From c264e5ddbd5c4aa12adc5c6b590c139c5be3ef13 Mon Sep 17 00:00:00 2001
From: Chris Duncan <chris@zoso.dev>
Date: Sat, 2 Aug 2025 13:00:09 -0700
Subject: [PATCH] Improve wallet secret import validation.

---
 src/lib/wallet.ts | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/lib/wallet.ts b/src/lib/wallet.ts
index 9b971a2..f2e243f 100644
--- a/src/lib/wallet.ts
+++ b/src/lib/wallet.ts
@@ -109,11 +109,13 @@ export class Wallet {
 				type,
 				password: utf8.toBuffer(password)
 			}
-			if (/^[A-Fa-f0-9]+$/.test(secret)) {
+			if (/^(?:[A-F0-9]{64}){1,2}$/i.test(secret)) {
 				data.seed = hex.toBuffer(secret)
-			} else {
-				data.mnemonicPhrase = secret
+			} else if (/^([a-z]{3,8} ?){12,24}$/i.test(secret)) {
+				data.mnemonicPhrase = secret.toLowerCase()
 				if (mnemonicSalt != null) data.mnemonicSalt = mnemonicSalt
+			} else {
+				throw new TypeError('Invalid wallet data')
 			}
 			const result = self.#safe.request<ArrayBuffer>(data)
 			const { iv, salt, encrypted } = await result
-- 
2.47.3