[Eco Bounty] ioPay Lack of Scam Detection for New Address Entry

Wallet Address Reporter: io1tkw393kejmxwnd454twc6020sxcyvh5dxqmren

Target Scam Address: 0xd9A1C3788D81257612E2581A6ea0aDa244853a91

App Version: ioPay v5.3.1 (3973)

Device: Redmi Note 10 Pro (Android 13)

1. Description

The "New Address" interface in the address book lacks an early detection or warning system to identify known scam or high-risk wallet addresses during the entry process. When a user inputs a known malicious address, the app does not provide a real-time alert or prevent the saving of the address, potentially leading to accidental future fund loss.

2. Steps to Reproduce

1. Open the ioPay app.

2. Navigate to the Address Book and select "Add New Address".

3. Paste a known scam address (e.g., 0xd9A1C3788D81257612E2581A6ea0aDa244853a91) into the "New Address" field.

4. Observe the lack of any warning indicator or risk assessment.

3. Actual Result

The application allows the address to be entered and potentially saved without performing a security check against known blacklists or risk databases.

4. Expected Result

The app should implement a proactive security layer that:

• Flags known scam addresses with a red warning banner or icon immediately upon entry.

• Displays a risk level (e.g., "High Risk" or "Reported Scam") based on community or security provider data.

• Requires additional confirmation from the user before allowing a high-risk address to be saved to the address book.

Suggested Fixes

1. API Integration: Integrate a real-time security API (such as GoPlus Security or similar) to verify addresses against global scam databases as they are typed.

2. Visual Alert: Implement a clear visual warning (e.g., a "Scam Alert" badge) directly within the address input field when a match is found.

3. Community Reporting: Add a "Report this address" button within the Address Book to allow users to contribute to the local and global safety database.