Problem Statement
48 console.log, console.error, and console.warn calls exist in production frontend code, leaking wallet IDs, contract addresses, transaction hashes, and API responses to browser consoles — visible to anyone opening Developer Tools.
Evidence
Code search reveals 48 console calls:
// wallet.jsx:58 — leaks public key
console.log('Wallet connected successfully. Public key:', publicKey);
// transaction.js:40 — leaks wallet ID + contract addresses
console.log('Sending loop_liquidity Soroban call:', {
depositData, userContractAddress, walletId
});
// contract.js:149 — leaks contract address
console.log('Soroban contract deployed at address:', contractAddress);
Breakdown: transaction.js (10), contract.js (8), wallet.jsx (5), telegram.js (4), axios.js (3), 5 hooks files (5), soroban.js (1), App.jsx (1), NotFound.jsx:20 (1, acceptable), DashboardLayout.jsx (1).
Impact
Medium — information leakage. Wallet IDs, contract addresses, and transaction hashes visible in production browser console. While private keys remain secure in Freighter, wallet IDs can be used to query the API. Also bloats production bundle.
Proposed Solution
Replace console.* calls with environment-aware structured logger: no-op in production (VITE_ENV === 'production'), active in dev. Error-level logs redirected to Sentry in production.
Acceptance Criteria
File Map
quantara/frontend/src/utils/logger.js — New: environment-aware logger
quantara/frontend/src/services/transaction.js — replace 10 console calls
quantara/frontend/src/services/contract.js — replace 8 console calls
quantara/frontend/src/services/wallet.jsx — replace 5 console calls
quantara/frontend/src/services/telegram.js — replace 4 console.error
quantara/frontend/src/services/soroban.js — replace 1 console.error
quantara/frontend/src/utils/axios.js — replace 3 console.error
quantara/frontend/src/hooks/ — replace console calls in 5 hooks files
quantara/frontend/src/App.jsx — replace console.error
quantara/frontend/src/pages/DashboardLayout.jsx — replace console.log
Dependencies
- Related: REPO-041 (structured logging on backend complements frontend cleanup)
Testing Strategy
- Unit: Test logger outputs in dev, is no-op in production
- Manual: Build for production (
vite build), inspect bundle for console.log strings
- Integration: Verify critical errors still captured (mock Sentry)
Security Considerations
Reduces information leakage via browser console. Wallet IDs and contract addresses must never appear in production console output.
Definition of Done
Labels: refactoring, quick-win, security
Priority: Medium
Difficulty: Beginner
Estimated Effort: 1h
Problem Statement
48
console.log,console.error, andconsole.warncalls exist in production frontend code, leaking wallet IDs, contract addresses, transaction hashes, and API responses to browser consoles — visible to anyone opening Developer Tools.Evidence
Code search reveals 48 console calls:
Breakdown:
transaction.js(10),contract.js(8),wallet.jsx(5),telegram.js(4),axios.js(3), 5 hooks files (5),soroban.js(1),App.jsx(1),NotFound.jsx:20(1, acceptable),DashboardLayout.jsx(1).Impact
Medium — information leakage. Wallet IDs, contract addresses, and transaction hashes visible in production browser console. While private keys remain secure in Freighter, wallet IDs can be used to query the API. Also bloats production bundle.
Proposed Solution
Replace
console.*calls with environment-aware structured logger: no-op in production (VITE_ENV === 'production'), active in dev. Error-level logs redirected to Sentry in production.Acceptance Criteria
console.log/console.warnremoved from production buildquantara/frontend/src/utils/logger.jsFile Map
quantara/frontend/src/utils/logger.js— New: environment-aware loggerquantara/frontend/src/services/transaction.js— replace 10 console callsquantara/frontend/src/services/contract.js— replace 8 console callsquantara/frontend/src/services/wallet.jsx— replace 5 console callsquantara/frontend/src/services/telegram.js— replace 4 console.errorquantara/frontend/src/services/soroban.js— replace 1 console.errorquantara/frontend/src/utils/axios.js— replace 3 console.errorquantara/frontend/src/hooks/— replace console calls in 5 hooks filesquantara/frontend/src/App.jsx— replace console.errorquantara/frontend/src/pages/DashboardLayout.jsx— replace console.logDependencies
Testing Strategy
vite build), inspect bundle for console.log stringsSecurity Considerations
Reduces information leakage via browser console. Wallet IDs and contract addresses must never appear in production console output.
Definition of Done
Labels: refactoring, quick-win, security
Priority: Medium
Difficulty: Beginner
Estimated Effort: 1h