fix: ton/starknet/aleo address validation (#1642)

Co-authored-by: Leo Sollier <[email protected]>

Author: PaulvanMotman

packages/currency/package.json

@@ -45,8 +45,12 @@
     "@metamask/contract-metadata": "1.31.0",
     "@requestnetwork/types": "0.54.0",
     "@requestnetwork/utils": "0.54.0",
+    "@ton/core": "0.61.0",
+    "@ton/crypto": "3.3.0",
+    "bech32": "2.0.0",
     "multicoin-address-validator": "0.5.15",
     "node-dijkstra": "2.5.0",
+    "starknet": "7.6.4",
     "tslib": "2.8.1"
   },
   "devDependencies": {

packages/currency/src/chains/declarative/data/aleo.ts

@@ -0,0 +1 @@
+export const chainId = 'aleo';

packages/currency/src/chains/declarative/data/starknet.ts

@@ -0,0 +1 @@
+export const chainId = 'starknet';

packages/currency/src/chains/declarative/data/ton.ts

@@ -0,0 +1 @@
+export const chainId = 'ton';

packages/currency/src/chains/declarative/index.ts

@@ -2,10 +2,16 @@ import { CurrencyTypes } from '@requestnetwork/types';
 
 import * as TronDefinition from './data/tron';
 import * as SolanaDefinition from './data/solana';
+import * as StarknetDefinition from './data/starknet';
+import * as TonDefinition from './data/ton';
+import * as AleoDefinition from './data/aleo';
 
 export type DeclarativeChain = CurrencyTypes.Chain;
 
 export const chains: Record<CurrencyTypes.DeclarativeChainName, DeclarativeChain> = {
   tron: TronDefinition,
   solana: SolanaDefinition,
+  starknet: StarknetDefinition,
+  ton: TonDefinition,
+  aleo: AleoDefinition,
 };

packages/currency/src/currencyManager.ts

@@ -1,6 +1,9 @@
 import { CurrencyTypes, RequestLogicTypes } from '@requestnetwork/types';
 import { utils } from 'ethers';
+import { Address } from '@ton/core';
+import { validateAndParseAddress } from 'starknet';
 import addressValidator from 'multicoin-address-validator';
+import { bech32 } from 'bech32';
 import { getSupportedERC20Tokens } from './erc20';
 import { getSupportedERC777Tokens } from './erc777';
 import { getHash } from './getHash';
@@ -264,6 +267,12 @@ export class CurrencyManager<TMeta = unknown> implements CurrencyTypes.ICurrency
           return isValidNearAddress(address, currency.network);
         } else if (currency.network === 'tron' || currency.network === 'solana') {
           return addressValidator.validate(address, currency.network);
+        } else if (currency.network === 'ton') {
+          return this.validateTonAddress(address);
+        } else if (currency.network === 'starknet') {
+          return this.validateStarknetAddress(address);
+        } else if (currency.network === 'aleo') {
+          return this.validateAleoAddress(address);
         }
         return addressValidator.validate(address, 'ETH');
       case RequestLogicTypes.CURRENCY.BTC:
@@ -290,6 +299,54 @@ export class CurrencyManager<TMeta = unknown> implements CurrencyTypes.ICurrency
     return this.validateAddress(currency.value, currency);
   }
 
+  /**
+   * Validate a TON address. See https://ton-org.github.io/ton-core/classes/Address.html#parse for more details.
+   * @param address - The address to validate
+   * @returns True if the address is valid, false otherwise
+   */
+  validateTonAddress(address: string): boolean {
+    try {
+      return !!Address.parse(address);
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Validate a Starknet address. See https://starknetjs.com/docs/next/API/modules/#validateandparseaddress for more details.
+   * @param address - The address to validate
+   * @returns True if the address is valid, false otherwise
+   */
+  validateStarknetAddress(address: string): boolean {
+    try {
+      return !!validateAndParseAddress(address);
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Validate an Aleo address using proper Bech32 validation with checksum verification.
+   * Aleo addresses use Bech32 encoding with:
+   * - HRP (Human Readable Part): "aleo"
+   * - Separator: "1"
+   * - Data + checksum: 58 characters
+   * - Total length: 63 characters
+   * - Strict Bech32 character set with checksum validation
+   *
+   * See https://namespaces.chainagnostic.org/aleo/caip10 for more details.
+   * @param address - The address to validate
+   * @returns True if the address is valid, false otherwise
+   */
+  validateAleoAddress(address: string): boolean {
+    try {
+      const { prefix } = bech32.decode(address);
+      return prefix === 'aleo';
+    } catch {
+      return false;
+    }
+  }
+
   /**
    * Returns the list of currencies supported by Request out of the box
    * Contains:

packages/currency/test/currencyManager.test.ts

@@ -765,4 +765,46 @@ describe('CurrencyManager', () => {
       });
     });
   });
+
+  describe('validateAleoAddress', () => {
+    it('should validate correct Aleo addresses', () => {
+      const validAddress = 'aleo1qnr4dkkvkgfqph0vzc3y6z2eu975wnpz2925ntjccd5cfqxtyu8sta57j8';
+      expect(currencyManager.validateAleoAddress(validAddress)).toBe(true);
+      expect(currencyManager.validateAleoAddress(validAddress.toUpperCase())).toBe(true);
+    });
+
+    it('should reject invalid Aleo addresses', () => {
+      const invalidAddresses = [
+        // Empty or null inputs
+        '',
+        '   ',
+        null,
+        undefined,
+        // Wrong prefix
+        'bitcoin1qnr4dkkvkgfqph0vzc3y6z2eu975wnpz2925ntjccd5cfqxtyu8sta57j8',
+        'cosmos1qnr4dkkvkgfqph0vzc3y6z2eu975wnpz2925ntjccd5cfqxtyu8sta57j8',
+        // Mixed case
+        'aleo1Qnr4dkkvkgfqph0vzc3y6z2eu975wnpz2925ntjccd5cfqxtyu8sta57j8',
+        // Wrong format
+        'aleo1',
+        'aleo1abc',
+        'not-an-address',
+        'random-string',
+        // Invalid characters that would pass simple regex but fail Bech32
+        'aleo1' + 'b'.repeat(58), // 'b' not in Bech32 alphabet
+        'aleo1' + 'i'.repeat(58), // 'i' not in Bech32 alphabet
+        'aleo1' + 'o'.repeat(58), // 'o' not in Bech32 alphabet
+        // Non-string inputs
+        123,
+        {},
+        [],
+        // valid address with whitespace
+        ' aleo1qnr4dkkvkgfqph0vzc3y6z2eu975wnpz2925ntjccd5cfqxtyu8sta57j8 ',
+      ];
+
+      invalidAddresses.forEach((address) => {
+        expect(currencyManager.validateAleoAddress(address as any)).toBe(false);
+      });
+    });
+  });
 });

packages/request-client.js/test/index.test.ts

@@ -5,6 +5,7 @@ import {
   ExtensionTypes,
   IdentityTypes,
   PaymentTypes,
+  CurrencyTypes,
   RequestLogicTypes,
 } from '@requestnetwork/types';
 import { decrypt, random32Bytes } from '@requestnetwork/utils';
@@ -1647,48 +1648,59 @@ describe('request-client.js', () => {
     expect(data.expectedAmount).toBe(requestParameters.expectedAmount);
   });
 
-  it('Can create ERC20 declarative requests with non-evm currency - solana', async () => {
-    const testErc20TokenAddress = 'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v';
-    const requestNetwork = new RequestNetwork({
-      signatureProvider: TestData.fakeSignatureProvider,
-      useMockStorage: true,
-    });
+  describe('Can create ERC20 declarative requests with non-evm currencies', () => {
+    const cases: Array<[CurrencyTypes.DeclarativeChainName, string]> = [
+      ['solana', 'EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v'],
+      ['ton', 'EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs'],
+      ['starknet', '0x028757d11c97078Dd182023B1cC7b9E7659716c631ADF94D24f1fa7Dc5943072'],
+      ['aleo', 'aleo1qnr4dkkvkgfqph0vzc3y6z2eu975wnpz2925ntjccd5cfqxtyu8sta57j8'],
+    ];
+
+    it.each(cases)(
+      'Can create ERC20 declarative requests with non-evm currency - %s',
+      async (network, tokenAddress) => {
+        const requestNetwork = new RequestNetwork({
+          signatureProvider: TestData.fakeSignatureProvider,
+          useMockStorage: true,
+        });
 
-    const paymentNetwork: PaymentTypes.PaymentNetworkCreateParameters = {
-      id: ExtensionTypes.PAYMENT_NETWORK_ID.ANY_DECLARATIVE,
-      parameters: {},
-    };
+        const paymentNetwork: PaymentTypes.PaymentNetworkCreateParameters = {
+          id: ExtensionTypes.PAYMENT_NETWORK_ID.ANY_DECLARATIVE,
+          parameters: {},
+        };
 
-    const requestInfo = Object.assign({}, TestData.parametersWithoutExtensionsData, {
-      currency: {
-        network: 'solana',
-        type: RequestLogicTypes.CURRENCY.ERC20,
-        value: testErc20TokenAddress,
-      },
-    });
+        const requestInfo = Object.assign({}, TestData.parametersWithoutExtensionsData, {
+          currency: {
+            network,
+            type: RequestLogicTypes.CURRENCY.ERC20,
+            value: tokenAddress,
+          },
+        });
 
-    const request = await requestNetwork.createRequest({
-      paymentNetwork,
-      requestInfo,
-      signer: TestData.payee.identity,
-    });
+        const request = await requestNetwork.createRequest({
+          paymentNetwork,
+          requestInfo,
+          signer: TestData.payee.identity,
+        });
 
-    await new Promise((resolve): any => setTimeout(resolve, 150));
-    let data = await request.refresh();
+        await new Promise((resolve): any => setTimeout(resolve, 150));
+        const data = await request.refresh();
 
-    expect(data).toBeDefined();
-    expect(data.balance?.balance).toBe('0');
-    expect(data.balance?.events.length).toBe(0);
-    expect(data.meta).toBeDefined();
-    expect(data.currency).toBe('unknown');
+        expect(data).toBeDefined();
+        expect(data.balance?.balance).toBe('0');
+        expect(data.balance?.events.length).toBe(0);
+        expect(data.meta).toBeDefined();
+        expect(data.currency).toBe('unknown');
 
-    expect(data.extensions[ExtensionTypes.PAYMENT_NETWORK_ID.ANY_DECLARATIVE].values).toEqual({
-      receivedPaymentAmount: '0',
-      receivedRefundAmount: '0',
-      sentPaymentAmount: '0',
-      sentRefundAmount: '0',
-    });
-    expect(data.expectedAmount).toBe(requestParameters.expectedAmount);
+        expect(data.extensions[ExtensionTypes.PAYMENT_NETWORK_ID.ANY_DECLARATIVE].values).toEqual({
+          receivedPaymentAmount: '0',
+          receivedRefundAmount: '0',
+          sentPaymentAmount: '0',
+          sentRefundAmount: '0',
+        });
+        expect(data.expectedAmount).toBe(requestParameters.expectedAmount);
+      },
+    );
   });
 
   it('cannot create ERC20 address based requests with invalid currency', async () => {

packages/types/src/currency-types.ts

@@ -42,7 +42,7 @@ export type BtcChainName = 'mainnet' | 'testnet';
 /**
  * List of supported Declarative chains
  */
-export type DeclarativeChainName = 'tron' | 'solana';
+export type DeclarativeChainName = 'tron' | 'solana' | 'ton' | 'starknet' | 'aleo';
 
 /**
  * List of supported NEAR chains