Seedphrase with any value outside dictionary always recovers the same account

[Serhy]

Bug Report

Problem

If any of seed phase values outside of Status dictionary we still give ability to proceed with recovering flow notifying user that "One or more words might be misspelled". However, in that case there is always the same address and public key is recovered: 0x959FD7Ef9089B7142B6B908Dc3A8af7Aa8ff0FA1 Which corresponds to empty mnemonic .

Apart that it's bug itself, another point is that empty mnemonic (or undefined mnemonic) already in blockchain bandits set. And this may at some point put Status not into good light when users (those who will want to proceed account recover with misspelled seedphrase), thinking it's their lucky day (there are already some tokens live in this address) realise their funds were transferred out immediately. And user will blame Status in that case.

Expected behavior

Private key recovered according to seed phrase entered in the input when recoveing account.

Actual behavior

Disregard the seed phrase with the words outside Status dictionary, - mnemonic value passed is unknown which results in the same account with address 0x959FD7Ef9089B7142B6B908Dc3A8af7Aa8ff0FA1

Notes

For the developer who will be investigating. Is it related to another PR? Tips on where to start?

Acceptance Criteria

• seedphrase cats cats cats cats cats cats cats cats cats cats cats cats recovers 0x9EeC46dd694cAC190b00f7348180FC10125E2E61 address
• seedphrase dogs dogs dogs dogs dogs dogs dogs dogs dogs dogs dogs dogs recovers 0x0C330E94Fab3Dd874DD663D6D2Bda2fe491BBd87 address

Reproduction

• Open Status and tap Access key -> Enter seed phrase
• Enter abc abc abc abc abc abc abc abc abc abc abc abc in seed phrase input
• On the ...some words might be misspelled.. pup-up tap Continue
• Proceed onboarding and navigate to Wallet main view
• Check that wallet address is 0x2F26E56E08939024C6d2927E68CEa62786e9e900

Additional Information

• Status version: develop 0.14.0 (2016102802)
• Operating System: Android and iOS

[Serhy]

@rachelhamlin due to reasons explained in the description I included in V1. Makes sense to bounty as fo me, apparently we fail to grab the seedphrase value after ...some words might be misspelled... pop-up submission

[Serhy]

This issue is a bit different from #9062 but likely touches the same module. I'd keep this one open and if we fix it along with #9062 it will be great!

[Serhy]

With @rachelhamlin 's help found there is a separate issue https://github.com/status-im/status-react/issues/9050 which dealing with seed phrase words outside of the BIP29 list which may fix this issue as well. Keeping this issue open until #9050 is addressed.

[StatusSceptre]

Think we can close this one @Serhy? I don't foresee us needing to fix it so long as we are preventing users from recovering non-dictionary seedphrases.

[Serhy]

Okay. Agree to close as #9050 should automatically fix this issue too.

[GENERALGUBERNATOR1]

0x959FD7Ef9089B7142B6B908Dc3A8af7Aa8ff0FA1 этот кошелек фишинг у меня есть ключ но я не могу закончить ico я отправил свои токены сюда как вытащить их мне перенаправляют фишинг на другой кошелек