fix: cp-7.80.0 prevent send flow from submitting to zero address after clearing pasted recipient

[OGPoyraz]

Description

When a user pastes an address in the send flow, an auto-review useEffect is triggered to streamline the UX. If the "New address" alert modal appears and the user cancels it, then presses the "Clear" button, the pastedRecipient state was not being cleared. This caused a race condition: handleClearInput would set to to empty, which caused hasUnacknowledgedAlerts to become false (no alerts for empty addresses), while pastedRecipient and toAddressValidated still held the old address. The auto-review useEffect would then see all conditions pass and fire handleSubmitPress with an empty to value, which got cast to 0x0000...0000.

Fix:

1. Clear pastedRecipient in handleClearInput so the auto-review effect cannot re-trigger with stale state after clearing.
2. Add a defense-in-depth guard in proceedWithSubmit to reject empty recipient addresses.

Changelog

CHANGELOG entry: Fixed a bug where clearing a pasted recipient address in the send flow could trigger a transaction to the zero address

Related issues

Fixes:

Manual testing steps

Feature: Send flow clear button

  Scenario: user clears pasted address after cancelling new address alert
    Given the user is on the send recipient screen

    When user pastes a valid address using the Paste button
    And user presses the Review button
    And the "New address" alert modal appears
    And user presses Cancel on the alert modal
    And user presses the Clear button
    Then the input field is cleared
    And no transaction is submitted
    And the user remains on the recipient screen

  Scenario: user clears pasted address without triggering review first
    Given the user is on the send recipient screen

    When user pastes a valid address using the Paste button
    And user presses the Clear button before auto-review triggers
    Then the input field is cleared
    And no transaction is submitted

Screenshots/Recordings

Before

Pressing Clear after cancelling the "New address" alert triggers a transaction submission to 0x0000...0000.

After

Pressing Clear correctly resets the input without triggering any transaction submission.

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
  • Use these power-user SRPs to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production performance metrics
  • See trace() for usage and addToken for an example

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Changes send submission guards and recipient state on a user-facing money path; scope is small and covered by tests, but incorrect gating could block valid sends or miss edge cases.

Overview
Fixes a send-flow bug where Clear after canceling the "New address" alert could still auto-advance review because pastedRecipient stayed set while to was emptied.

RecipientInput now resets pastedRecipient in handleClearInput (along with updateTo('')) so the paste auto-review useEffect cannot re-fire on stale paste state. Recipient proceedWithSubmit also bails out when there is no resolvedAddress or to, blocking submission with an empty recipient (e.g. zero address). Tests cover clear + empty-recipient paths.

^{Reviewed by Cursor Bugbot for commit 636fbc9. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeConfirmations
• Selected Performance tags: None (no tests recommended)
• Risk Level: medium
• AI Confidence: 92%

click to see 🤖 AI reasoning details

E2E Test Selection:
The changes are two targeted bug fixes in the send flow's recipient input components:

1. recipient-input.tsx: When the "Clear" button is pressed, setPastedRecipient(undefined) is now also called alongside updateTo(''). Previously, clearing the input field did not reset the pasted recipient state, which could cause stale state issues.

2. recipient.tsx: Added an early return guard - if recipientAddress (either resolvedAddress or to) is empty, the transaction submission is aborted. This prevents submitting a transaction with no recipient address.

Both fixes are in the confirmations/send flow components. SmokeConfirmations covers transaction sending for native tokens (ETH), ERC-20 tokens, and Solana SPL tokens, which directly exercises these recipient input and submission flows. No other tags are needed as these changes are isolated to the send recipient UI logic and don't affect swaps, staking, network management, accounts, or other areas. No performance impact expected from these small logic fixes.

Performance Test Selection:
These are small bug fixes in the recipient input component logic (state clearing and an early return guard). They don't affect rendering performance, data loading, list rendering, or any performance-sensitive paths. No performance tests are warranted.

View GitHub Actions results

[OGPoyraz]

This is safety net guard for preventing submission to zero address

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 636fbc9. Configure here.}

[cursor]

Computed recipientAddress not reused in handleSubmitPress call

Low Severity

The new recipientAddress variable at line 89 computes resolvedAddress || to, but line 98 recomputes the same expression resolvedAddress || to instead of reusing recipientAddress. In this critical transaction-submission function, the guard and the actual submission call rely on the same address derivation formula — if the formula ever changes, updating one without the other would silently create a mismatch between what's validated and what's submitted.

Additional Locations (1)

• app/components/Views/confirmations/components/send/recipient/recipient.tsx#L88-L89

 

^{Reviewed by Cursor Bugbot for commit 636fbc9. Configure here.}