From 40428861e7a4060a8757f0637217dd333a6e528f Mon Sep 17 00:00:00 2001
From: Chris Duncan <chris@zoso.dev>
Date: Fri, 8 Aug 2025 12:35:54 -0700
Subject: [PATCH] Verify seed in constant time.

---
 src/lib/safe.ts | 23 ++++++++---------------
 1 file changed, 8 insertions(+), 15 deletions(-)

diff --git a/src/lib/safe.ts b/src/lib/safe.ts
index a0f55cc..8a97124 100644
--- a/src/lib/safe.ts
+++ b/src/lib/safe.ts
@@ -279,23 +279,16 @@ export class Safe {
 			}
 			let isVerified = false
 			if (seed != null) {
-				if (seed.byteLength === this.#seed.byteLength) {
-					const userSeed = new Uint8Array(seed)
-					const thisSeed = new Uint8Array(this.#seed)
-					for (let i = 0; i < seed.byteLength; i++) {
-						if (userSeed[i] === thisSeed[i]) {
-							isVerified = true
-						} else {
-							isVerified = false
-							break
-						}
-					}
+				let diff = 0
+				const userSeed = new Uint8Array(seed)
+				const thisSeed = new Uint8Array(this.#seed)
+				for (let i = 0; i < seed.byteLength; i++) {
+					diff |= userSeed[i] ^ thisSeed[i]
 				}
+				isVerified = diff === 0
 			}
-			if (mnemonicPhrase != null) {
-				if (mnemonicPhrase === this.#mnemonic) {
-					isVerified = true
-				}
+			if (mnemonicPhrase != null && mnemonicPhrase === this.#mnemonic) {
+				isVerified = true
 			}
 			return { isVerified }
 		} catch (err) {
-- 
2.47.3