Skip to content

refactor: Remove 48 console.log statements from production frontend #50

Description

@YaronZaki

Problem Statement

48 console.log, console.error, and console.warn calls exist in production frontend code, leaking wallet IDs, contract addresses, transaction hashes, and API responses to browser consoles — visible to anyone opening Developer Tools.

Evidence

Code search reveals 48 console calls:

// wallet.jsx:58 — leaks public key
console.log('Wallet connected successfully. Public key:', publicKey);

// transaction.js:40 — leaks wallet ID + contract addresses
console.log('Sending loop_liquidity Soroban call:', {
    depositData, userContractAddress, walletId
});

// contract.js:149 — leaks contract address
console.log('Soroban contract deployed at address:', contractAddress);

Breakdown: transaction.js (10), contract.js (8), wallet.jsx (5), telegram.js (4), axios.js (3), 5 hooks files (5), soroban.js (1), App.jsx (1), NotFound.jsx:20 (1, acceptable), DashboardLayout.jsx (1).

Impact

Medium — information leakage. Wallet IDs, contract addresses, and transaction hashes visible in production browser console. While private keys remain secure in Freighter, wallet IDs can be used to query the API. Also bloats production bundle.

Proposed Solution

Replace console.* calls with environment-aware structured logger: no-op in production (VITE_ENV === 'production'), active in dev. Error-level logs redirected to Sentry in production.

Acceptance Criteria

  • All console.log/console.warn removed from production build
  • Logger utility created at quantara/frontend/src/utils/logger.js
  • No wallet IDs or contract addresses logged in production
  • Development logging preserved for debugging
  • Critical errors still reported to Sentry in production
  • Production build verified — no Quantara-specific console output

File Map

  • quantara/frontend/src/utils/logger.jsNew: environment-aware logger
  • quantara/frontend/src/services/transaction.js — replace 10 console calls
  • quantara/frontend/src/services/contract.js — replace 8 console calls
  • quantara/frontend/src/services/wallet.jsx — replace 5 console calls
  • quantara/frontend/src/services/telegram.js — replace 4 console.error
  • quantara/frontend/src/services/soroban.js — replace 1 console.error
  • quantara/frontend/src/utils/axios.js — replace 3 console.error
  • quantara/frontend/src/hooks/ — replace console calls in 5 hooks files
  • quantara/frontend/src/App.jsx — replace console.error
  • quantara/frontend/src/pages/DashboardLayout.jsx — replace console.log

Dependencies

  • Related: REPO-041 (structured logging on backend complements frontend cleanup)

Testing Strategy

  • Unit: Test logger outputs in dev, is no-op in production
  • Manual: Build for production (vite build), inspect bundle for console.log strings
  • Integration: Verify critical errors still captured (mock Sentry)

Security Considerations

Reduces information leakage via browser console. Wallet IDs and contract addresses must never appear in production console output.

Definition of Done

  • Code implemented and peer-reviewed
  • Production build verified — no Quantara console output
  • All existing frontend tests pass
  • PR linked and merged

Labels: refactoring, quick-win, security
Priority: Medium
Difficulty: Beginner
Estimated Effort: 1h

Metadata

Metadata

Assignees

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions