Honeypot · test environment

Real-fire range

Triggers actualPermit signature requests and EIP-7702 authorization txs. drain’t’s Snap should intercept the bad ones and insert a warning panel before MetaMask Flask asks you to confirm.

Connect your wallet first (header).

Test A · Permit signature (EIP-2612 typed data v4)

MM’s onSignatureinsight API fires for typed-data v4. drain’t reads the Permit spender and runs it through the classifier.

Sign Permit · spender = USDC (safe)

Self-spending Permit. Expect drain't to stay silent or show 'safe'.

Sign Permit · spender = CrimeEnjoyorMock 🚨

Spender = 0xae5d…fd73. Expect critical warning panel.

Test B · Plain transaction to a target

Sends a value-0 tx to a target contract. MM’s onTransactioninsight fires; drain’t classifies tx.to and warns if it’s a known drainer-shaped contract. Value=0 so nothing actually drains even on the “malicious” run.

Call drain't enforcer (safe)

tx.to = 0x2187…Da14 — calls owner() view. Expect drain't safe panel.

Call CrimeEnjoyorMock 🚨

tx.to = 0xae5d…fd73. Expect drain't critical: 'Drainer contract suspected'.

Test B' · EIP-7702 SET_CODE (experimental)

⚠ EIP-7702 authorization signing from a JSON-RPC wallet (MetaMask) isn’t stable yet — viem requires a local privateKey account, and MM Flask hasn’t exposed wallet_signAuthorization publicly. drain’t’s onTransaction handler already inspects authorizationList (see snap/src/eip7702.ts) — the buttons below will start working the moment MM ships the RPC.

Send 7702 tx · target = drain't enforcer

Delegating to 0x2187…Da14. Currently expected to error 'json-rpc not supported'.

Send 7702 tx · target = CrimeEnjoyorMock

Delegating to 0xae5d…fd73. Will work once wallet API stabilizes.

Last results

No tests run yet. Trigger one above.