It turns out that if one sends an ibc transfer to a nonsense address, but on an actively functioning channel, the transaction is carried through and naan is sent to the relayer. For instance, this command:

namadac ibc-transfer --source (valid_tnam) --receiver osmoxyz --token naan --amount 100 --channel-id channel-1259

(where "osmoxyz" is the actual input)

the channel relays between namada and cosmoshub, but any string in receiver will be accepted. should there be client-side checks on this?

Funds are returned by relayer after a little while though so not critical but still.

If channel does not exist the tx is rejected by vp when running command.

@opsecx Thank you for reporting it.
As you reported, there is no validation for the receiver address for now.
That's because we want to accept also non-cosmos addresses for IBC transfers. The receiver address format isn't limited and we can't cover all of them in the validation.

If the receiver address doesn't exist, the destination chain rejects the transfer and returns the ack with an error, i.e. the destination has acknowledged receiving the packet but the transfer hasn't succeeded. The source chain checks the ack and then refunds the escrowed tokens. (The relayer never receives the tokens. They're escrowed in the source chain.)

Understand. I wonder if some validation could not be employed, but of course no harm as such when the tokens are returned to sender.