Validate submit EVM address inputs#7
Conversation
There was a problem hiding this comment.
Pull request overview
This PR hardens bridge submit handlers by validating EVM address inputs before they can be normalized into a canonical 20-byte address, preventing malformed user input from slipping past validation. It also centralizes the validation logic and adds regression tests for common malformed/edge-case address inputs.
Changes:
- Introduces a shared
validateEVMAddresshelper and reuses it in bothSubmitBGLandSubmitWBGL. - Updates submit handlers to validate the raw user-provided EVM address input rather than validating a normalized/padded version.
- Adds unit tests covering malformed, short/long, non-hex, checksummed, lowercase, and no-prefix inputs.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| workers/handlers/SubmitWBGL.go | Replaces inline EVM address validation with shared helper in the WBGL→BGL submit handler. |
| workers/handlers/SubmitBGL.go | Replaces inline EVM address validation with shared helper in the BGL→WBGL submit handler. |
| workers/handlers/address.go | Adds centralized EVM address validation helper. |
| workers/handlers/address_test.go | Adds regression tests for the new EVM address validation helper. |
Comments suppressed due to low confidence (2)
workers/handlers/SubmitWBGL.go:55
- validateEVMAddress() accepts non-0x-prefixed addresses, but later SubmitWBGL compares req.EthAddress with address.Hex() (always 0x-prefixed) using strings.EqualFold. A valid no-prefix input will pass validation but fail the signature match check. Normalize req.EthAddress to a canonical 0x-prefixed form after validation (or require the prefix in validation) to keep behavior consistent.
if err := validateEVMAddress(req.EthAddress); err != nil {
log.Printf("Error validating Eth address '%s': %s\n", req.EthAddress, err.Error())
responseJSON(w, &APIResponse{
Status: "error",
Field: "ethAddress",
workers/handlers/SubmitBGL.go:50
- On EVM address validation failure, the response sets Field to "ethAddress", but the request payload field is "address" (BGLtoWBGLBindingRequest.Address). This makes the error response inconsistent for API clients and harder to map back to the submitted JSON field.
responseJSON(w, &APIResponse{
Status: "error",
Field: "ethAddress",
Message: "No ethereum address or invalid address provided",
}, http.StatusBadRequest)
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if !common.IsHexAddress(address) { | ||
| return errors.New("invalid ethereum address format") | ||
| } | ||
|
|
||
| return ethav.Validate(common.HexToAddress(address).Hex()) |
|
Maintainers - this looks like a useful bridge-hardening candidate in the Bitgesell improvement queue. Why it seems worth reviewing:
Suggested acceptance checks:
No live bridge calls, wallet actions, secrets, dependency installs, or payment actions from me here; this is queue-triage help for a narrow PR that should be easy to approve or request changes on. |
Summary
Why
The previous handlers called
common.HexToAddress(input).Hex()before validation. That can turn malformed inputs such as0x1or non-address strings into padded/canonical addresses, allowing bad user input past the validation gate.Validation
go test ./workers/handlersgo test ./...Refs #3.
Submitting as a focused bridge robustness/test-coverage improvement under BitgesellOfficial/bitgesell#39 if maintainers consider it eligible. Payout details can be provided privately if approved.