From f6c95a7a83d7148217cda42f515b1544c2e5389a Mon Sep 17 00:00:00 2001
From: Chris Duncan <chris@zoso.dev>
Date: Sat, 2 Aug 2025 13:04:48 -0700
Subject: [PATCH] Improve input validation for wallet secret verification.

---
 src/lib/wallet.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lib/wallet.ts b/src/lib/wallet.ts
index f2e243f..ec75759 100644
--- a/src/lib/wallet.ts
+++ b/src/lib/wallet.ts
@@ -459,10 +459,12 @@ export class Wallet {
 			const data: NamedData = {
 				action: 'verify'
 			}
-			if (/^[A-Fa-f0-9]+$/.test(secret)) {
+			if (/^(?:[A-F0-9]{64}){1,2}$/i.test(secret)) {
 				data.seed = hex.toBuffer(secret)
+			} else if (/^([a-z]{3,8} ?){12,24}$/i.test(secret)) {
+				data.mnemonicPhrase = secret.toLowerCase()
 			} else {
-				data.mnemonicPhrase = secret
+				throw new TypeError('Invalid format')
 			}
 			const result = await this.#safe.request<boolean>(data)
 			const { isVerified } = result
-- 
2.47.3