Coderabbitai feedback, improved aleo validation with bech32 check and added tests

Author: PaulvanMotman

packages/currency/package.json

@@ -47,6 +47,7 @@
     "@requestnetwork/utils": "0.54.0",
     "@ton/core": "0.61.0",
     "@ton/crypto": "3.3.0",
+    "bech32": "2.0.0",
     "multicoin-address-validator": "0.5.15",
     "node-dijkstra": "2.5.0",
     "starknet": "7.6.4",

packages/currency/src/currencyManager.ts

@@ -3,6 +3,7 @@ import { utils } from 'ethers';
 import { Address } from '@ton/core';
 import { validateAndParseAddress } from 'starknet';
 import addressValidator from 'multicoin-address-validator';
+import { bech32 } from 'bech32';
 import { getSupportedERC20Tokens } from './erc20';
 import { getSupportedERC777Tokens } from './erc777';
 import { getHash } from './getHash';
@@ -325,20 +326,22 @@ export class CurrencyManager<TMeta = unknown> implements CurrencyTypes.ICurrency
   }
 
   /**
-   * Validate an Aleo address using the official format specification.
-   * Note we do not use the @provablehq/sdk package because it is ESM-only
-   * For regex validation, see https://namespaces.chainagnostic.org/aleo/caip10 for more details.
+   * Validate an Aleo address using proper Bech32 validation with checksum verification.
+   * Aleo addresses use Bech32 encoding with:
+   * - HRP (Human Readable Part): "aleo"
+   * - Separator: "1"
+   * - Data + checksum: 58 characters
+   * - Total length: 63 characters
+   * - Strict Bech32 character set with checksum validation
    * @param address - The address to validate
    * @returns True if the address is valid, false otherwise
    */
   validateAleoAddress(address: string): boolean {
     try {
-      if (!address || typeof address !== 'string') {
-        return false;
-      }
-
-      const aleoAddressRegex = /^aleo1[a-z0-9]{58}$/;
-      return aleoAddressRegex.test(address);
+      const input = address?.trim();
+      if (!input) return false;
+      const { prefix } = bech32.decode(input.toLowerCase());
+      return prefix === 'aleo';
     } catch {
       return false;
     }

packages/currency/test/currencyManager.test.ts

@@ -765,4 +765,48 @@ describe('CurrencyManager', () => {
       });
     });
   });
+
+  describe('validateAleoAddress', () => {
+    it('should validate correct Aleo addresses', () => {
+      const validAddress = 'aleo1qnr4dkkvkgfqph0vzc3y6z2eu975wnpz2925ntjccd5cfqxtyu8sta57j8';
+      expect(currencyManager.validateAleoAddress(validAddress)).toBe(true);
+      expect(currencyManager.validateAleoAddress(validAddress.toUpperCase())).toBe(true);
+      expect(currencyManager.validateAleoAddress(`  ${validAddress}  `)).toBe(true);
+    });
+
+    it('should reject invalid Aleo addresses', () => {
+      const invalidAddresses = [
+        // Empty or null inputs
+        '',
+        '   ',
+        null,
+        undefined,
+        // Wrong prefix
+        'bitcoin1qnr4dkkvkgfqph0vzc3y6z2eu975wnpz2925ntjccd5cfqxtyu8sta57j8',
+        'cosmos1qnr4dkkvkgfqph0vzc3y6z2eu975wnpz2925ntjccd5cfqxtyu8sta57j8',
+        // Wrong format
+        'aleo1',
+        'aleo1abc',
+        'not-an-address',
+        'random-string',
+        // Invalid characters that would pass simple regex but fail Bech32
+        'aleo1' + 'b'.repeat(58), // 'b' not in Bech32 alphabet
+        'aleo1' + 'i'.repeat(58), // 'i' not in Bech32 alphabet
+        'aleo1' + 'o'.repeat(58), // 'o' not in Bech32 alphabet
+        // Non-string inputs
+        123,
+        {},
+        [],
+      ];
+
+      invalidAddresses.forEach((address) => {
+        expect(currencyManager.validateAleoAddress(address as any)).toBe(false);
+      });
+    });
+
+    it('should handle whitespace trimming', () => {
+      expect(currencyManager.validateAleoAddress('   ')).toBe(false);
+      expect(currencyManager.validateAleoAddress('')).toBe(false);
+    });
+  });
 });