feat: allow sending to token contract as user acknowledges warning.

[jpuri]

Description

Allow user to send to contract address, but add warning for that on both send and confirmation page.

Changelog

CHANGELOG entry:

Related issues

Fixes: https://github.com/MetaMask/MetaMask-planning/issues/6962

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Screen.Recording.2026-03-12.at.4.59.07.PM.mov

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Changes recipient validation and submission gating so some address errors become acknowledgeable, which can affect when transactions are allowed to proceed. Also adds a new confirmation alert source and metrics mapping; incorrect classification could lead to missed warnings or unintended sends.

Overview
Users can now proceed when the recipient is detected as a token/smart-contract address by acknowledging a new SendAlertModal, instead of being hard-blocked at the recipient step.

This introduces an acknowledgeable validation state (toAddressErrorAllowAcknowledge) from useToAddressValidation/validateHexAddress, adds a new confirmation-page warning via useTokenContractAlert (AlertKeys.TokenContractAddress), and wires the new alert key into confirmation alert metrics/name resolution. Tests and i18n strings were updated/added to cover the modal flow and the new alert behavior.

^{Written by Cursor Bugbot for commit fa22e95. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 73.33333% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.96%. Comparing base (6b4798f) to head (637279d).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
...onfirmations/hooks/alerts/useTokenContractAlert.ts	55.00%	9 Missing ⚠️
...firmations/components/send/recipient/recipient.tsx	84.21%	1 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #27416      +/-   ##
==========================================
- Coverage   81.97%   81.96%   -0.01%     
==========================================
  Files        4699     4701       +2     
  Lines      122881   122920      +39     
  Branches    27126    27133       +7     
==========================================
+ Hits       100737   100757      +20     
- Misses      15167    15186      +19     
  Partials     6977     6977              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeConfirmations
• Selected Performance tags: None (no tests recommended)
• Risk Level: medium
• AI Confidence: 91%

click to see 🤖 AI reasoning details

E2E Test Selection:
The changes are concentrated in the transaction confirmation send flow, specifically:

• Recipient component and related tests
• Send alert modal (UI, types, tests)
• Confirmation alert hooks (useConfirmationAlerts, useTokenContractAlert)
• Address validation logic and utilities (useToAddressValidation, send-address-validations)
• Confirmation alert metrics hook
• Confirmation alert constants

These files directly impact the transaction confirmation UI and validation logic for send flows (native token, ERC-20, contract interactions). This falls squarely under the SmokeConfirmations scope, which validates transaction sending, signature flows, smart contract interactions, and confirmation UI behavior.

There are no changes to controllers, Engine initialization, network management, trade flows, identity, snaps, or multi-chain session APIs. Therefore, other tags (e.g., SmokeTrade, SmokeNetworkExpansion, SmokeIdentity, SmokeWalletPlatform) are not required.

Given that confirmation logic is a critical user path and shared across many transaction types, this represents medium risk and should be validated via SmokeConfirmations E2E coverage.

Performance Test Selection:
The changes are limited to validation logic, alert hooks, modal components, and related tests. There are no changes to rendering-heavy lists, startup flows, account/network selectors, swaps quote fetching, or other performance-sensitive areas. Therefore, no dedicated performance test suites are required.

View GitHub Actions results

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
95.9% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
16 value mismatches detected (expected — fixture represents an existing user).
View details