"Recipient Address" field accepts invalid random input. #1
Description
Description:
The "Recipient Address" field accepts random strings of different lengths that do not match any valid blockchain address format. The system allows users to proceed without validating the structure or network of the address.
Steps to Reproduce:
- Open the web Wallet https://wallet.ama.one/
- Sing in or create new account.
- Open the Send Funds screen.
- Enter a random string of characters one by one in the "Recipient Address" field.
- Pay attention the input is accepted without any validation error.
Actual Result:
Random strings of characters are accepted as valid recipient addresses. No validation error is shown.
Expected Result:
The Recipient Address field should only accept valid addresses according to the blockchain’s rules (Must not be empty. Must have the correct length for the network (e.g., BTC: 26–35 chars, ETH: 42 chars starting with 0x). Must contain only allowed characters (e.g., base58 for BTC, hex for ETH). Must pass checksum validation where applicable. If the input is invalid, an error message "Invalid recipient address" must be displayed, and the user cannot proceed until corrected.)
Environment:
- OnePlus 9 Pro 5G; Android 14; LE2127 Build/UKQ1.230924.001; Chrome 143.0.7499.146
- OS: Ubuntu, Google Chrome 142.0.7444.175 (64-bit)
Severity: Critical
Priority: High
Type: Validation / Security
Impact:
Invalid addresses can be entered into the system, potentially leading to transaction failures or security issues when actual funds are used. No funds are required to reproduce this bug.