Problem
kth_wallet_payment_address_construct_from_address_net(address, net) takes a kth_network_t parameter, but only uses it for CashAddr disambiguation — base58 addresses pass through without any network validation.
A testnet base58 address (m... / n... with version byte 0x6f) is accepted even when net == mainnet. The function name and signature imply full network validation, but the implementation falls back to from_string(address, net) which calls decode_base58 first, and if that succeeds it returns immediately without consulting net.
Expected behavior
Either:
- Option A (strict): Validate that the base58 version byte matches the requested network (e.g.,
mainnet_p2kh = 0x00 / mainnet_p2sh = 0x05 for mainnet, testnet_p2kh = 0x6f / testnet_p2sh = 0xc4 for testnet). Reject mismatches.
- Option B (permissive + documented): Keep the current behavior but document explicitly that
net only disambiguates CashAddr parsing — base58 addresses are always accepted regardless of network.
Affected code
- C++:
payment_address::from_string(string, config::network) in src/domain/src/wallet/payment_address.cpp
- C-API:
kth_wallet_payment_address_construct_from_address_net in src/c-api/src/wallet/payment_address.cpp
Context
Introduced alongside the CashAddr global removal in PR #240 / #241. The config::network parameter was added to replace the global set_cashaddr_prefix(). The base58 path was intentionally left untouched at the time, but the API name implies broader validation than it delivers.
Problem
kth_wallet_payment_address_construct_from_address_net(address, net)takes akth_network_tparameter, but only uses it for CashAddr disambiguation — base58 addresses pass through without any network validation.A testnet base58 address (
m.../n...with version byte0x6f) is accepted even whennet == mainnet. The function name and signature imply full network validation, but the implementation falls back tofrom_string(address, net)which callsdecode_base58first, and if that succeeds it returns immediately without consultingnet.Expected behavior
Either:
mainnet_p2kh = 0x00/mainnet_p2sh = 0x05for mainnet,testnet_p2kh = 0x6f/testnet_p2sh = 0xc4for testnet). Reject mismatches.netonly disambiguates CashAddr parsing — base58 addresses are always accepted regardless of network.Affected code
payment_address::from_string(string, config::network)insrc/domain/src/wallet/payment_address.cppkth_wallet_payment_address_construct_from_address_netinsrc/c-api/src/wallet/payment_address.cppContext
Introduced alongside the CashAddr global removal in PR #240 / #241. The
config::networkparameter was added to replace the globalset_cashaddr_prefix(). The base58 path was intentionally left untouched at the time, but the API name implies broader validation than it delivers.