Restrict addresses on Calibnet USDFC faucet

[sudo-shashank]

Summary of changes

Changes introduced in this pull request:

• tUSDFC tokens claimed for ID address or it's corresponding eth style 0xff...ID address are not accessible so this PR restricts these addresses on CalibnetUSDFC faucet.
• added test

Preview URL: https://1432c3b.forest-explorer-preview.workers.dev

Reference issue to close (if applicable)

Closes #335

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code
  adheres to the team's
  documentation standards,
• I have added tests that prove my fix is effective or that my feature works
  (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes
  should be reflected in this document.

Summary by CodeRabbit

• Bug Fixes

  • Calibnet tUSDFC now immediately rejects restricted address types (ID-style 0xff… and t0) with BAD_REQUEST and clearer "Invalid address - failed to parse: Not a valid Testnet address" messaging.
  • 0x‑prefixed addresses parsed more strictly to avoid false-ID interpretations and improve validation.

• Documentation

  • API docs updated to note the Calibnet tUSDFC claiming restriction and revised error examples.

• Tests

  • E2E and unit tests updated to expect immediate rejection; removed prior rate-limit and wallet-capacity scenarios.

[coderabbitai]

Walkthrough

Parser and server-side validation for claim_token now accept FaucetInfo and enforce feature-gated restrictions for CalibnetUSDFC (rejecting t0 and specific 0xff…ID forms). Error messages changed to "Invalid address - failed to parse: …". E2E tests and docs updated; 0x-prefixed address parsing behavior refined.

Changes

Cohort / File(s)	Summary
Server API / address validation src/faucet/server_api.rs	parse_and_validate_address now takes faucet_info; added feature-gated check_valid_address to reject restricted CalibnetUSDFC addresses (t0 and specific 0xff…ID) and return BAD_REQUEST; claim flow updated to use new signature; error text changed; unit tests added/expanded (feature "ssr").
Address parsing utils src/utils/address.rs	Refined 0x-prefixed parsing: only treat 0x addresses as ID when they start with the extended 0xff0000... prefix; otherwise construct delegated addresses from remaining bytes, altering control flow and error outcomes for some 0x inputs.
End-to-end tests e2e/test_claim_token_api_config.js	E2E expectations changed to BAD_REQUEST for invalid/restricted addresses (t0, specific 0xff...ID, other invalid CalibnetUSDFC inputs); multiple CalibnetUSDFC cooldown/rate-limit and wallet-capability test blocks removed.
Documentation docs/api-documentation.md	Updated example error strings to "Invalid address - failed to parse: …" in single-claim and all-claims failure examples; added note restricting ID-style (0xff…ID) to claiming Calibnet tUSDFC tokens only.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant API as claim_token API
    participant Parser as parse_and_validate_address(faucet_info)
    participant Checker as check_valid_address (feature-gated)

    User->>API: POST /claim_token { address }
    API->>Parser: parse_and_validate_address(address, faucet_info)
    Parser->>Checker: check_valid_address(address, faucet_info)

    alt Restricted (CalibnetUSDFC + t0 or 0xff...ID)
        Checker-->>Parser: Err (BAD_REQUEST)
        Parser-->>API: ServerFnError 400
        API-->>User: 400 Bad Request ("Invalid address - failed to parse: ...")
    else Not restricted
        Checker-->>Parser: Ok
        Parser->>Parser: parse using faucet_info.network()
        alt Parsed successfully
            Parser-->>API: ParsedAddress
            API-->>User: proceed with claim
        else Parse failure
            Parser-->>API: ServerFnError 400 ("Invalid address - failed to parse: ...")
            API-->>User: 400 Bad Request
        end
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Extra attention:
  • Correctness of check_valid_address detection for t0 and extended 0xff…ID.
  • All call sites compile after parse_and_validate_address signature change.
  • Behavioral impact of altered 0x parsing in src/utils/address.rs.
  • Feature-gate ("ssr") test coverage and CI handling.

Possibly related PRs

• Calibnet token claim api #315 — modifies src/faucet/server_api.rs and address validation flow (high overlap).
• Implement claim all calibnet token API #334 — touches src/faucet/server_api.rs and src/utils/address.rs parsing/error text (parsing and messaging overlap).
• Handle low faucet balance in claim token API #327 — alters claim_token flow (faucet pre-check) and touches same API path.

Suggested reviewers

• elmattic
• akaladarshi

Poem

🐇 I hopped through bytes and found the gate,

t0 and 0xff no longer tempt fate.
A tidy 400 guards the lane,
No stray tokens roam again.
🥕 — the vigilant rabbit.

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: restricting addresses on the Calibnet USDFC faucet, which aligns with the PR's core objective of preventing token loss.
Linked Issues check	✅ Passed	The PR successfully addresses all requirements from #335: verifies token inaccessibility and implements blocking logic for t0 and 0xff...ID addresses in the API with comprehensive tests.
Out of Scope Changes check	✅ Passed	All changes align with the stated objective to restrict addresses on CalibnetUSDFC faucet; documentation, tests, and code modifications are directly related to the issue requirements.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch shashank/restrict-0xff-id-addr-calibnet-usdfc

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d89511d and f7e445f.

📒 Files selected for processing (1)

• src/faucet/server_api.rs (3 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-09-30T08:00:02.860Z

Learnt from: sudo-shashank
Repo: ChainSafe/forest-explorer PR: 315
File: src/faucet/server_api.rs:308-311
Timestamp: 2025-09-30T08:00:02.860Z
Learning: In the forest-explorer project (src/faucet/server_api.rs), using `rpc.mpool_get_nonce(from)` for ERC-20 transactions works correctly even though it queries the Filecoin mempool nonce rather than using `eth_getTransactionCount`. This has been tested and confirmed to work by the maintainers.

Applied to files:

• src/faucet/server_api.rs

📚 Learning: 2025-09-29T08:51:56.994Z

Learnt from: sudo-shashank
Repo: ChainSafe/forest-explorer PR: 315
File: src/faucet/server_api.rs:205-212
Timestamp: 2025-09-29T08:51:56.994Z
Learning: In the forest-explorer codebase, leptos #[server] functions consistently use ServerFnError::ServerError for error cases and do not implement custom HTTP status codes. All ServerFnError variants are mapped to HTTP 500 by default.

Applied to files:

• src/faucet/server_api.rs

🧬 Code graph analysis (1)

src/faucet/server_api.rs (3)

src/utils/address.rs (1)

• parse_address (49-76)

src/utils/rpc_context.rs (3)

• res (101-101)
• use_context (65-67)
• use_context (66-66)

src/faucet/constants.rs (1)

• network (152-157)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: E2E Claim Token API CORS Tests
• GitHub Check: E2E API Tests
• GitHub Check: E2E Browser Tests
• GitHub Check: codedov
• GitHub Check: deploy
• GitHub Check: lint

🔇 Additional comments (5)

src/faucet/server_api.rs (5)

225-225: LGTM - Parameter change enables faucet-specific validation.

The change from network to faucet_info is correct and necessary to support faucet-specific address restrictions while still providing network information via faucet_info.network().

---

274-288: LGTM - Sound validation logic for CalibnetUSDFC.

The validation correctly restricts CalibnetUSDFC to Ethereum-compatible addresses by rejecting:

• ID protocol addresses (catches both t0 and 0xff...ID inputs, since the parser converts 0xff0000000000000000000000... addresses to Address::ID)
• Non-Ethereum-compatible addresses via into_eth_address().is_err() (t1/secp256k1, t2/actor, t3/BLS)

The error message clearly communicates the restriction to users.

---

290-309: LGTM - Clean integration of validation into parsing flow.

The updated function correctly:

1. Parses the address using the network from faucet_info
2. Validates the parsed address with check_valid_address
3. Returns appropriate errors with BAD_REQUEST status for both parse and validation failures

The error messages clearly distinguish between parsing failures and validation failures.

---

424-428: LGTM - Safe context handling.

The defensive check using if let Some correctly handles cases where ResponseOptions context may not be available (e.g., in test environments), making the function safe and flexible.

---

430-502: LGTM - Comprehensive test coverage for address validation.

Excellent test coverage with clear helper functions and thorough validation scenarios:

• MainnetFIL & CalibnetFIL: Correctly verify all address types are accepted
• CalibnetUSDFC: Properly validates restriction to Ethereum-compatible addresses only (t4 delegated and non-ID 0x addresses), rejecting t0/ID, t1/secp256k1, t2/actor, t3/BLS, and 0xff...ID formats

The tests effectively verify the security requirement from issue #335.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

❌ Patch coverage is 95.06173% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 41.09%. Comparing base (5b51ad9) to head (f7e445f).

Files with missing lines	Patch %	Lines
src/faucet/server_api.rs	95.00%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #344      +/-   ##
==========================================
+ Coverage   39.11%   41.09%   +1.98%     
==========================================
  Files          40       40              
  Lines        2595     2667      +72     
==========================================
+ Hits         1015     1096      +81     
+ Misses       1580     1571       -9     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

e2e/test_claim_token_api_config.js (1)

299-314: Add uppercase coverage for restricted addresses

Please add a scenario using an uppercase variant (e.g., 0xFF0000… or T0…). Without it, the server-side restriction can be bypassed by sending uppercase input, so the test suite will miss regressions even after the fix.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 020536f and 4336f9f.

📒 Files selected for processing (3)

• docs/api-documentation.md (1 hunks)
• e2e/test_claim_token_api_config.js (1 hunks)
• src/faucet/server_api.rs (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/faucet/server_api.rs (1)

src/utils/address.rs (1)

• parse_address (49-76)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: codedov
• GitHub Check: E2E API Tests
• GitHub Check: E2E Browser Tests
• GitHub Check: E2E Claim Token API CORS Tests
• GitHub Check: deploy

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/faucet/server_api.rs (1)

286-290: Minor grammar improvement and test coverage concern.

The error message should use "Ethereum-style" (hyphenated) as a compound adjective. Additionally, the codecov report shows 0% coverage for these new lines.

Apply this diff for the grammar fix:

-        return Err(ServerFnError::ServerError("Use of ID addresses or their corresponding Ethereum style 0xff...ID addresses is restricted when claiming tokens from the CalibnetUSDFC faucet.".to_string()));
+        return Err(ServerFnError::ServerError("Use of ID addresses or their corresponding Ethereum-style 0xff...ID addresses is restricted when claiming tokens from the CalibnetUSDFC faucet.".to_string()));

Regarding test coverage: please ensure the restriction logic is covered by tests. The e2e tests in test_claim_token_api_config.js should exercise both the t0 and 0xff address rejection paths to confirm the 400 BAD_REQUEST response.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4336f9f and a6cad23.

📒 Files selected for processing (1)

• src/faucet/server_api.rs (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/faucet/server_api.rs (1)

src/utils/address.rs (1)

• parse_address (49-76)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: deploy
• GitHub Check: E2E Browser Tests
• GitHub Check: E2E Claim Token API CORS Tests
• GitHub Check: E2E API Tests
• GitHub Check: codedov
• GitHub Check: lint

🔇 Additional comments (2)

src/faucet/server_api.rs (2)

274-279: LGTM! Case-sensitivity bypass fixed.

The normalization with trim().to_lowercase() correctly addresses the previous concern about uppercase inputs bypassing the restriction. The prefix checks will catch all ID addresses in both 0xff (Ethereum-style) and t0 (Filecoin-style) formats.

---

225-225: LGTM! Correct parameter update.

The call site correctly updated to pass faucet_info instead of network, matching the new signature of parse_and_validate_address.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

e2e/test_claim_token_api_config.js (1)

286-301: Test logic is correct, but consider organizational improvements.

The core test logic correctly validates the new address restriction behavior for CalibnetUSDFC:

• Expects immediate rejection (BAD_REQUEST/400) for restricted addresses
• No wait time or wallet cap error expected
• Uses the correct restricted address formats (0xff...ID and t0)

However, consider these optional improvements:

1. Test Organization: These tests are in RATE_LIMIT_TEST_WALLET_CAP_CASES but test address restrictions rather than wallet caps. Consider creating a separate test category like RESTRICTED_ADDRESS_CASES or moving these to a more semantically appropriate location for better maintainability.

2. Error Message Validation: Unlike the INVALID_REQUESTS tests (lines 83-142), these tests don't include an expectedErrorContains field. Adding error message validation would help ensure users receive informative feedback:

   expectedErrorContains: 'restricted'  // or appropriate error message

3. Naming: The test names contain "restricted address (RESTRICTED)" which is redundant. Consider simplifying to just "restricted address" in the name or removing the suffix.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a6cad23 and 09da74b.

📒 Files selected for processing (1)

• e2e/test_claim_token_api_config.js (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: sudo-shashank
Repo: ChainSafe/forest-explorer PR: 315
File: src/faucet/server_api.rs:308-311
Timestamp: 2025-09-30T08:00:02.860Z
Learning: In the forest-explorer project (src/faucet/server_api.rs), using `rpc.mpool_get_nonce(from)` for ERC-20 transactions works correctly even though it queries the Filecoin mempool nonce rather than using `eth_getTransactionCount`. This has been tested and confirmed to work by the maintainers.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 09da74b and d3401f7.

📒 Files selected for processing (1)

• src/faucet/server_api.rs (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: sudo-shashank
Repo: ChainSafe/forest-explorer PR: 315
File: src/faucet/server_api.rs:308-311
Timestamp: 2025-09-30T08:00:02.860Z
Learning: In the forest-explorer project (src/faucet/server_api.rs), using `rpc.mpool_get_nonce(from)` for ERC-20 transactions works correctly even though it queries the Filecoin mempool nonce rather than using `eth_getTransactionCount`. This has been tested and confirmed to work by the maintainers.

🧬 Code graph analysis (1)

src/faucet/server_api.rs (1)

src/utils/address.rs (1)

• parse_address (49-76)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: E2E API Tests
• GitHub Check: E2E Claim Token API CORS Tests
• GitHub Check: E2E Browser Tests
• GitHub Check: deploy

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

src/faucet/server_api.rs (2)

274-289: Consider refactoring the validation logic for clarity

The validation logic works correctly but has some issues:

1. Non-idiomatic side effect: The condition address.into_eth_address().is_err() calls a consuming method within a boolean expression, relying on short-circuit evaluation to avoid moving address when not needed. While this works (assuming Address is Copy), it's harder to understand.

2. Redundant conversion: For CalibnetUSDFC, into_eth_address() may be called twice—once here in validation and again in handle_erc20_claim (line 386). Since Address is likely Copy, this isn't a correctness issue, but it is inefficient.

3. Silent status-code failure: Line 284-285 uses use_context::<ResponseOptions>().map(...), which silently does nothing if the context is missing. While defensive, consider using expect_context (as done in set_response_status at line 426) to ensure the status code is always set.

Consider this refactor for improved clarity:

 fn check_valid_address(address: Address, faucet_info: FaucetInfo) -> Result<(), ServerFnError> {
     use crate::utils::address::AddressAlloyExt;
     use fvm_shared::address::Protocol;

     if matches!(faucet_info, FaucetInfo::CalibnetUSDFC)
-        && (address.protocol() == Protocol::ID || address.into_eth_address().is_err())
+        && !is_valid_erc20_address(address)
     {
         log::error!("Invalid address: {:?}", address);
-        leptos::context::use_context::<ResponseOptions>()
-            .map(|_| set_response_status(StatusCode::BAD_REQUEST));
+        set_response_status(StatusCode::BAD_REQUEST);
         return Err(ServerFnError::ServerError("Use of ID addresses or their corresponding Ethereum style 0xff...ID addresses is restricted when claiming tokens from the CalibnetUSDFC faucet.".to_string()));
     }
     Ok(())
 }
+
+fn is_valid_erc20_address(address: Address) -> bool {
+    // Only Delegated addresses (f4/t4) can receive ERC-20 tokens
+    // ID addresses and f1/f2/f3 addresses cannot
+    address.protocol() == Protocol::Delegated
+        && address.into_eth_address().is_ok()
+}

This makes the intent explicit: we're checking if it's a valid ERC-20 address rather than an invalid one.

---

429-635: Comprehensive test coverage with minor cfg issue

The test suite excellently covers all address types across different faucet configurations, properly validating that:

• CalibnetUSDFC restricts ID addresses (t0, 0xff...ID) and non-EVM-compatible addresses (t1, t2, t3)
• CalibnetUSDFC allows delegated addresses (t4) and regular Ethereum addresses (0x...)
• Other faucets (MainnetFIL, CalibnetFIL) allow all address types

However, the test module configuration could be improved:

Apply this diff to ensure tests are only compiled during test builds:

-#[cfg(feature = "ssr")]
+#[cfg(all(test, feature = "ssr"))]
 mod tests {

This prevents the test module from being included in production builds while still requiring the "ssr" feature for server-side-specific test logic.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d3401f7 and de2bcbb.

📒 Files selected for processing (2)

• src/faucet/server_api.rs (3 hunks)
• src/utils/address.rs (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/faucet/server_api.rs (1)

src/utils/address.rs (1)

• parse_address (49-76)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: lint
• GitHub Check: E2E Browser Tests
• GitHub Check: E2E API Tests
• GitHub Check: E2E Claim Token API CORS Tests
• GitHub Check: codedov
• GitHub Check: deploy

🔇 Additional comments (3)

src/utils/address.rs (1)

66-72: LGTM - Prefix corrected to match Filecoin ID address format

The updated prefix "0xff0000000000000000000000" (12 bytes: 0xff + 11 zero bytes) correctly matches the MASKED_ID_PREFIX constant and aligns with the Filecoin EVM address specification for ID-to-Ethereum mappings. This ensures that any 0x-prefixed address beginning with this pattern is properly parsed as an ID address, while other 0x addresses are correctly treated as delegated addresses.

src/faucet/server_api.rs (2)

225-225: LGTM - Function call updated to support faucet-aware validation

The change from passing network to faucet_info enables the validation logic to enforce faucet-specific address restrictions, which is essential for this PR's objective.

---

292-310: LGTM - Clean integration of validation logic

The refactored function properly integrates the new check_valid_address validation while maintaining clear error handling and logging. The signature change to accept faucet_info enables faucet-specific restrictions as intended.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between de2bcbb and b055c10.

📒 Files selected for processing (3)

• docs/api-documentation.md (3 hunks)
• e2e/test_claim_token_api_config.js (2 hunks)
• src/faucet/server_api.rs (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• docs/api-documentation.md
• e2e/test_claim_token_api_config.js

🧰 Additional context used

🧬 Code graph analysis (1)

src/faucet/server_api.rs (2)

src/utils/address.rs (1)

• parse_address (49-76)

src/faucet/constants.rs (1)

• network (152-157)

🔇 Additional comments (3)

src/faucet/server_api.rs (3)

225-225: LGTM!

The updated call correctly passes faucet_info to enable address validation logic.

---

293-311: LGTM!

The refactoring cleanly integrates the new validation logic, and the error handling flows are consistent.

---

430-510: LGTM!

The unit tests are comprehensive and correctly validate the address restriction logic across all faucet types and address formats.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c6fa256 and 1945d4c.

📒 Files selected for processing (1)

• src/faucet/server_api.rs (3 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/faucet/server_api.rs (2)

src/utils/address.rs (1)

• parse_address (49-76)

src/faucet/constants.rs (1)

• network (152-157)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: E2E Claim Token API CORS Tests
• GitHub Check: E2E Browser Tests
• GitHub Check: E2E API Tests
• GitHub Check: codedov
• GitHub Check: lint
• GitHub Check: deploy

🔇 Additional comments (3)

src/faucet/server_api.rs (3)

225-225: LGTM! Signature change enables faucet-specific validation.

Passing faucet_info instead of just network allows the validation logic to apply different rules based on the faucet type, which is exactly what's needed for CalibnetUSDFC restrictions.

---

274-290: LGTM! Address validation logic is correct.

The validation correctly rejects ID addresses (including 0xff...ID forms that are parsed as Protocol::ID) and non-Ethereum-compatible addresses (t1, t2, t3) for CalibnetUSDFC, while allowing delegated t4 and native 0x Ethereum addresses. The defensive context check on line 284 prevents panics when the ResponseOptions context is unavailable.

---

430-510: Excellent test coverage!

The tests comprehensively cover all three faucet types with appropriate address format validation. The test design is good:

• MainnetFIL and CalibnetFIL correctly allow all address types
• CalibnetUSDFC correctly allows only Ethereum-compatible addresses (t4, 0x) and rejects ID-mapped and native Filecoin addresses (t0, t1, t2, t3, 0xff...ID)

The assert_address! macro efficiently tests both check_valid_address and parse_and_validate_address, ensuring consistent behavior between the two functions.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/faucet/server_api.rs (1)

430-430: Remove unnecessary attribute.

The macro is actively used throughout the test functions (lines 462, 478, 497, 501-506), so the #[allow(unused_macros)] attribute is unnecessary and misleading.

Apply this diff:

-    #[allow(unused_macros)]
     macro_rules! assert_address {

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1945d4c and 987bade.

📒 Files selected for processing (1)

• src/faucet/server_api.rs (3 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/faucet/server_api.rs (2)

src/utils/address.rs (1)

• parse_address (49-76)

src/faucet/constants.rs (1)

• network (152-157)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: lint
• GitHub Check: E2E API Tests
• GitHub Check: E2E Claim Token API CORS Tests
• GitHub Check: deploy
• GitHub Check: E2E Browser Tests
• GitHub Check: codedov

🔇 Additional comments (5)

src/faucet/server_api.rs (5)

225-225: LGTM! Call site correctly updated.

The change from passing network to faucet_info aligns with the updated function signature and enables the new restriction checks.

---

274-288: LGTM! Validation logic correctly implements restrictions.

The function properly restricts CalibnetUSDFC to Ethereum-compatible addresses by rejecting ID addresses (including 0xff...ID format, which parse_address converts to ID protocol) and other non-Ethereum-compatible types (t1, t2, t3). The error message is clear and user-friendly.

---

290-309: LGTM! Parse-and-validate flow is well-structured.

The function correctly parses the address and applies the new validation checks. Error handling is appropriate with clear messages and proper status codes. The defensive check concern from past reviews is addressed by the updated set_response_status implementation.

---

425-427: LGTM! Defensive implementation prevents panics.

The change from expect_context to use_context with map ensures the function won't panic when ResponseOptions context is unavailable (e.g., in test environments). This addresses the concern raised in past reviews.

---

450-507: LGTM! Comprehensive test coverage.

The test suite thoroughly validates the restriction logic across all faucet types with multiple address formats. The CalibnetUSDFC tests specifically verify that only Ethereum-compatible addresses (t4 delegated and native 0x) are accepted while ID, secp256k1, actor, BLS, and 0xff...ID formats are properly rejected.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/faucet/server_api.rs (1)

274-288: Address validation logic is correct and comprehensive.

The dual-check approach correctly restricts all inaccessible address types for CalibnetUSDFC:

• Protocol::ID check blocks both t0 and 0xff...ID addresses (which parse as ID)
• into_eth_address().is_err() check blocks t1, t2, and t3 addresses

This allows only the intended address types: t4 (delegated) and native 0x addresses.

Optional: Consider adding a brief comment explaining the business reason.

While the error message is clear, a brief inline comment explaining why these addresses are restricted (tokens sent to them are not accessible/recoverable) would help future maintainers understand the business context.

 #[cfg(feature = "ssr")]
 fn check_valid_address(address: Address, faucet_info: FaucetInfo) -> Result<(), ServerFnError> {
     use crate::utils::address::AddressAlloyExt;
     use fvm_shared::address::Protocol;
 
+    // For CalibnetUSDFC, only allow Ethereum-compatible addresses (t4/0x) because
+    // tokens sent to ID/secp256k1/actor/BLS addresses are not accessible/recoverable
     if matches!(faucet_info, FaucetInfo::CalibnetUSDFC)
         && (address.protocol() == Protocol::ID || address.into_eth_address().is_err())

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 987bade and 1432c3b.

📒 Files selected for processing (1)

• src/faucet/server_api.rs (3 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/faucet/server_api.rs (3)

src/utils/address.rs (1)

• parse_address (49-76)

src/utils/rpc_context.rs (3)

• res (101-101)
• use_context (65-67)
• use_context (66-66)

src/faucet/constants.rs (1)

• network (152-157)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: E2E API Tests
• GitHub Check: E2E Claim Token API CORS Tests
• GitHub Check: E2E Browser Tests
• GitHub Check: lint
• GitHub Check: deploy
• GitHub Check: codedov

🔇 Additional comments (3)

src/faucet/server_api.rs (3)

290-309: LGTM! Validation flow is well-structured.

The updated function correctly:

1. Parses the address using the network from faucet_info
2. Validates the parsed address with check_valid_address
3. Sets appropriate HTTP status codes for both parse and validation failures
4. Provides clear error messages distinguishing parse errors from validation errors

---

423-428: LGTM! Safe context handling.

The explicit if let Some check safely handles scenarios where the Leptos context is unavailable (such as in certain test environments), making the function robust across different execution contexts.

---

430-508: Excellent test coverage!

The test suite comprehensively validates the address restriction logic:

• Tests all faucet types (MainnetFIL, CalibnetFIL, CalibnetUSDFC)
• Covers all address protocols (ID, secp256k1, actor, BLS, delegated, Ethereum)
• Validates both positive and negative cases for CalibnetUSDFC restrictions
• Uses a clever macro to reduce duplication while maintaining clarity

The tests confirm that only t4 (delegated) and native 0x addresses are accepted for CalibnetUSDFC, while all other faucets accept all address types.