quantumcoin 7.0.3 → 7.0.4

package/test/integration/ipc-provider.test.js

@@ -1,44 +1,49 @@
-/**
- * @testCategory integration
- * @blockchainRequired readonly
- * @transactional false
- * @description Read-only IPC JSON-RPC integration tests against a local geth IPC endpoint
- */
-
-const { describe, it } = require("node:test");
-const assert = require("node:assert/strict");
-
-const qc = require("../../index");
-
-// Windows named pipe endpoint for geth IPC
-const IPC = "\\\\.\\pipe\\geth.ipc";
-
-describe("IpcSocketProvider (readonly)", () => {
-  it("getBlockNumber and getBlock('latest') work over IPC", async (t) => {
-    const provider = new qc.IpcSocketProvider(IPC);
-    try {
-      const bn = await provider.getBlockNumber();
-      assert.ok(Number.isInteger(bn) && bn >= 0);
-
-      const latest = await provider.getBlock("latest");
-      assert.ok(latest && typeof latest === "object");
-      assert.ok(typeof latest.number === "number" && latest.number >= bn);
-      // best-effort sanity: hash often exists on latest blocks
-      assert.ok(latest.hash == null || typeof latest.hash === "string");
-
-      // Print a JSON-safe summary (avoid circular refs like latest.provider)
-      const latestSummary = {
-        number: latest.number,
-        hash: latest.hash,
-        parentHash: latest.parentHash,
-        timestamp: latest.timestamp,
-        transactionsCount: Array.isArray(latest.transactions) ? latest.transactions.length : null,
-      };
-      // This shows up in TAP output as "# ..."
-      console.log("IPC latest block:", JSON.stringify(latestSummary));
-    } catch (e) {
-      t.skip(`IPC endpoint unavailable (${IPC}): ${e && e.message ? e.message : String(e)}`);
-    }
-  });
-});
-
+/**
+ * @testCategory integration
+ * @blockchainRequired readonly
+ * @transactional false
+ * @description Read-only IPC JSON-RPC integration tests against a local geth IPC endpoint
+ * Run with VERBOSE=1 for test names, block number/hash.
+ */
+
+const { describe, it } = require("node:test");
+const assert = require("node:assert/strict");
+
+const qc = require("../../index");
+const { logSuite, logTest } = require("../verbose-logger");
+
+const IPC = process.env.QC_ENDPOINT || process.env.QC_IPC_PATH || "\\\\.\\pipe\\geth.ipc";
+
+describe("IpcSocketProvider (readonly)", () => {
+  it("getBlockNumber and getBlock('latest') work over IPC", async (t) => {
+    logSuite("IpcSocketProvider (readonly)");
+    logTest("getBlockNumber and getBlock('latest') work over IPC", { endpoint: IPC });
+    const provider = qc.getProvider(IPC);
+    try {
+      const bn = await provider.getBlockNumber();
+      logTest("getBlockNumber (ipc)", { blockNumber: bn });
+      assert.ok(Number.isInteger(bn) && bn >= 0);
+
+      const latest = await provider.getBlock("latest");
+      logTest("getBlock('latest') (ipc)", { blockNumber: latest.number, blockHash: latest.hash });
+      assert.ok(latest && typeof latest === "object");
+      assert.ok(typeof latest.number === "number" && latest.number >= bn);
+      // best-effort sanity: hash often exists on latest blocks
+      assert.ok(latest.hash == null || typeof latest.hash === "string");
+
+      // Print a JSON-safe summary (avoid circular refs like latest.provider)
+      const latestSummary = {
+        number: latest.number,
+        hash: latest.hash,
+        parentHash: latest.parentHash,
+        timestamp: latest.timestamp,
+        transactionsCount: Array.isArray(latest.transactions) ? latest.transactions.length : null,
+      };
+      // This shows up in TAP output as "# ..."
+      console.log("IPC latest block:", JSON.stringify(latestSummary));
+    } catch (e) {
+      t.skip(`IPC endpoint unavailable (${IPC}): ${e && e.message ? e.message : String(e)}`);
+    }
+  });
+});
+

package/test/integration/ipc-provider.test.ts

@@ -0,0 +1,44 @@
+/**
+ * @testCategory integration
+ * @blockchainRequired readonly
+ * @transactional false
+ * @description Read-only IPC JSON-RPC integration tests against a local geth IPC endpoint
+ */
+
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+
+import qc from "../../index";
+import { logSuite, logTest } from "../verbose-logger";
+
+const IPC = process.env.QC_ENDPOINT || process.env.QC_IPC_PATH || "\\\\.\\pipe\\geth.ipc";
+
+describe("IpcSocketProvider (readonly)", () => {
+  it("getBlockNumber and getBlock('latest') work over IPC", async (t: { skip: (msg: string) => void }) => {
+    logSuite("IpcSocketProvider (readonly)");
+    logTest("getBlockNumber and getBlock('latest') work over IPC", { endpoint: IPC });
+    const provider = qc.getProvider(IPC);
+    try {
+      const bn = await provider.getBlockNumber();
+      logTest("getBlockNumber (ipc)", { blockNumber: bn });
+      assert.ok(Number.isInteger(bn) && bn >= 0);
+
+      const latest = await provider.getBlock("latest");
+      logTest("getBlock('latest') (ipc)", { blockNumber: latest.number, blockHash: latest.hash });
+      assert.ok(latest && typeof latest === "object");
+      assert.ok(typeof latest.number === "number" && latest.number >= bn);
+      assert.ok(latest.hash == null || typeof latest.hash === "string");
+
+      const latestSummary = {
+        number: latest.number,
+        hash: latest.hash,
+        parentHash: latest.parentHash,
+        timestamp: latest.timestamp,
+        transactionsCount: Array.isArray(latest.transactions) ? latest.transactions.length : null,
+      };
+      console.log("IPC latest block:", JSON.stringify(latestSummary));
+    } catch (e) {
+      t.skip(`IPC endpoint unavailable (${IPC}): ${e && (e as Error).message ? (e as Error).message : String(e)}`);
+    }
+  });
+});

package/test/integration/provider.test.js

@@ -1,72 +1,88 @@
-/**
- * @testCategory integration
- * @blockchainRequired readonly
- * @transactional false
- * @description Read-only JSON-RPC integration tests against public QuantumCoin RPC
- */
-
-const { describe, it } = require("node:test");
-const assert = require("node:assert/strict");
-
-const { Initialize } = require("../../config");
-const qc = require("../../index");
-
-const RPC = "https://public.rpc.quantumcoinapi.com";
-const CHAIN_ID = 123123;
-const STAKING_CONTRACT = "0x" + "00".repeat(30) + "10" + "00"; // ...1000 (32-byte address)
-
-describe("JsonRpcProvider (readonly)", () => {
-  it("getBlockNumber returns a recent block", async (t) => {
-    const provider = new qc.JsonRpcProvider(RPC, CHAIN_ID);
-    try {
-      const bn = await provider.getBlockNumber();
-      assert.ok(bn > 3000000);
-    } catch (e) {
-      t.skip(`network unavailable: ${e && e.message ? e.message : String(e)}`);
-    }
-  });
-
-  it("getBlock works for a block > 3000000 and for latest", async (t) => {
-    const provider = new qc.JsonRpcProvider(RPC, CHAIN_ID);
-    try {
-      const latest = await provider.getBlockNumber();
-      const target = 3386000;
-      if (latest < target) t.skip("chain not at expected height yet");
-
-      const b = await provider.getBlock(target);
-      assert.equal(b.number, target);
-
-      const l = await provider.getBlock("latest");
-      assert.ok(l.number >= target);
-    } catch (e) {
-      t.skip(`network unavailable: ${e && e.message ? e.message : String(e)}`);
-    }
-  });
-
-  it("getBalance works for a known system contract address", async (t) => {
-    const provider = new qc.JsonRpcProvider(RPC, CHAIN_ID);
-    try {
-      const bal = await provider.getBalance(STAKING_CONTRACT);
-      assert.equal(typeof bal, "bigint");
-      assert.ok(bal >= 0n);
-    } catch (e) {
-      t.skip(`network unavailable: ${e && e.message ? e.message : String(e)}`);
-    }
-  });
-
-  it("contract read operations work (staking contract)", async (t) => {
-    await Initialize(null);
-    const provider = new qc.JsonRpcProvider(RPC, CHAIN_ID);
-    try {
-      const abi = require("../fixtures/StakingContract.abi.json");
-      const contract = new qc.Contract(STAKING_CONTRACT, abi, provider);
-      const count = await contract.getDepositorCount();
-      // qcsdk returns JSON; for single return values it is usually an array with one element
-      const value = Array.isArray(count) ? count[0] : count;
-      assert.ok(value != null);
-    } catch (e) {
-      t.skip(`network/ABI unavailable: ${e && e.message ? e.message : String(e)}`);
-    }
-  });
-});
-
+/**
+ * @testCategory integration
+ * @blockchainRequired readonly
+ * @transactional false
+ * @description Read-only integration tests. Endpoint from QC_ENDPOINT or QC_RPC_URL (default: public RPC).
+ * Works with HTTP, WebSocket, or IPC; use QC_ENDPOINT=\\.\pipe\geth.ipc to run over IPC.
+ * Run with VERBOSE=1 or QC_VERBOSE=1 for test names, addresses, block numbers.
+ */
+
+const { describe, it } = require("node:test");
+const assert = require("node:assert/strict");
+
+const { Initialize } = require("../../config");
+const qc = require("../../index");
+const { logSuite, logTest, logAddress } = require("../verbose-logger");
+
+const DEFAULT_RPC = "https://public.rpc.quantumcoinapi.com";
+const CHAIN_ID = 123123;
+const STAKING_CONTRACT = "0x" + "00".repeat(30) + "10" + "00"; // ...1000 (32-byte address)
+
+const ENDPOINT = process.env.QC_ENDPOINT || process.env.QC_RPC_URL || DEFAULT_RPC;
+const isPublicRpc = ENDPOINT === DEFAULT_RPC;
+
+describe("Provider (readonly)", () => {
+  it("getBlockNumber returns a block number", async (t) => {
+    logSuite("Provider (readonly)");
+    logTest("getBlockNumber returns a block number", { endpoint: ENDPOINT, chainId: CHAIN_ID });
+    const provider = qc.getProvider(ENDPOINT, CHAIN_ID);
+    try {
+      const bn = await provider.getBlockNumber();
+      logTest("getBlockNumber returns a block number", { blockNumber: bn });
+      assert.ok(Number.isInteger(bn) && bn >= 0);
+      if (isPublicRpc) assert.ok(bn > 3000000, "public chain height");
+    } catch (e) {
+      t.skip(`network unavailable: ${e && e.message ? e.message : String(e)}`);
+    }
+  });
+
+  it("getBlock('latest') works", async (t) => {
+    logTest("getBlock('latest') works", {});
+    const provider = qc.getProvider(ENDPOINT, CHAIN_ID);
+    try {
+      const latest = await provider.getBlockNumber();
+      const block = await provider.getBlock("latest");
+      logTest("getBlock('latest') works", { blockNumber: block.number, blockHash: block.hash });
+      assert.ok(block && typeof block === "object");
+      assert.ok(typeof block.number === "number" && block.number >= latest);
+      if (isPublicRpc && latest >= 3386000) {
+        const b = await provider.getBlock(3386000);
+        assert.equal(b.number, 3386000);
+      }
+    } catch (e) {
+      t.skip(`network unavailable: ${e && e.message ? e.message : String(e)}`);
+    }
+  });
+
+  it("getBalance works for an address", async (t) => {
+    logTest("getBalance works for an address", {});
+    logAddress("staking_contract", STAKING_CONTRACT);
+    const provider = qc.getProvider(ENDPOINT, CHAIN_ID);
+    try {
+      const bal = await provider.getBalance(STAKING_CONTRACT);
+      logTest("getBalance works for an address", { balance: bal.toString() });
+      assert.equal(typeof bal, "bigint");
+      assert.ok(bal >= 0n);
+    } catch (e) {
+      t.skip(`network unavailable: ${e && e.message ? e.message : String(e)}`);
+    }
+  });
+
+  it("contract read operations work (staking contract when available)", async (t) => {
+    logTest("contract read operations work (staking contract when available)", {});
+    logAddress("staking_contract", STAKING_CONTRACT);
+    await Initialize(null);
+    const provider = qc.getProvider(ENDPOINT, CHAIN_ID);
+    try {
+      const abi = require("../fixtures/StakingContract.abi.json");
+      const contract = new qc.Contract(STAKING_CONTRACT, abi, provider);
+      const count = await contract.getDepositorCount();
+      const value = Array.isArray(count) ? count[0] : count;
+      logTest("contract read operations work", { depositorCount: value != null ? String(value) : null });
+      assert.ok(value != null);
+    } catch (e) {
+      t.skip(`network/ABI unavailable: ${e && e.message ? e.message : String(e)}`);
+    }
+  });
+});
+

package/test/integration/provider.test.ts

@@ -0,0 +1,85 @@
+/**
+ * @testCategory integration
+ * @blockchainRequired readonly
+ * @transactional false
+ * @description Read-only integration tests. Endpoint from QC_ENDPOINT or QC_RPC_URL (default: public RPC).
+ */
+
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+
+import { Initialize } from "../../config";
+import qc from "../../index";
+import { logSuite, logTest, logAddress } from "../verbose-logger";
+
+const DEFAULT_RPC = "https://public.rpc.quantumcoinapi.com";
+const CHAIN_ID = 123123;
+const STAKING_CONTRACT = "0x" + "00".repeat(30) + "10" + "00";
+
+const ENDPOINT = process.env.QC_ENDPOINT || process.env.QC_RPC_URL || DEFAULT_RPC;
+const isPublicRpc = ENDPOINT === DEFAULT_RPC;
+
+describe("Provider (readonly)", () => {
+  it("getBlockNumber returns a block number", async (t: { skip: (msg: string) => void }) => {
+    logSuite("Provider (readonly)");
+    logTest("getBlockNumber returns a block number", { endpoint: ENDPOINT, chainId: CHAIN_ID });
+    const provider = qc.getProvider(ENDPOINT, CHAIN_ID);
+    try {
+      const bn = await provider.getBlockNumber();
+      logTest("getBlockNumber returns a block number", { blockNumber: bn });
+      assert.ok(Number.isInteger(bn) && bn >= 0);
+      if (isPublicRpc) assert.ok(bn > 3000000, "public chain height");
+    } catch (e) {
+      t.skip(`network unavailable: ${e && (e as Error).message ? (e as Error).message : String(e)}`);
+    }
+  });
+
+  it("getBlock('latest') works", async (t: { skip: (msg: string) => void }) => {
+    logTest("getBlock('latest') works", {});
+    const provider = qc.getProvider(ENDPOINT, CHAIN_ID);
+    try {
+      const latest = await provider.getBlockNumber();
+      const block = await provider.getBlock("latest");
+      logTest("getBlock('latest') works", { blockNumber: block.number, blockHash: block.hash });
+      assert.ok(block && typeof block === "object");
+      assert.ok(typeof block.number === "number" && block.number >= latest);
+      if (isPublicRpc && latest >= 3386000) {
+        const b = await provider.getBlock(3386000);
+        assert.equal(b.number, 3386000);
+      }
+    } catch (e) {
+      t.skip(`network unavailable: ${e && (e as Error).message ? (e as Error).message : String(e)}`);
+    }
+  });
+
+  it("getBalance works for an address", async (t: { skip: (msg: string) => void }) => {
+    logTest("getBalance works for an address", {});
+    logAddress("staking_contract", STAKING_CONTRACT);
+    const provider = qc.getProvider(ENDPOINT, CHAIN_ID);
+    try {
+      const bal = await provider.getBalance(STAKING_CONTRACT);
+      logTest("getBalance works for an address", { balance: bal.toString() });
+      assert.equal(typeof bal, "bigint");
+      assert.ok(bal >= 0n);
+    } catch (e) {
+      t.skip(`network unavailable: ${e && (e as Error).message ? (e as Error).message : String(e)}`);
+    }
+  });
+
+  it("contract read operations work (staking contract when available)", async (t: { skip: (msg: string) => void }) => {
+    logTest("contract read operations work (staking contract when available)", {});
+    logAddress("staking_contract", STAKING_CONTRACT);
+    await Initialize(null);
+    const provider = qc.getProvider(ENDPOINT, CHAIN_ID);
+    try {
+      const abi = require("../fixtures/StakingContract.abi.json");
+      const contract = new qc.Contract(STAKING_CONTRACT, abi, provider);
+      const count = await contract.getDepositorCount();
+      const value = Array.isArray(count) ? count[0] : count;
+      logTest("contract read operations work", { depositorCount: value != null ? String(value) : null });
+      assert.ok(value != null);
+    } catch (e) {
+      t.skip(`network/ABI unavailable: ${e && (e as Error).message ? (e as Error).message : String(e)}`);
+    }
+  });
+});

package/test/integration/ws-provider.test.js

@@ -1,33 +1,41 @@
-/**
- * @testCategory integration
- * @blockchainRequired readonly
- * @transactional false
- * @description Read-only WebSocket JSON-RPC integration tests against a local geth websocket endpoint
- */
-
-const { describe, it } = require("node:test");
-const assert = require("node:assert/strict");
-
-const qc = require("../../index");
-
-const WS = process.env.QC_WS_URL || "ws://127.0.0.1:8546";
-
-describe("WebSocketProvider (readonly)", () => {
-  it("getBlockNumber and getBlock('latest') work over WebSocket", async (t) => {
-    const provider = new qc.WebSocketProvider(WS);
-    try {
-      const bn = await provider.getBlockNumber();
-      assert.ok(Number.isInteger(bn) && bn >= 0);
-
-      const latest = await provider.getBlock("latest");
-      assert.ok(latest && typeof latest === "object");
-      assert.ok(typeof latest.number === "number" && latest.number >= bn);
-      assert.ok(latest.hash == null || typeof latest.hash === "string");
-    } catch (e) {
-      t.skip(`WebSocket endpoint unavailable (${WS}): ${e && e.message ? e.message : String(e)}`);
-    } finally {
-      if (provider && typeof provider.destroy === "function") provider.destroy();
-    }
-  });
-});
-
+/**
+ * @testCategory integration
+ * @blockchainRequired readonly
+ * @transactional false
+ * @description Read-only WebSocket JSON-RPC integration tests (validates WebSocketProvider only).
+ * Skipped when QC_ENDPOINT is set (e.g. running integration tests over IPC).
+ * Run with VERBOSE=1 for test names, block number/hash.
+ */
+
+const { describe, it } = require("node:test");
+const assert = require("node:assert/strict");
+
+const qc = require("../../index");
+const { logSuite, logTest } = require("../verbose-logger");
+
+const WS = process.env.QC_WS_URL || "ws://127.0.0.1:8546";
+const skipBecauseOtherEndpoint = process.env.QC_ENDPOINT != null && process.env.QC_ENDPOINT !== "";
+
+describe("WebSocketProvider (readonly)", { skip: skipBecauseOtherEndpoint }, () => {
+  it("getBlockNumber and getBlock('latest') work over WebSocket", async (t) => {
+    logSuite("WebSocketProvider (readonly)");
+    logTest("getBlockNumber and getBlock('latest') work over WebSocket", { endpoint: WS });
+    const provider = qc.getProvider(WS);
+    try {
+      const bn = await provider.getBlockNumber();
+      logTest("getBlockNumber (ws)", { blockNumber: bn });
+      assert.ok(Number.isInteger(bn) && bn >= 0);
+
+      const latest = await provider.getBlock("latest");
+      logTest("getBlock('latest') (ws)", { blockNumber: latest.number, blockHash: latest.hash });
+      assert.ok(latest && typeof latest === "object");
+      assert.ok(typeof latest.number === "number" && latest.number >= bn);
+      assert.ok(latest.hash == null || typeof latest.hash === "string");
+    } catch (e) {
+      t.skip(`WebSocket endpoint unavailable (${WS}): ${e && e.message ? e.message : String(e)}`);
+    } finally {
+      if (provider && typeof provider.destroy === "function") provider.destroy();
+    }
+  });
+});
+

package/test/integration/ws-provider.test.ts

@@ -0,0 +1,38 @@
+/**
+ * @testCategory integration
+ * @blockchainRequired readonly
+ * @transactional false
+ * @description Read-only WebSocket JSON-RPC integration tests (validates WebSocketProvider only).
+ */
+
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+
+import qc from "../../index";
+import { logSuite, logTest } from "../verbose-logger";
+
+const WS = process.env.QC_WS_URL || "ws://127.0.0.1:8546";
+const skipBecauseOtherEndpoint = process.env.QC_ENDPOINT != null && process.env.QC_ENDPOINT !== "";
+
+describe("WebSocketProvider (readonly)", { skip: skipBecauseOtherEndpoint }, () => {
+  it("getBlockNumber and getBlock('latest') work over WebSocket", async (t: { skip: (msg: string) => void }) => {
+    logSuite("WebSocketProvider (readonly)");
+    logTest("getBlockNumber and getBlock('latest') work over WebSocket", { endpoint: WS });
+    const provider = qc.getProvider(WS);
+    try {
+      const bn = await provider.getBlockNumber();
+      logTest("getBlockNumber (ws)", { blockNumber: bn });
+      assert.ok(Number.isInteger(bn) && bn >= 0);
+
+      const latest = await provider.getBlock("latest");
+      logTest("getBlock('latest') (ws)", { blockNumber: latest.number, blockHash: latest.hash });
+      assert.ok(latest && typeof latest === "object");
+      assert.ok(typeof latest.number === "number" && latest.number >= bn);
+      assert.ok(latest.hash == null || typeof latest.hash === "string");
+    } catch (e) {
+      t.skip(`WebSocket endpoint unavailable (${WS}): ${e && (e as Error).message ? (e as Error).message : String(e)}`);
+    } finally {
+      if (provider && typeof provider.destroy === "function") provider.destroy();
+    }
+  });
+});

package/test/security/malformed-input.test.js

@@ -1,31 +1,37 @@
-/**
- * @testCategory security
- * @blockchainRequired false
- * @transactional false
- * @description Security tests for malformed input, edge cases, and invalid values
- */
-
-const { describe, it } = require("node:test");
-const assert = require("node:assert/strict");
-
-const { Initialize } = require("../../config");
-const qc = require("../../index");
-
-describe("Security: Malformed Input", () => {
-  it("rejects invalid address length and characters", async () => {
-    await Initialize(null);
-    assert.equal(qc.isAddress("0x1234"), false);
-    assert.equal(qc.isAddress("not-an-address"), false);
-    assert.throws(() => qc.getAddress("0x1234"), /invalid address/i);
-  });
-
-  it("rejects too-long bytes32 strings", () => {
-    assert.throws(() => qc.encodeBytes32String("x".repeat(33)), /max 32/i);
-  });
-
-  it("rejects invalid parseUnits inputs", () => {
-    assert.throws(() => qc.parseUnits("", 18), /invalid/i);
-    assert.throws(() => qc.parseUnits("1.234", 2), /exceeds decimals/i);
-  });
-});
-
+/**
+ * @testCategory security
+ * @blockchainRequired false
+ * @transactional false
+ * @description Security tests for malformed input, edge cases, and invalid values
+ * Run with VERBOSE=1 for test names.
+ */
+
+const { describe, it } = require("node:test");
+const assert = require("node:assert/strict");
+
+const { Initialize } = require("../../config");
+const qc = require("../../index");
+const { logSuite, logTest } = require("../verbose-logger");
+
+describe("Security: Malformed Input", () => {
+  logSuite("Security: Malformed Input");
+  it("rejects invalid address length and characters", async () => {
+    logTest("rejects invalid address length and characters", {});
+    await Initialize(null);
+    assert.equal(qc.isAddress("0x1234"), false);
+    assert.equal(qc.isAddress("not-an-address"), false);
+    assert.throws(() => qc.getAddress("0x1234"), /invalid address/i);
+  });
+
+  it("rejects too-long bytes32 strings", () => {
+    logTest("rejects too-long bytes32 strings", {});
+    assert.throws(() => qc.encodeBytes32String("x".repeat(33)), /max 32/i);
+  });
+
+  it("rejects invalid parseUnits inputs", () => {
+    logTest("rejects invalid parseUnits inputs", {});
+    assert.throws(() => qc.parseUnits("", 18), /invalid/i);
+    assert.throws(() => qc.parseUnits("1.234", 2), /exceeds decimals/i);
+  });
+});
+

package/test/security/malformed-input.test.ts

@@ -0,0 +1,35 @@
+/**
+ * @testCategory security
+ * @blockchainRequired false
+ * @transactional false
+ * @description Security tests for malformed input, edge cases, and invalid values
+ */
+
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+
+import { Initialize } from "../../config";
+import qc from "../../index";
+import { logSuite, logTest } from "../verbose-logger";
+
+describe("Security: Malformed Input", () => {
+  logSuite("Security: Malformed Input");
+  it("rejects invalid address length and characters", async () => {
+    logTest("rejects invalid address length and characters", {});
+    await Initialize(null);
+    assert.equal(qc.isAddress("0x1234"), false);
+    assert.equal(qc.isAddress("not-an-address"), false);
+    assert.throws(() => qc.getAddress("0x1234"), /invalid address/i);
+  });
+
+  it("rejects too-long bytes32 strings", () => {
+    logTest("rejects too-long bytes32 strings", {});
+    assert.throws(() => qc.encodeBytes32String("x".repeat(33)), /max 32/i);
+  });
+
+  it("rejects invalid parseUnits inputs", () => {
+    logTest("rejects invalid parseUnits inputs", {});
+    assert.throws(() => qc.parseUnits("", 18), /invalid/i);
+    assert.throws(() => qc.parseUnits("1.234", 2), /exceeds decimals/i);
+  });
+});