fix(send): validate recipient address checksums (Base58Check + Bech32)

The send screen labelled any prefix+length match as a "Valid" address, so a mistyped address that still matched the pattern passed the gate. Add pure, offline checksum validation — Base58Check (transparent R-addresses) and Bech32 (Sapling zs-addresses) — and require it in the validity check. Both verifiers are version-byte/HRP agnostic (the HRP is taken from the string, the Base58 checksum is chain-independent), so a correct implementation never rejects a genuine address while catching transcription errors. Works for both build variants (no daemon round-trip), unit-tested against standard BIP173 / Base58Check vectors. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-07 14:43:34 -05:00
parent 3cec333d84
commit 070a516f4e
5 changed files with 204 additions and 7 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -472,6 +472,7 @@ set(APP_SOURCES
    src/util/logger.cpp
    src/util/async_task_manager.cpp
    src/util/amount_format.cpp
+    src/util/address_validation.cpp
    src/util/base64.cpp
    src/util/single_instance.cpp
    src/util/i18n.cpp
@@ -980,6 +981,7 @@ if(BUILD_TESTING)
        src/ui/windows/mining_tab_helpers.cpp
        src/util/payment_uri.cpp
        src/util/amount_format.cpp
+        src/util/address_validation.cpp
        src/data/wallet_state.cpp
        src/data/transaction_history_cache.cpp
        src/daemon/lifecycle_adapters.cpp