Skip to content

security: Add input validation for wallet_id as Stellar public key format #48

Description

@YaronZaki

Problem Statement

wallet_id is accepted as a raw string without Stellar public key format validation in most API endpoints. Only BugReportRequest has regex validation (^G[A-Za-z0-9]{55}$). Other request models in position.py, vault.py, and user.py accept any string as wallet_id.

Evidence

# quantara/web_app/api/serializers/position.py:19-23
class PositionFormData(BaseModel):
    wallet_id: str  # No regex, no field_validator — accepts any string!
    token_symbol: str
    amount: str
    multiplier: float

Similar unvalidated wallet_id in AddPositionDepositData, vault models, and user models.

Impact

High — data integrity risk. Non-Stellar addresses stored in database. Business logic relying on valid Stellar keys may fail unpredictably. Blockchain calls with invalid keys produce confusing errors.

Proposed Solution

Add Pydantic field_validator using stellar_sdk.StrKey.is_valid_ed25519_public_key() to all request models accepting wallet_id. Return 422 with descriptive error for invalid format.

Technical Requirements

  • Must use canonical stellar_sdk.StrKey.is_valid_ed25519_public_key() validation
  • Must return 422 with: "wallet_id must be a valid Stellar public key (G-prefix, 56 characters)"
  • Must validate in ALL request models accepting wallet_id

Acceptance Criteria

  • wallet_id validated in all Pydantic request models
  • Invalid format returns 422 with descriptive error
  • Valid Stellar keys (G-prefix, 56 chars) accepted
  • Existing BugReportRequest validator verified consistent
  • All tests pass with valid Stellar-format wallet IDs

File Map

  • quantara/web_app/api/serializers/position.py — add wallet_id validator to PositionFormData, AddPositionDepositData
  • quantara/web_app/api/serializers/vault.py — add wallet_id validator
  • quantara/web_app/api/serializers/user.py — verify existing, add to others

Dependencies

  • Related: REPO-002 (auth middleware also needs wallet_id format validation)

Testing Strategy

  • Unit: Test validator with valid Stellar keys, invalid keys (wrong prefix, wrong length, non-base32 chars), empty string
  • Integration: Send requests with invalid wallet_id, verify 422 response

Security Considerations

Input validation prevents malformed data. Note: validates format only, not ownership (that's REPO-002).

Definition of Done

  • Code implemented and peer-reviewed
  • Tests written and passing (unit + integration)
  • All existing tests pass
  • PR linked and merged

Labels: security
Priority: High
Difficulty: Intermediate
Estimated Effort: 4h

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions