Description
The 2FA setup endpoint accepts a walletAddress parameter without checking it's a syntactically valid Stellar public key (G... with correct length/checksum). A malformed address can be stored and only fail much later when it's actually used against the Stellar network.
Where
backend/src/controllers — 2FA setup handler
Acceptance Criteria
Description
The 2FA setup endpoint accepts a
walletAddressparameter without checking it's a syntactically valid Stellar public key (G... with correct length/checksum). A malformed address can be stored and only fail much later when it's actually used against the Stellar network.Where
backend/src/controllers— 2FA setup handlerAcceptance Criteria
walletAddressformat at the schema layer before it reaches the controller