We would like to bring to your attention a critical issue regarding the handling of ContractAddress type on Starknet, which we have unfortunately experienced firsthand, resulting in the loss of STRK tokens.
We have identified several problems related to the management of contract addresses on Starknet, which deserve immediate attention to ensure the security and reliability of the network.
Below is a summary of the key issues:
1. Lack of strict input validation
Currently, it is possible to input arbitrary ASCII strings as a ContractAddress, even though characters like #&?^
will never be part of a valid address. A strict validation mechanism should be implemented upfront to prevent such scenarios.
2. No validation of address validity (size and format)
It seems that the Cairo VM adjusts itself the validity of addresses by adding zeros as prefixes if the size is not correct. This approach is problematic as it delegates an essential validation task to the VM without any prior verification.
3. Absence of controls in various ecosystem components
Neither the Braavos wallet, Cairo VM, RPC, nor the Sequencer performs stringent checks on the validity of addresses. This could creates a significant risk surface that could be exploited and many loss of capital from users or developers.
Primary Concern: Why was the call accepted?
This behaviour is unusual and diverges from the security standards upheld by other networks.
Recommendation
For the benefit of the entire Starknet Community, it is imperative to address these issues promptly by introducing robust address validation mechanisms at all levels (wallet, RPC, VM, and Sequencer). These measures would enhance user trust and align Starknet with the industry’s best practices.
We trust this feedback will assist in prioritizing these corrections to safeguard the ecosystem for all users.