Wallet screening

[juliangruber]

Screen destination wallet addresses, for legal reasons

• Create API GET /valid/:address -> 200 OK or 403 Forbidden https://github.com/filecoin-station/wallet-screening
• Query forbidden addresses
• Add async validation to destination address input field Add reject sanctioned addresses. Closes #1074 #1075

[bajtos]

Is it enough to validate the address here in the client? It's relatively easy to bypass this check by either modifying the Station source code or invoking the smart contract directly.

Shouldn't the smart contract reject sanctioned addresses too? (I know this is a much more complex thing to implement.)

[bajtos]

How about Station Core? Should it screen the user-provided wallet address, too?

[juliangruber]

Is it enough to validate the address here in the client? It's relatively easy to bypass this check by either modifying the Station source code or invoking the smart contract directly.

Shouldn't the smart contract reject sanctioned addresses too? (I know this is a much more complex thing to implement.)

We have discussed this in the #station-legal channel (or maybe it was just in the call), client side validation is good enough for now. I also brought up that the only proper way to do this is in the smart contract, unfortunately however Chainalysis' oracle is not published to the Filecoin block chain. Therefore, it would be a significant amount of work (and potentially cost) to mirror it over.

[juliangruber]

How about Station Core? Should it screen the user-provided wallet address, too?

Good idea, let's do that too

filecoin-station/core#249