fix: changed aleo validation to validate the token_id format

[PaulvanMotman]

Follow up on #1642 where we added address validation for aleo to support denominating in ERC20 currencies for aleo. That PR mistakenly was validating the aleo wallet address instead of the token_id field.

Summary by CodeRabbit

• New Features

  • Aleo address validation now accepts field-element format (numeric field elements ending with "field"); legacy Bech32-style Aleo addresses are no longer recognized.

• Tests

  • Updated test cases to validate Aleo field-element inputs and adjusted example token addresses to match the new format.

• Chores

  • Removed an unused dependency to reduce package footprint.

[coderabbitai]

Walkthrough

Replaced Aleo Bech32 address validation with numeric field-element checks in currencyManager. Updated corresponding tests and ERC20 declarative test data to use field-element format. Removed bech32 dependency from packages/currency/package.json. No public API signature changes.

Changes

Cohort / File(s)	Summary
Aleo validation logic update packages/currency/src/currencyManager.ts	Removed bech32 import/usage; validateAleoAddress now verifies a numeric field-element: string ending with "field", numeric portion of exactly 76 digits and numeric-only; JSDoc updated; signature unchanged.
Currency package dependencies packages/currency/package.json	Removed dependency [email protected].
CurrencyManager tests update packages/currency/test/currencyManager.test.ts	Replaced Bech32-based Aleo tests with field-element tests: added valid field-element examples and multiple invalid cases; test descriptions updated.
Request client test data adjustment packages/request-client.js/test/index.test.ts	Replaced Aleo ERC20 tokenAddress test value with a numeric field-element string.

Sequence Diagram(s)

sequenceDiagram
  participant Caller as validateAddress(network, addr)
  participant CM as currencyManager.validateAleoAddress
  Caller->>CM: validateAleoAddress(addr)
  CM->>CM: check typeof addr === "string"
  CM->>CM: ensure addr endsWith "field"
  CM->>CM: extract numeric part (before "field")
  CM->>CM: check length == 76 and /^\d+$/.test(numeric)
  CM-->>Caller: return true/false

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• fix: ton/starknet/aleo address validation #1642 — Earlier PR that added Bech32-based Aleo validation; directly related to the Aleo validation changes made here.

Suggested reviewers

• leoslr
• rodrigopavezi
• alexandre-abrioux

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these settings in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6f10d79 and d149c0d.

📒 Files selected for processing (1)

• packages/currency/src/currencyManager.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/currency/src/currencyManager.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-and-test

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/aleo_address_validation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

packages/currency/src/currencyManager.ts (2)

328-336: Clarify JSDoc: this validates Aleo token_id, not a wallet address

To avoid confusion, the JSDoc should explicitly state this validates the Aleo ERC20 token_id (a field element), not a wallet address.

Apply this diff to clarify the wording:

-  /**
-   * Validate an Aleo currency address (field element).
-   * Aleo currency addresses are field elements with 76-77 digits followed by "field".
-   * See https://developer.aleo.org/guides/standards/token_registry#token-registry-program-constants
-   *
-   * Examples:
-   * - 7311977476241952331367670434347097026669181172395481678807963832961201831695field
-   * - 6088188135219746443092391282916151282477828391085949070550825603498725268775field
-   *
-   * @param address - The Aleo currency address to validate
-   * @returns True if the address is valid, false otherwise
-   */
+  /**
+   * Validate an Aleo ERC20 token_id (field element).
+   * Aleo token identifiers are field elements represented as 76–77 decimal digits followed by "field".
+   * See https://developer.aleo.org/guides/standards/token_registry#token-registry-program-constants
+   *
+   * Examples:
+   * - 7311977476241952331367670434347097026669181172395481678807963832961201831695field
+   * - 6088188135219746443092391282916151282477828391085949070550825603498725268775field
+   *
+   * @param address - The Aleo token_id candidate to validate
+   * @returns True if the token_id is valid, false otherwise
+   */

---

341-347: Simplify and harden validation with trim + a single anchored regex

Functionally equivalent but more readable and resilient (handles accidental surrounding whitespace).

Apply this diff:

   try {
-      if (!address || typeof address !== 'string' || !address.endsWith('field')) {
-        return false;
-      }
-
-      const numericPart = address.slice(0, -5);
-      return (numericPart.length === 76 || numericPart.length === 77) && /^\d+$/.test(numericPart);
+      if (typeof address !== 'string') {
+        return false;
+      }
+      const input = address.trim();
+      // 76–77 decimal digits followed by "field"
+      return /^\d{76,77}field$/.test(input);

packages/currency/test/currencyManager.test.ts (1)

770-782: Good coverage; consider adding a 77-digit positive and a trimmed-input case

• The positive cases look good and align with the new validator.
• To fully exercise the 76–77 rule, add one 77-digit example.
• If we adopt trimming in the validator, add a case with surrounding whitespace.

Example additions:

   it('should validate correct Aleo field elements', () => {
@@
       ).toBe(true);
+      // 77-digit numeric part
+      const seventySevenDigits = `${'1'.repeat(77)}field`;
+      expect(currencyManager.validateAleoAddress(seventySevenDigits)).toBe(true);
     });
@@
   it('should reject invalid addresses', () => {
@@
-      expect(currencyManager.validateAleoAddress('')).toBe(false);
+      expect(currencyManager.validateAleoAddress('')).toBe(false);
+      // If trimming is accepted in validator:
+      expect(
+        currencyManager.validateAleoAddress(
+          '  7311977476241952331367670434347097026669181172395481678807963832961201831695field  ',
+        ),
+      ).toBe(true);
     });

Optional: rename the describe block to reflect semantics better.

- describe('validateAleoAddress', () => {
+ describe('validateAleoTokenId (Aleo field element)', () => {

Also applies to: 784-803

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these settings in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a5ee3af and db41647.

📒 Files selected for processing (4)

• packages/currency/package.json (0 hunks)
• packages/currency/src/currencyManager.ts (1 hunks)
• packages/currency/test/currencyManager.test.ts (1 hunks)
• packages/request-client.js/test/index.test.ts (1 hunks)

💤 Files with no reviewable changes (1)

• packages/currency/package.json

🧰 Additional context used

🧠 Learnings (12)

📚 Learning: 2024-11-05T16:53:05.280Z

Learnt from: MantisClone
PR: RequestNetwork/requestNetwork#1481
File: packages/integration-test/test/scheduled/erc20-proxy.test.ts:0-0
Timestamp: 2024-11-05T16:53:05.280Z
Learning: In `packages/integration-test/test/scheduled/erc20-proxy.test.ts`, when upgrading dependencies like `ethers`, additional error handling test cases for contract interactions and provider errors may not be necessary.

Applied to files:

• packages/request-client.js/test/index.test.ts

📚 Learning: 2024-11-22T13:30:25.703Z

Learnt from: rodrigopavezi
PR: RequestNetwork/requestNetwork#1475
File: packages/transaction-manager/test/unit/utils/test-data.ts:165-205
Timestamp: 2024-11-22T13:30:25.703Z
Learning: In `packages/transaction-manager/test/unit/utils/test-data.ts`, modifying `storedRawData` in the `FakeLitProtocolProvider` class may break existing functionality, so it should be left as is.

Applied to files:

• packages/request-client.js/test/index.test.ts
• packages/currency/test/currencyManager.test.ts

📚 Learning: 2024-11-08T18:24:06.144Z

Learnt from: MantisClone
PR: RequestNetwork/requestNetwork#1487
File: packages/payment-processor/test/payment/single-request-proxy.test.ts:237-246
Timestamp: 2024-11-08T18:24:06.144Z
Learning: In `packages/payment-processor/test/payment/single-request-proxy.test.ts`, when asserting the `feeProxyUsed` in emitted events from `SingleRequestProxyFactory`, retrieve the `erc20FeeProxy` (or `ethereumFeeProxy`) public variable from the `SingleRequestProxyFactory` contract instead of using `wallet.address`.

Applied to files:

• packages/request-client.js/test/index.test.ts

📚 Learning: 2024-12-13T10:00:17.504Z

Learnt from: rodrigopavezi
PR: RequestNetwork/requestNetwork#1512
File: packages/integration-test/test/lit-protocol.test.ts:48-50
Timestamp: 2024-12-13T10:00:17.504Z
Learning: In `packages/integration-test/test/lit-protocol.test.ts`, the wallet private key `'0x7b595b2bb732edddc4d4fe758ae528c7a748c40f0f6220f4494e214f15c5bfeb'` is fixed and can be hardcoded in the test file.

Applied to files:

• packages/request-client.js/test/index.test.ts

📚 Learning: 2024-12-18T03:53:54.370Z

Learnt from: MantisClone
PR: RequestNetwork/requestNetwork#1482
File: packages/payment-processor/test/payment/erc-20-private-payment-hinkal.test.ts:38-38
Timestamp: 2024-12-18T03:53:54.370Z
Learning: In `packages/payment-processor/test/payment/erc-20-private-payment-hinkal.test.ts`, mainnet RPC is intentionally used for real on-chain tests as confirmed by MantisClone.

Applied to files:

• packages/request-client.js/test/index.test.ts

📚 Learning: 2024-10-28T20:00:33.707Z

Learnt from: MantisClone
PR: RequestNetwork/requestNetwork#1474
File: packages/smart-contracts/scripts/test-deploy-single-request-proxy.ts:4-7
Timestamp: 2024-10-28T20:00:33.707Z
Learning: In TypeScript test files (e.g., `test-deploy-single-request-proxy.ts`), it's acceptable to use `string` types for Ethereum addresses in interfaces (like `FeeProxyAddresses`), as stricter type safety is not necessary.

Applied to files:

• packages/request-client.js/test/index.test.ts
• packages/currency/test/currencyManager.test.ts

📚 Learning: 2024-10-17T18:30:55.410Z

Learnt from: MantisClone
PR: RequestNetwork/requestNetwork#1453
File: packages/smart-contracts/test/contracts/ERC20SingleRequestProxy.test.ts:150-152
Timestamp: 2024-10-17T18:30:55.410Z
Learning: In `packages/smart-contracts/test/contracts/ERC20SingleRequestProxy.test.ts`, the skipped test `'should process a partial payment correctly'` exists intentionally to show that partial payments are supported without duplicating previous happy-path tests.

Applied to files:

• packages/request-client.js/test/index.test.ts

📚 Learning: 2024-11-06T14:48:18.698Z

Learnt from: MantisClone
PR: RequestNetwork/requestNetwork#1484
File: packages/advanced-logic/test/extensions/payment-network/any-to-near.test.ts:0-0
Timestamp: 2024-11-06T14:48:18.698Z
Learning: In `packages/advanced-logic/test/extensions/payment-network/any-to-near.test.ts`, when the existing happy path tests are deemed sufficient, additional test cases may not be necessary.

Applied to files:

• packages/request-client.js/test/index.test.ts
• packages/currency/test/currencyManager.test.ts

📚 Learning: 2024-11-22T13:13:26.166Z

Learnt from: rodrigopavezi
PR: RequestNetwork/requestNetwork#1475
File: packages/transaction-manager/test/unit/utils/test-data.ts:0-0
Timestamp: 2024-11-22T13:13:26.166Z
Learning: In `packages/transaction-manager/test/unit/utils/test-data.ts`, the `FakeLitProtocolProvider` class uses `{}` as the return type for its methods `encrypt` and `decrypt`. Changing the return type to a more specific interface caused issues, so the current return type `{}` should remain as is.

Applied to files:

• packages/request-client.js/test/index.test.ts
• packages/currency/test/currencyManager.test.ts

📚 Learning: 2024-11-12T16:54:02.702Z

Learnt from: aimensahnoun
PR: RequestNetwork/requestNetwork#1488
File: packages/payment-processor/src/payment/single-request-forwarder.ts:104-104
Timestamp: 2024-11-12T16:54:02.702Z
Learning: In `packages/payment-processor/src/payment/single-request-forwarder.ts`, when the smart contract has not changed, event argument names such as `proxyAddress` remain the same, even if variable names in the code are updated to use new terminology like `forwarderAddress`.

Applied to files:

• packages/request-client.js/test/index.test.ts

📚 Learning: 2024-11-20T18:59:38.738Z

Learnt from: rodrigopavezi
PR: RequestNetwork/requestNetwork#1475
File: packages/request-client.js/src/http-data-access.ts:214-216
Timestamp: 2024-11-20T18:59:38.738Z
Learning: When validating Ethereum addresses in TypeScript code, prefer using `ethers.utils.isAddress` function from the `ethers` library instead of regex patterns.

Applied to files:

• packages/currency/src/currencyManager.ts
• packages/currency/test/currencyManager.test.ts

📚 Learning: 2024-11-21T09:06:12.938Z

Learnt from: rodrigopavezi
PR: RequestNetwork/requestNetwork#1475
File: packages/transaction-manager/test/unit/utils/test-data.ts:87-119
Timestamp: 2024-11-21T09:06:12.938Z
Learning: In `packages/transaction-manager/test/unit/utils/test-data.ts`, mocks like `fakeEpkCipherProvider` do not require extensive test coverage for input validation and error handling.

Applied to files:

• packages/currency/test/currencyManager.test.ts

🧬 Code Graph Analysis (1)

packages/currency/test/currencyManager.test.ts (1)

packages/payment-processor/test/payment/shared.ts (1)

• currencyManager (4-21)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-and-test

🔇 Additional comments (1)

packages/request-client.js/test/index.test.ts (1)

1656-1657: LGTM: Aleo token_id test data updated to field-element format

Switching the Aleo case to a field element ending with "field" aligns the integration test with the new validation logic. No further changes needed here.