grod220
commented
4 months ago Oh strange, we use that library's validateMnemonic() which pulls from their own wordlists: https://github.com/bitcoinjs/bip39/blob/master/ts_src/_wordlists.ts. I suppose there are other bip39 languages beyond their own lists?
Ah, but it looks like they have them all covered: https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md. I'm confused why they'd suggest we allow invalid words if their own validation function is comprehensive. I also wonder where it would throw if we did allow non-valid words. If we are not confident in the library's validation func, in theory, we could make the form validation error based on "do these words not throw when attempting to generate a viewing+spend key".
currently, we enforce recovery phrase validation
https://github.com/penumbra-zone/web/blob/1f7390c77b07bfab7bd4f286d357d3e54b68c248/apps/extension/src/routes/page/onboarding/import.tsx#L34-L45
this is a misuse of the bip39 library, which prominently recommends that phrase validity should be displayed, but should not be enforced
https://github.com/bitcoinjs/bip39/blob/master/README.md#reminder-for-developers