- H-3: Rate limit wallet-link nonce to 5 per user per 5 minutes (429)
- H-4: Verify sender address matches JWT walletAddress in add-owner-proposal;
also include walletAddress in JWT eid claims
- M-1: Sanitize EIP-6963 provider icons — only allow https: and safe
data:image/(png|jpeg|gif|webp), block SVG and javascript: URIs
- M-2: Validate threshold is a positive integer ≤ newOwnerCount, fetch
actual Safe owner list for bounds checking
- M-3: Add VALID_ETH_ADDR regex validation to all 9 routes that accept
address params (Safe proxy, EOA proxy, propose, confirm, execute,
add-owner-proposal) to prevent SSRF via path traversal
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Jeff Emmett
92fde65d60