Guard block detail fetch state

backend/api/middleware/auth.go

@@ -1,6 +1,7 @@
 package middleware
 
 import (
+	"context"
 	"fmt"
 	"net/http"
 	"strings"
@@ -30,7 +31,11 @@ func (m *AuthMiddleware) RequireAuth(next http.Handler) http.Handler {
 			return
 		}
 
-		ctx := ContextWithAuth(r.Context(), address, track, true)
+		// Add user context
+		ctx := context.WithValue(r.Context(), "user_address", address)
+		ctx = context.WithValue(ctx, "user_track", track)
+		ctx = context.WithValue(ctx, "authenticated", true)
+
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }
@@ -39,7 +44,11 @@ func (m *AuthMiddleware) RequireAuth(next http.Handler) http.Handler {
 func (m *AuthMiddleware) RequireTrack(requiredTrack int) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			track := UserTrack(r.Context())
+			// Extract track from context (set by RequireAuth or OptionalAuth)
+			track, ok := r.Context().Value("user_track").(int)
+			if !ok {
+				track = 1 // Default to Track 1 (public)
+			}
 
 			if !featureflags.HasAccess(track, requiredTrack) {
 				writeForbidden(w, requiredTrack)
@@ -56,33 +65,40 @@ func (m *AuthMiddleware) OptionalAuth(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		address, track, err := m.extractAuth(r)
 		if err != nil {
-			// No auth provided (or auth failed) — fall back to Track 1.
-			ctx := ContextWithAuth(r.Context(), "", defaultTrackLevel, false)
+			// No auth provided, default to Track 1 (public)
+			ctx := context.WithValue(r.Context(), "user_address", "")
+			ctx = context.WithValue(ctx, "user_track", 1)
+			ctx = context.WithValue(ctx, "authenticated", false)
 			next.ServeHTTP(w, r.WithContext(ctx))
 			return
 		}
 
-		ctx := ContextWithAuth(r.Context(), address, track, true)
+		// Auth provided, add user context
+		ctx := context.WithValue(r.Context(), "user_address", address)
+		ctx = context.WithValue(ctx, "user_track", track)
+		ctx = context.WithValue(ctx, "authenticated", true)
+
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }
 
-// extractAuth extracts authentication information from the request.
-// Returns ErrMissingAuthorization when no usable Bearer token is present;
-// otherwise returns the error from JWT validation.
+// extractAuth extracts authentication information from request
 func (m *AuthMiddleware) extractAuth(r *http.Request) (string, int, error) {
+	// Get Authorization header
 	authHeader := r.Header.Get("Authorization")
 	if authHeader == "" {
-		return "", 0, ErrMissingAuthorization
+		return "", 0, http.ErrMissingFile
 	}
 
+	// Check for Bearer token
 	parts := strings.Split(authHeader, " ")
 	if len(parts) != 2 || parts[0] != "Bearer" {
-		return "", 0, ErrMissingAuthorization
+		return "", 0, http.ErrMissingFile
 	}
 
 	token := parts[1]
 
+	// Validate JWT token
 	address, track, err := m.walletAuth.ValidateJWT(token)
 	if err != nil {
 		return "", 0, err

backend/api/middleware/context.go

@@ -1,60 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"errors"
-)
-
-// ctxKey is an unexported type for request-scoped authentication values.
-// Using a distinct type (rather than a bare string) keeps our keys out of
-// collision range for any other package that also calls context.WithValue,
-// and silences go vet's SA1029.
-type ctxKey string
-
-const (
-	ctxKeyUserAddress   ctxKey = "user_address"
-	ctxKeyUserTrack     ctxKey = "user_track"
-	ctxKeyAuthenticated ctxKey = "authenticated"
-)
-
-// Default track level applied to unauthenticated requests (Track 1 = public).
-const defaultTrackLevel = 1
-
-// ErrMissingAuthorization is returned by extractAuth when no usable
-// Authorization header is present on the request. Callers should treat this
-// as "no auth supplied" rather than a hard failure for optional-auth routes.
-var ErrMissingAuthorization = errors.New("middleware: authorization header missing or malformed")
-
-// ContextWithAuth returns a child context carrying the supplied
-// authentication state. It is the single place in the package that writes
-// the auth context keys.
-func ContextWithAuth(parent context.Context, address string, track int, authenticated bool) context.Context {
-	ctx := context.WithValue(parent, ctxKeyUserAddress, address)
-	ctx = context.WithValue(ctx, ctxKeyUserTrack, track)
-	ctx = context.WithValue(ctx, ctxKeyAuthenticated, authenticated)
-	return ctx
-}
-
-// UserAddress returns the authenticated wallet address stored on ctx, or
-// "" if the context is not authenticated.
-func UserAddress(ctx context.Context) string {
-	addr, _ := ctx.Value(ctxKeyUserAddress).(string)
-	return addr
-}
-
-// UserTrack returns the access tier recorded on ctx. If no track was set
-// (e.g. the request bypassed all auth middleware) the caller receives
-// Track 1 (public) so route-level checks can still make a decision.
-func UserTrack(ctx context.Context) int {
-	if track, ok := ctx.Value(ctxKeyUserTrack).(int); ok {
-		return track
-	}
-	return defaultTrackLevel
-}
-
-// IsAuthenticated reports whether the current request carried a valid auth
-// token that was successfully parsed by the middleware.
-func IsAuthenticated(ctx context.Context) bool {
-	ok, _ := ctx.Value(ctxKeyAuthenticated).(bool)
-	return ok
-}

backend/api/middleware/context_test.go

@@ -1,62 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"errors"
-	"testing"
-)
-
-func TestContextWithAuthRoundTrip(t *testing.T) {
-	ctx := ContextWithAuth(context.Background(), "0xabc", 4, true)
-
-	if got := UserAddress(ctx); got != "0xabc" {
-		t.Fatalf("UserAddress() = %q, want %q", got, "0xabc")
-	}
-	if got := UserTrack(ctx); got != 4 {
-		t.Fatalf("UserTrack() = %d, want 4", got)
-	}
-	if !IsAuthenticated(ctx) {
-		t.Fatal("IsAuthenticated() = false, want true")
-	}
-}
-
-func TestUserTrackDefaultsToTrack1OnBareContext(t *testing.T) {
-	if got := UserTrack(context.Background()); got != defaultTrackLevel {
-		t.Fatalf("UserTrack(empty) = %d, want %d", got, defaultTrackLevel)
-	}
-}
-
-func TestUserAddressEmptyOnBareContext(t *testing.T) {
-	if got := UserAddress(context.Background()); got != "" {
-		t.Fatalf("UserAddress(empty) = %q, want empty", got)
-	}
-}
-
-func TestIsAuthenticatedFalseOnBareContext(t *testing.T) {
-	if IsAuthenticated(context.Background()) {
-		t.Fatal("IsAuthenticated(empty) = true, want false")
-	}
-}
-
-// TestContextKeyIsolation proves that the typed ctxKey values cannot be
-// shadowed by a caller using bare-string keys with the same spelling.
-// This is the specific class of bug fixed by this PR.
-func TestContextKeyIsolation(t *testing.T) {
-	ctx := context.WithValue(context.Background(), "user_address", "injected")
-	if got := UserAddress(ctx); got != "" {
-		t.Fatalf("expected empty address (bare string key must not collide), got %q", got)
-	}
-}
-
-func TestErrMissingAuthorizationIsSentinel(t *testing.T) {
-	if ErrMissingAuthorization == nil {
-		t.Fatal("ErrMissingAuthorization must not be nil")
-	}
-	wrapped := errors.New("wrapped: " + ErrMissingAuthorization.Error())
-	if errors.Is(wrapped, ErrMissingAuthorization) {
-		t.Fatal("string-wrapped error must not satisfy errors.Is (smoke check)")
-	}
-	if !errors.Is(ErrMissingAuthorization, ErrMissingAuthorization) {
-		t.Fatal("ErrMissingAuthorization must satisfy errors.Is against itself")
-	}
-}

backend/api/rest/features.go

@@ -4,7 +4,6 @@ import (
 	"encoding/json"
 	"net/http"
 
-	"github.com/explorer/backend/api/middleware"
 	"github.com/explorer/backend/featureflags"
 )
 
@@ -17,8 +16,11 @@ func (s *Server) handleFeatures(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Extract user track from context (set by auth middleware)
-	// Default to Track 1 (public) if not authenticated (handled by helper).
-	userTrack := middleware.UserTrack(r.Context())
+	// Default to Track 1 (public) if not authenticated
+	userTrack := 1
+	if track, ok := r.Context().Value("user_track").(int); ok {
+		userTrack = track
+	}
 
 	// Get enabled features for this track
 	enabledFeatures := featureflags.GetEnabledFeatures(userTrack)

backend/api/track4/endpoints.go

@@ -12,7 +12,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/explorer/backend/api/middleware"
 	"github.com/explorer/backend/auth"
 	"github.com/jackc/pgx/v5/pgxpool"
 )
@@ -186,7 +185,7 @@ func (s *Server) requireOperatorAccess(w http.ResponseWriter, r *http.Request) (
 		return "", "", false
 	}
 
-	operatorAddr := middleware.UserAddress(r.Context())
+	operatorAddr, _ := r.Context().Value("user_address").(string)
 	operatorAddr = strings.TrimSpace(operatorAddr)
 	if operatorAddr == "" {
 		writeError(w, http.StatusUnauthorized, "unauthorized", "Operator address required")

backend/api/track4/operator_scripts.go

@@ -13,8 +13,6 @@ import (
 	"path/filepath"
 	"strings"
 	"time"
-
-	"github.com/explorer/backend/api/middleware"
 )
 
 type runScriptRequest struct {
@@ -69,7 +67,7 @@ func (s *Server) HandleRunScript(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	operatorAddr := middleware.UserAddress(r.Context())
+	operatorAddr, _ := r.Context().Value("user_address").(string)
 	if operatorAddr == "" {
 		writeError(w, http.StatusUnauthorized, "unauthorized", "Operator address required")
 		return

backend/api/track4/operator_scripts_test.go

@@ -11,7 +11,6 @@ import (
 	"net/http"
 	"net/http/httptest"
 
-	"github.com/explorer/backend/api/middleware"
 	"github.com/stretchr/testify/require"
 )
 
@@ -46,7 +45,7 @@ func TestHandleRunScriptUsesForwardedClientIPAndRunsAllowlistedScript(t *testing
 
 	reqBody := []byte(`{"script":"echo.sh","args":["world"]}`)
 	req := httptest.NewRequest(http.MethodPost, "/api/v1/track4/operator/run-script", bytes.NewReader(reqBody))
-	req = req.WithContext(middleware.ContextWithAuth(req.Context(), "0x4A666F96fC8764181194447A7dFdb7d471b301C8", 4, true))
+	req = req.WithContext(context.WithValue(req.Context(), "user_address", "0x4A666F96fC8764181194447A7dFdb7d471b301C8"))
 	req.RemoteAddr = "10.0.0.10:8080"
 	req.Header.Set("X-Forwarded-For", "203.0.113.9, 10.0.0.10")
 	w := httptest.NewRecorder()
@@ -78,7 +77,7 @@ func TestHandleRunScriptRejectsNonAllowlistedScript(t *testing.T) {
 	s := &Server{roleMgr: &stubRoleManager{allowed: true}, chainID: 138}
 
 	req := httptest.NewRequest(http.MethodPost, "/api/v1/track4/operator/run-script", bytes.NewReader([]byte(`{"script":"blocked.sh"}`)))
-	req = req.WithContext(middleware.ContextWithAuth(req.Context(), "0x4A666F96fC8764181194447A7dFdb7d471b301C8", 4, true))
+	req = req.WithContext(context.WithValue(req.Context(), "user_address", "0x4A666F96fC8764181194447A7dFdb7d471b301C8"))
 	req.RemoteAddr = "127.0.0.1:9999"
 	w := httptest.NewRecorder()
 
@@ -101,7 +100,7 @@ func TestHandleRunScriptRejectsFilenameCollisionOutsideAllowlistedPath(t *testin
 	s := &Server{roleMgr: &stubRoleManager{allowed: true}, chainID: 138}
 
 	req := httptest.NewRequest(http.MethodPost, "/api/v1/track4/operator/run-script", bytes.NewReader([]byte(`{"script":"unsafe/backup.sh"}`)))
-	req = req.WithContext(middleware.ContextWithAuth(req.Context(), "0x4A666F96fC8764181194447A7dFdb7d471b301C8", 4, true))
+	req = req.WithContext(context.WithValue(req.Context(), "user_address", "0x4A666F96fC8764181194447A7dFdb7d471b301C8"))
 	req.RemoteAddr = "127.0.0.1:9999"
 	w := httptest.NewRecorder()
 
@@ -123,7 +122,7 @@ func TestHandleRunScriptTruncatesLargeOutput(t *testing.T) {
 	s := &Server{roleMgr: &stubRoleManager{allowed: true}, chainID: 138}
 
 	req := httptest.NewRequest(http.MethodPost, "/api/v1/track4/operator/run-script", bytes.NewReader([]byte(`{"script":"large.sh"}`)))
-	req = req.WithContext(middleware.ContextWithAuth(req.Context(), "0x4A666F96fC8764181194447A7dFdb7d471b301C8", 4, true))
+	req = req.WithContext(context.WithValue(req.Context(), "user_address", "0x4A666F96fC8764181194447A7dFdb7d471b301C8"))
 	req.RemoteAddr = "127.0.0.1:9999"
 	w := httptest.NewRecorder()
 

frontend/src/hooks/useBlockTransactions.ts

@@ -0,0 +1,77 @@
+import { useEffect, useRef, useState } from 'react'
+
+import { transactionsApi, type Transaction } from '@/services/api/transactions'
+
+const DEFAULT_BLOCK_TRANSACTION_PAGE_SIZE = 25
+
+interface UseBlockTransactionsOptions {
+  blockNumber: number
+  chainId: number
+  enabled: boolean
+}
+
+export function useBlockTransactions({ blockNumber, chainId, enabled }: UseBlockTransactionsOptions) {
+  const [transactions, setTransactions] = useState<Transaction[]>([])
+  const [loading, setLoading] = useState(true)
+  const [error, setError] = useState(false)
+  const [hasNextPage, setHasNextPage] = useState(false)
+  const [page, setPage] = useState(1)
+  const previousBlockNumberRef = useRef(blockNumber)
+
+  useEffect(() => {
+    if (!enabled) {
+      previousBlockNumberRef.current = blockNumber
+      if (page !== 1) {
+        setPage(1)
+      }
+      setTransactions([])
+      setLoading(false)
+      setError(false)
+      setHasNextPage(false)
+      return
+    }
+
+    if (previousBlockNumberRef.current !== blockNumber) {
+      previousBlockNumberRef.current = blockNumber
+      if (page !== 1) {
+        setPage(1)
+        return
+      }
+    }
+
+    let cancelled = false
+    setLoading(true)
+    setError(false)
+
+    void (async () => {
+      const result = await transactionsApi.listByBlockSafe(
+        chainId,
+        blockNumber,
+        page,
+        DEFAULT_BLOCK_TRANSACTION_PAGE_SIZE,
+      )
+
+      if (cancelled) {
+        return
+      }
+
+      setTransactions(result.items)
+      setHasNextPage(result.hasNextPage)
+      setError(!result.ok)
+      setLoading(false)
+    })()
+
+    return () => {
+      cancelled = true
+    }
+  }, [blockNumber, chainId, enabled, page])
+
+  return {
+    transactions,
+    loading,
+    error,
+    hasNextPage,
+    page,
+    setPage,
+  }
+}

frontend/src/pages/blocks/[number].tsx

@@ -1,13 +1,15 @@
 'use client'
 
-import { useCallback, useEffect, useState } from 'react'
+import { useEffect, useMemo, useState } from 'react'
 import { useRouter } from 'next/router'
 import { blocksApi, Block } from '@/services/api/blocks'
-import { Card, Address } from '@/libs/frontend-ui-primitives'
+import { Card, Address, Table } from '@/libs/frontend-ui-primitives'
 import Link from 'next/link'
 import { DetailRow } from '@/components/common/DetailRow'
 import PageIntro from '@/components/common/PageIntro'
-import { formatTimestamp } from '@/utils/format'
+import { formatTimestamp, formatWeiAsEth } from '@/utils/format'
+import { type Transaction } from '@/services/api/transactions'
+import { useBlockTransactions } from '@/hooks/useBlockTransactions'
 
 export default function BlockDetailPage() {
   const router = useRouter()
@@ -19,17 +21,18 @@ export default function BlockDetailPage() {
   const [block, setBlock] = useState<Block | null>(null)
   const [loading, setLoading] = useState(true)
 
-  const loadBlock = useCallback(async () => {
-    setLoading(true)
-    try {
-      const response = await blocksApi.getByNumber(chainId, blockNumber)
-      setBlock(response.data)
-    } catch (error) {
-      console.error('Failed to load block:', error)
-    } finally {
-      setLoading(false)
-    }
-  }, [chainId, blockNumber])
+  const {
+    transactions: blockTransactions,
+    loading: transactionsLoading,
+    error: transactionsError,
+    hasNextPage: hasNextTransactionsPage,
+    page: transactionPage,
+    setPage: setTransactionPage,
+  } = useBlockTransactions({
+    blockNumber,
+    chainId,
+    enabled: router.isReady && isValidBlock,
+  })
 
   useEffect(() => {
     if (!router.isReady) {
@@ -40,12 +43,85 @@ export default function BlockDetailPage() {
       setBlock(null)
       return
     }
-    loadBlock()
-  }, [isValidBlock, loadBlock, router.isReady])
+
+    let cancelled = false
+    setLoading(true)
+
+    void (async () => {
+      try {
+        const response = await blocksApi.getByNumber(chainId, blockNumber)
+        if (cancelled) {
+          return
+        }
+        setBlock(response.data)
+      } catch (error) {
+        console.error('Failed to load block:', error)
+        if (cancelled) {
+          return
+        }
+        setBlock(null)
+      } finally {
+        if (!cancelled) {
+          setLoading(false)
+        }
+      }
+    })()
+
+    return () => {
+      cancelled = true
+    }
+  }, [blockNumber, chainId, isValidBlock, router.isReady])
 
   const gasUtilization = block && block.gas_limit > 0
     ? Math.round((block.gas_used / block.gas_limit) * 100)
     : null
+  const transactionColumns = useMemo(() => [
+    {
+      header: 'Hash',
+      accessor: (transaction: Transaction) => (
+        <Link href={`/transactions/${transaction.hash}`} className="text-primary-600 hover:underline">
+          <Address address={transaction.hash} truncate showCopy={false} />
+        </Link>
+      ),
+    },
+    {
+      header: 'From',
+      accessor: (transaction: Transaction) => (
+        <Link href={`/addresses/${transaction.from_address}`} className="text-primary-600 hover:underline">
+          <Address address={transaction.from_address} truncate showCopy={false} />
+        </Link>
+      ),
+    },
+    {
+      header: 'To',
+      accessor: (transaction: Transaction) =>
+        transaction.to_address ? (
+          <Link href={`/addresses/${transaction.to_address}`} className="text-primary-600 hover:underline">
+            <Address address={transaction.to_address} truncate showCopy={false} />
+          </Link>
+        ) : (
+          <span className="text-gray-500 dark:text-gray-400">Contract creation</span>
+        ),
+    },
+    {
+      header: 'Value',
+      accessor: (transaction: Transaction) => formatWeiAsEth(transaction.value),
+    },
+    {
+      header: 'Status',
+      accessor: (transaction: Transaction) => (
+        <span className={transaction.status === 1 ? 'text-green-600' : 'text-red-600'}>
+          {transaction.status === 1 ? 'Success' : 'Failed'}
+        </span>
+      ),
+    },
+  ], [])
+
+  const transactionsEmptyMessage = transactionsError
+    ? 'Unable to load indexed block transactions right now. Please retry from this page in a moment.'
+    : (block?.transaction_count ?? 0) > 0
+    ? 'No indexed block transactions were returned for this page yet.'
+    : 'This block does not contain any indexed transactions.'
 
   return (
     <div className="container mx-auto px-4 py-6 sm:py-8">
@@ -74,6 +150,11 @@ export default function BlockDetailPage() {
             Next block
           </Link>
         )}
+        {block?.transaction_count ? (
+          <a href="#block-transactions" className="text-primary-600 hover:underline">
+            Open block transactions
+          </a>
+        ) : null}
       </div>
 
       {!router.isReady || loading ? (
@@ -119,9 +200,9 @@ export default function BlockDetailPage() {
               </Link>
             </DetailRow>
             <DetailRow label="Transactions">
-              <Link href={`/search?q=${block.number}`} className="text-primary-600 hover:underline">
+              <a href="#block-transactions" className="text-primary-600 hover:underline">
                 {block.transaction_count}
-              </Link>
+              </a>
             </DetailRow>
             <DetailRow label="Gas Used">
               {block.gas_used.toLocaleString()} / {block.gas_limit.toLocaleString()}
@@ -134,6 +215,53 @@ export default function BlockDetailPage() {
           </dl>
         </Card>
       )}
+
+      {block && (
+        <Card title="Block Transactions" className="mt-6">
+          <div id="block-transactions" className="space-y-4">
+            <p className="text-sm text-gray-600 dark:text-gray-400">
+              This section shows the exact indexed transaction set for block #{block.number.toLocaleString()}, independent of generic explorer search.
+            </p>
+            {transactionsLoading ? (
+              <p className="text-sm text-gray-600 dark:text-gray-400">Loading block transactions...</p>
+            ) : (
+              <>
+                <Table
+                  columns={transactionColumns}
+                  data={blockTransactions}
+                  emptyMessage={transactionsEmptyMessage}
+                  keyExtractor={(transaction) => transaction.hash}
+                />
+                {block.transaction_count > 0 ? (
+                  <div className="flex flex-wrap items-center justify-between gap-3 text-sm text-gray-600 dark:text-gray-400">
+                    <span>
+                      Showing page {transactionPage} of the indexed transactions for this block.
+                    </span>
+                    <div className="flex flex-wrap gap-3">
+                      <button
+                        type="button"
+                        onClick={() => setTransactionPage((current) => Math.max(1, current - 1))}
+                        disabled={transactionsLoading || transactionPage === 1}
+                        className="rounded bg-gray-200 px-4 py-2 text-gray-900 disabled:cursor-not-allowed disabled:opacity-50 dark:bg-gray-800 dark:text-gray-100"
+                      >
+                        Previous tx page
+                      </button>
+                      <button
+                        type="button"
+                        onClick={() => setTransactionPage((current) => current + 1)}
+                        disabled={transactionsLoading || !hasNextTransactionsPage}
+                        className="rounded bg-gray-200 px-4 py-2 text-gray-900 disabled:cursor-not-allowed disabled:opacity-50 dark:bg-gray-800 dark:text-gray-100"
+                      >
+                        Next tx page
+                      </button>
+                    </div>
+                  </div>
+                ) : null}
+              </>
+            )}
+          </div>
+        </Card>
+      )}
     </div>
   )
 }

frontend/src/services/api/transactions.test.ts

@@ -2,6 +2,62 @@ import { beforeEach, describe, expect, it, vi } from 'vitest'
 
 import { transactionsApi } from './transactions'
 
+describe('transactionsApi.listByBlockSafe', () => {
+  beforeEach(() => {
+    vi.restoreAllMocks()
+  })
+
+  it('returns normalized transactions for a specific block', async () => {
+    const fetchMock = vi.fn().mockResolvedValue({
+      ok: true,
+      json: async () => ({
+        items: [
+          {
+            hash: '0xabc',
+            block_number: 123,
+            block_hash: '0xdef',
+            transaction_index: 0,
+            from: { hash: '0x0000000000000000000000000000000000000001' },
+            to: { hash: '0x0000000000000000000000000000000000000002' },
+            value: '0',
+            gas_price: '1',
+            gas: '21000',
+            gas_used: '21000',
+            status: 'ok',
+            timestamp: '2026-04-16T09:40:12.000000Z',
+          },
+        ],
+        next_page_params: { page: 2, page_size: 10 },
+      }),
+    })
+
+    vi.stubGlobal('fetch', fetchMock)
+
+    const result = await transactionsApi.listByBlockSafe(138, 123, 1, 10)
+
+    expect(result.ok).toBe(true)
+    expect(result.items).toHaveLength(1)
+    expect(result.hasNextPage).toBe(true)
+    expect(result.items[0]?.hash).toBe('0xabc')
+    expect(fetchMock).toHaveBeenCalledTimes(1)
+    expect(fetchMock.mock.calls[0]?.[0]).toEqual(
+      expect.stringContaining('/api/v2/blocks/123/transactions?page=1&page_size=10'),
+    )
+  })
+
+  it('returns a non-throwing failure result when the block transaction request fails', async () => {
+    vi.stubGlobal('fetch', vi.fn().mockRejectedValue(new Error('network down')))
+
+    const result = await transactionsApi.listByBlockSafe(138, 123, 1, 10)
+
+    expect(result).toEqual({
+      ok: false,
+      items: [],
+      hasNextPage: false,
+    })
+  })
+})
+
 describe('transactionsApi.diagnoseMissing', () => {
   beforeEach(() => {
     vi.restoreAllMocks()

frontend/src/services/api/transactions.ts

@@ -76,6 +76,17 @@ export interface TransactionLookupDiagnostic {
   rpc_url?: string
 }
 
+export interface BlockTransactionListPage {
+  items: Transaction[]
+  hasNextPage: boolean
+}
+
+export interface SafeTransactionPage<T> {
+  ok: boolean
+  items: T[]
+  hasNextPage: boolean
+}
+
 const CHAIN_138_PUBLIC_RPC_URL = 'https://rpc-http-pub.d-bis.org'
 
 function resolvePublicRpcUrl(chainId: number): string | null {
@@ -227,4 +238,37 @@ export const transactionsApi = {
       return { ok: false, data: [] }
     }
   },
+  listByBlock: async (chainId: number, blockNumber: number, page = 1, pageSize = 25): Promise<ApiResponse<BlockTransactionListPage>> => {
+    const params = new URLSearchParams({
+      page: page.toString(),
+      page_size: pageSize.toString(),
+    })
+    const raw = await fetchBlockscoutJson<{ items?: unknown[]; next_page_params?: Record<string, unknown> | null }>(
+      `/api/v2/blocks/${blockNumber}/transactions?${params.toString()}`
+    )
+    const data = Array.isArray(raw?.items) ? raw.items.map((item) => normalizeTransaction(item as never, chainId)) : []
+    return {
+      data: {
+        items: data,
+        hasNextPage: raw?.next_page_params != null,
+      },
+    }
+  },
+  listByBlockSafe: async (
+    chainId: number,
+    blockNumber: number,
+    page = 1,
+    pageSize = 25,
+  ): Promise<SafeTransactionPage<Transaction>> => {
+    try {
+      const { data } = await transactionsApi.listByBlock(chainId, blockNumber, page, pageSize)
+      return {
+        ok: true,
+        items: data.items,
+        hasNextPage: data.hasNextPage,
+      }
+    } catch {
+      return { ok: false, items: [], hasNextPage: false }
+    }
+  },
 }