Validate `registry_credit_id` Length/Charset to Prevent Malformed Leaf Construction

[Oluwaseyi89]

Summary

Update the merkle_bridge contract to validate the registry_credit_id field for both length and allowed character set before using it in Merkle leaf construction, preventing malformed or ambiguous leaves and ensuring compatibility with relayer and off-chain verification tools.

Social Media Link

Let's collaborate on Discord. And ensure to star our repo.

Technical Context

• Motivation: Unvalidated or malformed registry_credit_id values can result in ambiguous, non-unique, or invalid Merkle leaves, breaking proof verification and interoperability. Enforcing strict validation ensures robust, predictable Merkle tree construction.
• Current State: The contract does not enforce any length or character set restrictions on registry_credit_id.

Requirements

Contract Changes

• Define and document the allowed length range (min/max) and permitted character set for registry_credit_id.
• During all relevant entry points (e.g., mint, bridge, proof), validate that the provided registry_credit_id meets these constraints.
• Reject any operation with an invalid registry_credit_id, returning a clear error message.

Acceptance Criteria

• Only valid registry_credit_id values are accepted for Merkle leaf construction.
• Invalid values are rejected with clear errors.
• Unit tests cover:
  • Attempted use of invalid (too short/long or bad charset) IDs (should fail)
  • Use of valid IDs (should succeed)

Definition of Done

• PR with contract code changes and tests
• Documentation updated to describe the validation rules
• Team review completed

Working Directory:

stellar-core/verifiable-registry/contracts/merkle_bridge

---

[OTimileyin]

@OTimileyin has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

I'd love to claim this issue. As a highly capable engineer, I plan to update the merkle_bridge smart contract to enforce strict length and character set validation on the registry_credit_id before it is hashed into the Merkle leaf. I will add descriptive error codes to your contract's error enum and include comprehensive Rust unit tests covering both boundary lengths and invalid characters to ensure complete cryptographic safety.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @OTimileyin to this issue.

[brodapeethar]

@brodapeethar has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hi maintainer, i have gone through the task description and will like to work on this please. ETA: 5hours. Thank you

ℹ️ Repo Maintainers: To accept this application, review their application or assign @brodapeethar to this issue.

[BashMan11]

@BashMan11 has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

I will like to take on this issue.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @BashMan11 to this issue.

[drips-wave]

Congratulations, @BashMan11! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @BashMan11: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[BashMan11]

Resolved in PR #367 (branch fix/issues-313-314-316-318).

[BashMan11]

Implemented in PR #367. This issue will be closed when the PR is merged.