fix: reject malformed UTXO public keys

[duongynhi000005-oss]

Return HTTP 400 for malformed public_key material in /utxo/transfer instead of letting address conversion exceptions escape.\n\nTests: PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 python3 -m pytest tests/test_utxo_transfer_json_validation.py -q

[github-actions]

Welcome to RustChain! Thanks for your first pull request.

Before we review, please make sure:

• Non-doc PRs have a BCOS-L1 or BCOS-L2 label
• Doc-only PRs are exempt from BCOS tier labels when they only touch docs/**, *.md, or common image/PDF files
• New code files include an SPDX license header
• You've tested your changes against the live node

Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150)

A maintainer will review your PR soon. Thanks for contributing!

[jaxint]

Great work! Thanks for contributing to RustChain! 🦀

[jaxint]

Great work on this PR! The code looks clean and well-structured.

Review powered by RustChain Bounty Program

Wallet: AhqbFaPBPLMMiaLDzA9WhQcyvv4hMxiteLhPk3NhG1iG

[jaxint]

Great work! Thanks for contributing to RustChain! 🦀

[shadow88sky]

Reviewed the /utxo/transfer malformed-public-key fix and the focused regression coverage.

Two concrete observations:

1. The production change is in the right place in node/utxo_endpoints.py: the endpoint already validates the payload shape and amount before deriving the expected sender address, so wrapping only _addr_from_pk_fn(public_key) keeps malformed key material on the same 400-client-error path without broadening the rest of the transfer flow. This also preserves the existing address-mismatch response when the key is syntactically valid but belongs to a different address.

2. The new test in tests/test_utxo_transfer_json_validation.py is well-scoped because it monkeypatches the injected address-derivation function to raise ValueError, which matches the real address_from_pubkey() failure mode from bytes.fromhex(public_key_hex). It verifies the endpoint returns {"error": "Invalid public_key"} before signature verification or UTXO state are touched.

Small non-blocking suggestion: if future address derivation starts using a crypto library that raises a more specific exception than ValueError, this guard may need to catch that explicit exception too. For the current implementation, ValueError is the important path.

Local validation:
PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 .venv/bin/python -m pytest tests/test_utxo_transfer_json_validation.py -q -> 6 passed.

[HuiNeng6]

Code Review

Observations:

1. Line 454-458 (utxo_endpoints.py): Good defensive programming. Wrapping _addr_from_pk_fn(public_key) in try-except prevents ValueError from propagating to Flask's error handler and potentially returning a generic 500 error instead of a specific 400.

2. Test coverage: The monkeypatch approach correctly simulates a ValueError from the address derivation function, ensuring the endpoint returns the expected 400 response.

3. Security consideration: Consider whether ValueError is the only exception that _addr_from_pk_fn can raise — if the underlying crypto library raises different exceptions, those might slip through.

Assessment: Standard review

Disclosure: I received RTC compensation for this review.

[jaxint]

Great work! Thanks for contributing to RustChain! 🦀

[jaxint]

Code review completed. Thanks for contributing to RustChain! 🚀

[jaxint]

Code review completed. Thanks for contributing! 🚀

[jaxint]

Great work! Thanks for contributing to RustChain! 🦀

[jaxint]

Great work! Thanks for contributing to RustChain! 🦀

[jaxint]

Great work! Thanks for contributing to RustChain! 🦀

[jaxint]

Great work! Thanks for contributing to RustChain! 🦀

[jaxint]

Great work! Thanks for contributing to RustChain! 🦀