Status-react: In recovery, we need to refuse any mnemonic with words out of our supported BIP-39 dictionaries

Created on 26 Sep 2019  Â·  14Comments  Â·  Source: status-im/status-react

Problem

As a user I want to have only BIP39 seedphrases so that I won't be using a memory wallet which is inherently unsafe.

Description

_Updated description on 31/10/19. Issue is ready for pick-up._ [RH]

https://github.com/status-im/status-react/pull/9005#issuecomment-535437102

We MUST not let the user enter invalid seedphrases (not valid based on BIP39)

The roadmap for this feature:

step 1/ (like Trust wallet does, most minimalist approach) user enters seed, if mnemonic is not correct (some words are not part of dictionary, or the checksum is not ok) then when user validates mnemonic we show a minimalist error message "seed phrase not correct" and the user corrects his sentence with no special indication of what's wrong
step 2/ while a user types a word and it turns out it's not in our supported dictionaries we prompt a warning that this word is not in dictionary
step 3/ we do autocomplete of words

Acceptance Criteria

The scope of this issue is step 1 only.

  • Words are validated against a known dictionary
  • Word count is validated
  • Checksum is validated
  • If the seedphrase entered does not match dictionary, has wrong word count or is not checksum validated, display error copy: Your seed phrase is not correct. Please try again.

Implementation notes

blocked high-priority high-severity
Source
picture yenda
👍21

Most helpful comment

This issue is thus about step 1, and will be closed once step 1 is done.

No design work needed.

If words are bad, or checksum is bad, error message can be : "Your seed phrase is not correct, please try again"

Improvements will be provided with https://github.com/status-im/status-react/issues/9084

picture guylouis on 1 Oct 2019
👍2

All 14 comments

@dmitryn @andmironov
any design work needed here ?

guylouis picture guylouis on 30 Sep 2019

yes we need a design for the auto completion of the words

yenda picture yenda on 30 Sep 2019
👍1

pinging @rachelhamlin too here

given the number of things to complete for v1, we could consider to go for a stepped approach:

  • step 1/ (like Trust wallet does, most minimalist approach) user enters seed, if mnemonic is not correct (some words are not part of dictionary, or the checksum is not ok) then when user validates mnemonic we show a minimalist error message "seed phrase not correct" and the user corrects his sentence with no special indication of what's wrong
  • step 2/ while a user types a word and it turns out it's not in our supported dictionaries we prompt a warning that this word is not in dictionary
  • step 3/ we do autocomplete of words

wdyt ?

guylouis picture guylouis on 30 Sep 2019
👍2

Agree with step based. Step 1 is the MVP, Step 2 and Step 3 are UX improvements.

3esmit picture 3esmit on 1 Oct 2019

This issue is thus about step 1, and will be closed once step 1 is done.

No design work needed.

If words are bad, or checksum is bad, error message can be : "Your seed phrase is not correct, please try again"

Improvements will be provided with https://github.com/status-im/status-react/issues/9084

guylouis picture guylouis on 1 Oct 2019
👍2

Additional step here for which I'm curious if it's feasible at all:

step 4/ prevent native on-screen keyboard from auto completing the seed phrase. Currently having the first 2 letters of my phrase is all I need to recover:)

hesterbruikman picture hesterbruikman on 1 Oct 2019
👍1

Here's the current design. There's a word count and a popup we display after the user hits "Next" if the seed phrase has words that are not in our dictionary

Screen Shot 2019-10-03 at 16 54 07

andmironov picture andmironov on 3 Oct 2019

changed name of issue to "In recovery, we need to refuse any mnemonic with words out of our supported BIP-39 dictionaries" to distinguish it from newly created #9393

guylouis picture guylouis on 4 Nov 2019

after discussion with @gravityblast we decided to implement validation in status-go https://github.com/status-im/status-go/issues/1663

flexsurfer picture flexsurfer on 6 Nov 2019
👍1

Can I close this one @flexsurfer? Or do we need to build the error message?

StatusSceptre picture StatusSceptre on 28 Nov 2019

no, because we still need to make changes in status-react after status-go part will be ready

flexsurfer picture flexsurfer on 28 Nov 2019
👍1

@flexsurfer once we finalize my PR, is the work on the status-react side to replace all of the phrase validation related functions in ethereum.mnemonic with a single call to the ValidMnemonic in status-go since that validates word length, words being in the dictionary, and checksum?

acolytec3 picture acolytec3 on 5 Dec 2019

probably we could still validate length in status-react, and if the length is valid, then validate in status-go

flexsurfer picture flexsurfer on 5 Dec 2019
👍1

@flexsurfer Understood. I'll work up a local branch and see if I can get it to call the new Go method. Not 100% sure I've got everything set up right on the status-go side but we'll see.

acolytec3 picture acolytec3 on 7 Dec 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lukaszfryc picture lukaszfryc  Â·  3Comments
andmironov picture andmironov  Â·  3Comments
flexsurfer picture flexsurfer  Â·  3Comments
Serhy picture Serhy  Â·  3Comments
denis-sharypin picture denis-sharypin  Â·  4Comments