[backend] 2FA setup doesn't validate walletAddress is a well-formed Stellar address

[Wilfred007]

Description

The 2FA setup endpoint accepts a walletAddress parameter without checking it's a syntactically valid Stellar public key (G... with correct length/checksum). A malformed address can be stored and only fail much later when it's actually used against the Stellar network.

Where

backend/src/controllers — 2FA setup handler

Acceptance Criteria

• Validate walletAddress format at the schema layer before it reaches the controller
• Add a test asserting a malformed address is rejected with a 400

[leocagli]

Hi! I'd like to work on this. I'll add a Stellar public key format check (56-char G-prefixed base32) on the walletAddress field during 2FA setup, returning 400 on invalid input. Could I be assigned?

[leocagli]

Hi! I'd like to add walletAddress validation to the 2FA setup — checking it's a well-formed Stellar public key (G... 56 chars, base58 StrKey) before proceeding. Could I be assigned?

[leocagli]

Hi! I'd like to fix this. The 2FA setup endpoint should validate that walletAddress is a valid Stellar public key (StrKey.isValidEd25519PublicKey(walletAddress)) before proceeding, and return 400 with a clear error message if it fails. Can I be assigned?

[Rayyanah0]

@Rayyanah0 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hey i would love to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Rayyanah0 to this issue.

[CHKM001]

@CHKM001 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Definitely an issue here and something that will be solved speedily
There’ll be no waste of time if I get this task
In fact you will be looking for issue to give me
Lol. Thanks for considering me though

ℹ️ Repo Maintainers: To accept this application, review their application or assign @CHKM001 to this issue.

[abayomiwav]

@abayomiwav has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Please let me work on this

ℹ️ Repo Maintainers: To accept this application, review their application or assign @abayomiwav to this issue.

[drips-wave]

Congratulations, @abayomiwav! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @abayomiwav: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊