Skip to content

Comments

fix(mcp): validate wallet addresses and restrict balance API to EVM#35

Open
Lutra23 wants to merge 1 commit intomicrochipgnu:mainfrom
Lutra23:fix/wallet-address-validation
Open

fix(mcp): validate wallet addresses and restrict balance API to EVM#35
Lutra23 wants to merge 1 commit intomicrochipgnu:mainfrom
Lutra23:fix/wallet-address-validation

Conversation

@Lutra23
Copy link

@Lutra23 Lutra23 commented Feb 22, 2026
edited
Loading

Summary

Some API endpoints accept walletAddress as non-empty text but do not validate format before using it in EVM flows. This can lead to dirty data and downstream runtime failures.

This PR adds lightweight EVM address validation using existing viem utilities and rejects invalid input early with 400.

Changes

  • Add helper apps/mcp/src/lib/validation/address.ts
    • isValidEvmAddress() based on viem/isAddress
    • isEvmNetwork() based on the network registry (architecture === 'evm')
  • /api/onramp/url
    • Validate walletAddress as EVM address; return 400 if invalid
  • /api/balance
    • Return 400 when network is not EVM (balance-tracker is EVM-only today)
    • Validate walletAddress as EVM address before calling balance-tracker

Behavior change (expected)

Invalid addresses that previously passed “non-empty” checks will now be rejected with 400.

@vercel
Copy link

vercel bot commented Feb 22, 2026

@Lutra23 is attempting to deploy a commit to the Inventions Hub Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Lutra23