fix: validate mnemonics are legit bip39, closes #239

app/hooks/use-ledger.ts

@@ -26,7 +26,7 @@ export function useLedger() {
 
   const createListener = useCallback(() => {
     const tHid = TransportNodeHid.listen({
-      next: async (event: any) => {
+      next: async event => {
         if (event.type === 'add') {
           clearTimeout(disconnectTimeouts.current);
           tHid.unsubscribe();

app/pages/onboarding/03-restore-wallet/restore-wallet.tsx

@@ -1,15 +1,14 @@
 import React, { useState } from 'react';
 import { useHistory } from 'react-router';
 import { useDispatch } from 'react-redux';
-import { deriveRootKeychainFromMnemonic } from '@blockstack/keychain';
+import { validateMnemonic } from 'bip39';
 import { Text, Input } from '@blockstack/ui';
 
 import routes from '@constants/routes.json';
 import { Hr } from '@components/hr';
 import { ErrorLabel } from '@components/error-label';
 import { ErrorText } from '@components/error-text';
 import { persistMnemonic } from '@store/keys/keys.actions';
-import { safeAwait } from '@utils/safe-await';
 import { useBackButton } from '@hooks/use-back-url.hook';
 import {
   Onboarding,
@@ -21,17 +20,18 @@ import {
 } from '@components/onboarding';
 
 export const RestoreWallet: React.FC = () => {
+  useBackButton(routes.WELCOME);
+
   const [mnemonic, setMnemonic] = useState('');
   const [error, setError] = useState<string | null>(null);
   const history = useHistory();
-  useBackButton(routes.WELCOME);
   const dispatch = useDispatch();
 
   const handleMnemonicInput = (e: React.FormEvent<HTMLInputElement>) => {
     setMnemonic(e.currentTarget.value.trim());
   };
 
-  const handleSecretKeyRestore = async (e: React.FormEvent) => {
+  const handleSecretKeyRestore = (e: React.FormEvent) => {
     e.preventDefault();
 
     const mnemonicLength = mnemonic.trim().split(' ').length;
@@ -45,8 +45,8 @@ export const RestoreWallet: React.FC = () => {
       setError('The Stacks Wallet can only be used with 24-word Secret Keys');
       return;
     }
-    const [error] = await safeAwait(deriveRootKeychainFromMnemonic(mnemonic));
-    if (error) {
+
+    if (!validateMnemonic(mnemonic)) {
       setError('Not a valid bip39 mnemonic');
       return;
     }
@@ -72,7 +72,7 @@ export const RestoreWallet: React.FC = () => {
         onChange={handleMnemonicInput}
         as="textarea"
         mt="base-tight"
-        minHeight="88px"
+        minHeight="90px"
         placeholder="24-word Secret Key"
         style={{
           resize: 'none',

package.json

@@ -214,6 +214,7 @@
     "argon2-browser": "1.15.1",
     "axios": "0.20.0",
     "bignumber.js": "9.0.0",
+    "bip39": "3.0.2",
     "bn.js": "5.1.3",
     "buffer": "5.6.0",
     "c32check": "1.1.2",

yarn.lock

@@ -2063,6 +2063,11 @@
   resolved "https://registry.yarnpkg.com/@types/node/-/node-14.6.4.tgz#a145cc0bb14ef9c4777361b7bbafa5cf8e3acb5a"
   integrity sha512-Wk7nG1JSaMfMpoMJDKUsWYugliB2Vy55pdjLpmLixeyMi7HizW2I/9QoxsPCkXl3dO+ZOVqPumKaDUv5zJu2uQ==
 
+"@types/node@11.11.6":
+  version "11.11.6"
+  resolved "https://registry.yarnpkg.com/@types/node/-/node-11.11.6.tgz#df929d1bb2eee5afdda598a41930fe50b43eaa6a"
+  integrity sha512-Exw4yUWMBXM3X+8oqzJNRqZSwUAaS4+7NdvHqQuFi/d+synz++xmX3QIf+BFqneW8N31R8Ky+sikfZUXq07ggQ==
+
 "@types/node@14.10.3":
   version "14.10.3"
   resolved "https://registry.yarnpkg.com/@types/node/-/node-14.10.3.tgz#5ae1f119c96643fc9b19b2d1a83bfa2ec3dbb7ea"
@@ -3365,6 +3370,16 @@ bindings@^1.5.0:
   dependencies:
     file-uri-to-path "1.0.0"
 
+bip39@3.0.2:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/bip39/-/bip39-3.0.2.tgz#2baf42ff3071fc9ddd5103de92e8f80d9257ee32"
+  integrity sha512-J4E1r2N0tUylTKt07ibXvhpT2c5pyAFgvuA5q1H9uDy6dEGpjV8jmymh3MTYJDLCNbIVClSB9FbND49I6N24MQ==
+  dependencies:
+    "@types/node" "11.11.6"
+    create-hash "^1.1.0"
+    pbkdf2 "^3.0.9"
+    randombytes "^2.0.1"
+
 bluebird-lst@^1.0.9:
   version "1.0.9"
   resolved "https://registry.yarnpkg.com/bluebird-lst/-/bluebird-lst-1.0.9.tgz#a64a0e4365658b9ab5fe875eb9dfb694189bb41c"
@@ -9131,7 +9146,7 @@ path-type@^4.0.0:
   resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b"
   integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==
 
-pbkdf2@^3.0.3:
+pbkdf2@^3.0.3, pbkdf2@^3.0.9:
   version "3.1.1"
   resolved "https://registry.yarnpkg.com/pbkdf2/-/pbkdf2-3.1.1.tgz#cb8724b0fada984596856d1a6ebafd3584654b94"
   integrity sha512-4Ejy1OPxi9f2tt1rRV7Go7zmfDQ+ZectEQz3VGUQhgq62HtIRPDyG/JtnwIxs6x3uNMwo2V7q1fMvKjb+Tnpqg==