fr1t2 / QRL-Faucet

Web Faucet for QRL, get your coins! Hosted at
https://faucet.qrl.tips
MIT License
1 stars 2 forks source link

Issue with address validation #2

Open 0xFF0 opened 5 years ago

0xFF0 commented 5 years ago

Action: Enter a bad QRL address Q000000xxxx... in the faucet. Expected Result: Address validation failed because of the address descriptor. Actual Result: Faucet allow the transaction.

I think the test transaction was this one: https://testnet-explorer.theqrl.org/block/18677 (however I am not sure...). If it's the case, it could mean that the transaction was stored in the faucet db, but was not processed correctly during the payment.

I also suspect that this bad address could invalidate all the other addresses processed by the faucet at the same time (might be unrelated but other test transactions were not sent by the faucet as expected).

addressvalidation

fr1t2 commented 5 years ago

You are correct, and I believe it to be a simple solution. Prior to entering data into the DB, check that that address is valid using the isvalidaddress() function of the QRL walletAPI

This way we know for sure the address is valid