."
+  },
+  "reusedTokenNameWarning": {
+    "message": "A token here reuses a symbol from another token you watch, this can be confusing or deceptive."
+  },
   "invalidAddressRecipientNotEthNetwork": {
     "message": "Not ETH network, set to lowercase"
   },
diff --git a/ui/app/pages/confirm-add-suggested-token/confirm-add-suggested-token.component.js b/ui/app/pages/confirm-add-suggested-token/confirm-add-suggested-token.component.js
index 04e9c8dcf..7430933b3 100644
--- a/ui/app/pages/confirm-add-suggested-token/confirm-add-suggested-token.component.js
+++ b/ui/app/pages/confirm-add-suggested-token/confirm-add-suggested-token.component.js
@@ -16,6 +16,7 @@ export default class ConfirmAddSuggestedToken extends Component {
     addToken: PropTypes.func,
     pendingTokens: PropTypes.object,
     removeSuggestedTokens: PropTypes.func,
+    tokens: PropTypes.array,
   }
 
   componentDidMount () {
@@ -33,9 +34,11 @@ export default class ConfirmAddSuggestedToken extends Component {
   }
 
   render () {
-    const { addToken, pendingTokens, removeSuggestedTokens, history } = this.props
+    const { addToken, pendingTokens, tokens, removeSuggestedTokens, history } = this.props
     const pendingTokenKey = Object.keys(pendingTokens)[0]
     const pendingToken = pendingTokens[pendingTokenKey]
+    const hasTokenDuplicates = this.checkTokenDuplicates(pendingTokens, tokens)
+    const reusesName = this.checkNameReuse(pendingTokens, tokens)
 
     return (
       <div className="page-container">
@@ -46,6 +49,20 @@ export default class ConfirmAddSuggestedToken extends Component {
           <div className="page-container__subtitle">
             { this.context.t('likeToAddTokens') }
           </div>
+          { hasTokenDuplicates ?
+            (
+              <div className="warning">
+                { this.context.t('knownTokenWarning') }
+              </div>
+            ) : null
+          }
+          { reusesName ?
+            (
+              <div className="warning">
+                { this.context.t('reusedTokenNameWarning') }
+              </div>
+            ) : null
+          }
         </div>
         <div className="page-container__content">
           <div className="confirm-add-token">
@@ -119,4 +136,32 @@ export default class ConfirmAddSuggestedToken extends Component {
       </div>
     )
   }
+
+  checkTokenDuplicates (pendingTokens, tokens) {
+    const pending = Object.keys(pendingTokens)
+    const existing = tokens.map(token => token.address)
+    const dupes = pending.filter((proposed) => {
+      return existing.includes(proposed)
+    })
+
+    return dupes.length > 0
+  }
+
+  /**
+   * Returns true if any pendingTokens both:
+   * - Share a symbol with an existing `tokens` member.
+   * - Does not share an address with that same `tokens` member.
+   * This should be flagged as possibly deceptive or confusing.
+   */
+  checkNameReuse (pendingTokens, tokens) {
+    const duplicates = Object.keys(pendingTokens)
+      .map((addr) => pendingTokens[addr])
+      .filter((token) => {
+        const dupes = tokens.filter(old => old.symbol === token.symbol)
+          .filter(old => old.address !== token.address)
+        return dupes.length > 0
+      })
+    return duplicates.length > 0
+  }
+
 }
diff --git a/ui/app/pages/confirm-add-suggested-token/confirm-add-suggested-token.container.js b/ui/app/pages/confirm-add-suggested-token/confirm-add-suggested-token.container.js
index cc73b2ea7..63932ffa5 100644
--- a/ui/app/pages/confirm-add-suggested-token/confirm-add-suggested-token.container.js
+++ b/ui/app/pages/confirm-add-suggested-token/confirm-add-suggested-token.container.js
@@ -8,11 +8,12 @@ const extend = require('xtend')
 const { addToken, removeSuggestedTokens } = require('../../store/actions')
 
 const mapStateToProps = ({ metamask }) => {
-  const { pendingTokens, suggestedTokens } = metamask
+  const { pendingTokens, suggestedTokens, tokens } = metamask
   const params = extend(pendingTokens, suggestedTokens)
 
   return {
     pendingTokens: params,
+    tokens,
   }
 }