From 6db6af6fe4d7adca45c75494007f227cd4f46bb3 Mon Sep 17 00:00:00 2001
From: Artem Pikulin <ortgma@gmail.com>
Date: Wed, 20 Jun 2018 15:16:54 +0700
Subject: [PATCH] #81 Add ETH address validation upon coin enable and
 eth_withdraw.

---
 iguana/exchanges/LP_commands.c            | 4 ++++
 iguana/exchanges/LP_transaction.c         | 5 +++++
 iguana/exchanges/etomicswap/etomiclib.cpp | 7 +++++++
 iguana/exchanges/etomicswap/etomiclib.h   | 1 +
 4 files changed, 17 insertions(+)

diff --git a/iguana/exchanges/LP_commands.c b/iguana/exchanges/LP_commands.c
index 4e2e08ba6..147e777b9 100644
--- a/iguana/exchanges/LP_commands.c
+++ b/iguana/exchanges/LP_commands.c
@@ -608,6 +608,10 @@ version\n\
                     }
 
                     if (ptr->etomic[0] != 0) {
+                        if (isValidAddress(ptr->etomic) == 0) {
+                            return(clonestr("{\"error\":\"'etomic' field is not valid address!\"}"));
+                        }
+
                         struct iguana_info *etomic_coin = LP_coinsearch("ETOMIC");
                         if (etomic_coin->inactive != 0) {
                             return(clonestr("{\"error\":\"Enable ETOMIC first to use ETH/ERC20!\"}"));
diff --git a/iguana/exchanges/LP_transaction.c b/iguana/exchanges/LP_transaction.c
index ef27a86a0..69fece8b6 100644
--- a/iguana/exchanges/LP_transaction.c
+++ b/iguana/exchanges/LP_transaction.c
@@ -2095,6 +2095,11 @@ char *LP_eth_withdraw(struct iguana_info *coin,cJSON *argjson)
     if (dest_addr == NULL) {
         return(clonestr("{\"error\":\"param 'to' is required!\"}"));
     }
+
+    if (isValidAddress(dest_addr) == 0) {
+        return(clonestr("{\"error\":\"'to' address is not valid!\"}"));
+    }
+
     amount = jdouble(argjson, "amount") * 100000000;
     if (amount == 0) {
         return(clonestr("{\"error\":\"'amount' is not set or equal to zero!\"}"));
diff --git a/iguana/exchanges/etomicswap/etomiclib.cpp b/iguana/exchanges/etomicswap/etomiclib.cpp
index 68e49f9d8..921a89342 100644
--- a/iguana/exchanges/etomicswap/etomiclib.cpp
+++ b/iguana/exchanges/etomicswap/etomiclib.cpp
@@ -4,6 +4,7 @@
 #include "etomiclib.h"
 #include "etomiccurl.h"
 #include <iostream>
+#include <regex>
 #include <cpp-ethereum/libethcore/Common.h>
 #include <cpp-ethereum/libethcore/CommonJS.h>
 #include <cpp-ethereum/libethcore/TransactionBase.h>
@@ -835,3 +836,9 @@ uint8_t compareAddresses(char *address1, char *address2)
     auto addr_bytes_2 = jsToAddress(address2);
     return static_cast<uint8_t>(addr_bytes_1 == addr_bytes_2);
 }
+
+uint8_t isValidAddress(char *address)
+{
+    std::regex r("^(0x|0X)?[a-fA-F0-9]{40}$");
+    return static_cast<uint8_t>(std::regex_match(address, r));
+}
diff --git a/iguana/exchanges/etomicswap/etomiclib.h b/iguana/exchanges/etomicswap/etomiclib.h
index bfd0b81d3..78a6e3ad3 100644
--- a/iguana/exchanges/etomicswap/etomiclib.h
+++ b/iguana/exchanges/etomicswap/etomiclib.h
@@ -214,6 +214,7 @@ uint64_t estimate_erc20_gas(
 );
 
 uint8_t compareAddresses(char *address1, char *address2);
+uint8_t isValidAddress(char *address);
 
 #ifdef __cplusplus
 }