Address constructor input validation #48
Comments
|
I put together a PR of something that might help. Take a look a let me know what you think |
|
That is a good step and would allow us to check the addresses we use. However, I think we should stop transactions from being created with invalid addresses if we don't stop invalid addresses from being instantiated. |
|
@pszeder thats a good point. will update PR |
|
@pszeder I closed out my PR. figured it got a bit stale and re-implementing a solution for this issue wouldn't take too much time. If you have thoughts around this, let me know. I can take another stab at a solution or implement some of your thoughts |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When creating a new
Addressobject, thepublic Address(string address)constructor only checks if theaddressis not null or whitespace. It seems that parsing and validation is implemented inBech32.Decode(...)which is called within a try-catch block.As a result, we can have
Addressobjects that are invalid and do not represent any Cardano address. Furthermore, no exceptions are thrown when creating a transaction using such an invalidAddress.The generated CBOR will have
nullfor the address field when used as an output. That is actually not a valid CBOR as per the specification and will likely result in an invalid CBOR/input exception when used with other software - Nami wallet in our case.I would suggest that an
Addressshould only be constructed if it is valid. That would be 'fail fast' and save people time and headaches.The text was updated successfully, but these errors were encountered: