Multiple addresses map to the same address

[bernatmj-crypto]

Hi guys,

Found a tricky case of multiple base64 addresses mapping to the same address in bytes that I want to check with you guys in order to clarify and ask if there’s any “official way” to verify addresses.

Taking as an example this popular address 4JOmaT9fFe2ojFJEls3Zow5UKO2CBOk7lOirbPTtX1o , decoding this address to a buffer, give us: <Buffer e0 93 a6 69 3f 5f 15 ed a8 8c 52 44 96 cd d9 a3 0e 54 28 ed 82 04 e9 3b 94 e8 ab 6c f4 ed 5f 5a>

Due to the address being 43 characters long and not a multiple of 4, it will have a one-character padding, so we end up having 4 characters match to the same value: o, p, p and r . That means that addresses

• 4JOmaT9fFe2ojFJEls3Zow5UKO2CBOk7lOirbPTtX1p
• 4JOmaT9fFe2ojFJEls3Zow5UKO2CBOk7lOirbPTtX1q
• 4JOmaT9fFe2ojFJEls3Zow5UKO2CBOk7lOirbPTtX1r

will decode into the same buffer shown above: <Buffer e0 93 ... 5f 5a> and coding again this buffer into base64 format gives us the 4JOmaT9fFe2ojFJEls3Zow5UKO2CBOk7lOirbPTtX1o original address. Some ref here: https://stackoverflow.com/questions/29941270/why-do-base64-decode-produce-same-byte-array-for-different-strings/29941779#29941779

After doing some tests with another similar case, we've found that sending funds to these 3 alternative addresses will result in sending the funds to the original address, so we see there is a mapping between these addresses. Checking on the network explorer, these alternative addresses are not recognized by the explorer: https://viewblock.io/arweave/address/4JOmaT9fFe2ojFJEls3Zow5UKO2CBOk7lOirbPTtX1p

So I wonder if there is any way to check for address validation, I can't seem to find anything related to address validation in arweave-js (.wallets)? Other than decoding and coding again the address.

Thank you guys in advance!

@rosmcmahon @hlolli @cedriking @ldmberman

[hlolli]

should this ticket belong to https://github.com/ArweaveTeam/arweave-js ?

As for verifying the address, you should also be able to use the owner field, which is the original hash from which the 43 char wallet address is derived from. I've never experienced clashes in the process before.

[rosmcmahon]

To answer how seemingly multiple addresses can point to the same wallet: the addresses are in base64url format, a format which includes some padding when required. So the character at the end you are changing is actually within some padding which gets discarded IIRC

[bernatmj-crypto]

Thanks guys for the fast response, yes the origin of the "problem" is clear, now the question is if there's any way to check the validity of addresses, how one could be sure of the actual address?

[rosmcmahon]

what are you verifying against? can you give more detail on the problem domain?

[bernatmj-crypto]

E.g. verify if the address is an alternative address or the "original" one. As mentioned before, sending funds to one of the alternative addresses will result in actually sending the funds to the original address and since we could take these addresses as different addresses, it could be important this verification

[hlolli]

Can you show me an example of the "problem", or is it only a theoretical problem that clashes and non reproducibility are possible?

[bernatmj-crypto]

An example would be that sending funds to 4JOmaT9fFe2ojFJEls3Zow5UKO2CBOk7lOirbPTtX1p and 4JOmaT9fFe2ojFJEls3Zow5UKO2CBOk7lOirbPTtX1q will result in receiving these funds in 4JOmaT9fFe2ojFJEls3Zow5UKO2CBOk7lOirbPTtX1o

[rosmcmahon]

how? use the original address as given, alternatively you could also calculate the address from the owner field of the key as suggested by Hlolli. you can use arweave-js' ownerToAddress or getAddress function as a reference for whatever it is that you are doing https://github.com/ArweaveTeam/arweave-js/blob/189beeba86eb58605be42cfe9d9bd53e35e3ea11/src/common/wallets.ts#L72

[rosmcmahon]

i guess another option could be to decrypt from base64url, remove the extra padding bits, then re-encode to base64url ?

this has never been an issue before. uncertain what issues you are actually experiencing in practice