btcd icon indicating copy to clipboard operation
btcd copied to clipboard
verified publisher icon btcsuite

`validateaddress` accepts hex string as input

Open brunoerg opened this issue 4 months ago • 2 comments

By doing differential fuzzing between btcd and Bitcoin Core for address validation, we noticed that btcd accepts hex string as input in validateaddress RPC. Even if this is expected, I couldn't see any documentation about it?

 ./btcctl validateaddress "03319806666666666000000000000000000000000004067579826662920820cccc"
{
  "isvalid": true,
  "address": "16t7LdjXCmsrUed9VttNcTWSS32dyvUJHj",
  "isscript": false,
  "iswitness": false
}

Bitcoin Core:

./build/bin/bitcoin-cli validateaddress "03319806666666666000000000000000000000000004067579826662920820cccc"
{
  "isvalid": false,
  "error_locations": [
  ],
  "error": "Invalid checksum or length of Base58 address (P2PKH or P2SH)"
}

brunoerg avatar Aug 11 '25 18:08 brunoerg

Even if this is expected, I couldn't see any documentation about it?

I wouldn't say it's expected, but then again there's no sort of "standardized" documentation for the JSON-RPC interface of Bitcoin nodes. As an example, what are all the possible errors that can/should be returned there for "error"?

If i look at something like this: https://developer.bitcoin.org/reference/rpc/validateaddress.html?highlight=validateaddress, then there's no error_locations field listed.

Roasbeef avatar Aug 11 '25 18:08 Roasbeef

I wouldn't say it's expected, but then again there's no sort of "standardized" documentation for the JSON-RPC interface of Bitcoin nodes. As an example, what are all the possible errors that can/should be returned there for "error"?

I agree about documentation. Anyway, we just found this behavior weird, but if it's a wontfix thing, we can somehow bypass it on bitcoinfuzz.

brunoerg avatar Aug 13 '25 12:08 brunoerg