search

go-playground / validator

:100:Go Struct and Field validation, including Cross Field, Cross Struct, Map, Slice and Array diving
MIT License
16.53k stars 1.31k forks source link

Ethereum validator incorrect checksum validation #1073

Closed kamikazechaser closed 1 year ago

kamikazechaser commented 1 year ago

Package version eg. v9, v10:

V10

Issue, Question or Enhancement:

The eth_addr validation incorrectly passes an invalid checksumed address.

Code sample, to showcase or reproduce:

package main

import (
    "log"

    "github.com/go-playground/validator/v10"
)

var (
    validate = validator.New()
    s        = "0x000000000000000000000000000000000000dead"
)

func main() {
    err := validate.Var(s, "eth_addr")
    log.Println(err)
}
tremblaysimon commented 1 year ago

@kamikazechaser I think it's a valid ethereum address according to https://eips.ethereum.org/EIPS/eip-55 (all lower case).

kamikazechaser commented 1 year ago

Not a valid checksum tho. https://go.dev/play/p/usJUAJoiOza

tremblaysimon commented 1 year ago

I agree that checksum isn't valid. But what I understand according to the documentation of validator is that it validates the format is correct (valid 20 bytes hex format) and that the address can get a valid checksum calculation.

If we take another example like that one: 0xD1220A0cf47c7B9Be7A2E6BA89F429762e7b9aDB, it doesn't have a valid checksum calculation and it's why it's an invalid ethereum address.

kamikazechaser commented 1 year ago

0xD1220A0cf47c7B9Be7A2E6BA89F429762e7b9aDB, it doesn't have a valid checksum calculation and it's why it's an invalid ethereum address.

This is infact a valid ethereum address from a network perspective (addresses are case insensitive). I just made a PR and have added some rationale to it.

A checksum could be useful for libraries that otherwise panic when a non-checksum address is passed to it (forced type checking).