Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| "0xfa05A73FfE78ef8f1a739473e462c54bae6567D9": {}, | ||
| "0xfeF4185594457050cC9c23980d301908FE057Bb1": {}, | ||
| "0xfec0cF7fE078a500abf15F1284958F22049c2C7e": {}, | ||
| "0xff56Cc6b1E6dEd347aA0B7676C85AB0B3D08B0FA": {} |
There was a problem hiding this comment.
All token metadata deleted, replaced with empty objects
High Severity
This PR claims to "Add FLASH token metadata" but instead deletes all metadata for every single token in contract-map.json. Every entry — including critical tokens like USDC, USDT, WETH, DAI, WBTC, and hundreds of others — has been reduced from a full metadata object (with name, logo, erc20, symbol, decimals) to an empty {}. This file is the package's main export via index.js, so any downstream consumer will receive no token information at all. The FLASH token itself at line 604 is also added with an empty object and no metadata, failing even the stated goal of the PR.
| "0xdF574c24545E5FfEcb9a659c229253D4111d87e1": {}, | ||
| "0xdacD69347dE42baBfAEcD09dC88958378780FB62": {}, | ||
| "0xdcD85914b8aE28c1E62f1C488E1D968D5aaFfE2b": {}, | ||
| "0xdca62e01d8764f887d7364ab0e877e4ca8acca11": {}, |
There was a problem hiding this comment.
FLASH token address lacks EIP-55 checksum format
Medium Severity
The FLASH token address 0xdca62e01d8764f887d7364ab0e877e4ca8acca11 is entirely lowercased, while every other address in the file uses EIP-55 mixed-case checksummed format. The PR description specifies 0xDCa62E01D8764f887d7364Ab0e877e4CA8ACCa11. This inconsistency breaks the checksumming convention used by the rest of the file and could cause lookup mismatches in case-sensitive consumers.
1 participant
Adding metadata for FLASH (Flash USDT ERC20).
Note
High Risk
Replaces rich token/NFT metadata with empty objects across the entire
contract-map.json, which can break any consumer expectingname/symbol/decimals/logofields. Also introduces/normalizes an additional address entry (0xdca62e01d8764f887d7364ab0e877e4ca8acca11), so downstream lookups and casing behavior may change.Overview
Massively refactors
contract-map.jsonfrom a detailed contract metadata registry (e.g.,name,symbol,decimals,logo,erc20/erc721) into an address-only allowlist where each contract address maps to an empty object ({}).Adds/normalizes inclusion of the
FLASHcontract address (0xdca62e01d8764f887d7364ab0e877e4ca8acca11) while dropping all per-contract metadata from the file.Written by Cursor Bugbot for commit c66fe39. This will update automatically on new commits. Configure here.