[Bug]: Lightning and contacts Backup/Restore do not use BIP-39 passphrase

[catch-21]

Describe the bug

The lightning and contacts backup do not consider the BIP-39 passphrase. They are always restored regardless of passphrase used. Therefore, if your wallet uses a passphrase and you either forget to enter it or enter the wrong passphrase when restoring, although your on-chain transactions and balance will not show, your lightning-related activities and contacts will restore. This could also be a problem for those who want to use multiple accounts derived using different passphrases for the same 12 words, e.g. a fake dummy account.

Reproduce

1. Create a wallet that uses a passphrase (13th word)
2. Create profile, add contact, make some on-chain and off-chain transactions and have a balance
3. Backup your seed phase (12 words)
4. Reset wallet
5. Restore with the 12 words and WITHOUT the passphrase
6. "Wallet Restored." "You have successfully restored your wallet from backup." messages are displayed. Proceed to home screen.
7. Observe backup of LN transaction Activities and contacts have restored. Profile is new "Your Name" and Balance is zero. No on-chain activities are listed.

Screenshots / Recording

https://github.com/synonymdev/bitkit/assets/74595920/cc257642-ef43-4e88-9de4-080f3f0847cf

Operating system

Android 13 TKQ1.220829.002

Bitkit version

v1.0.0-beta.113

Log output

No response

[Jasonvdb]

Thanks yeah this was also picked up in the audit, lightning seed was not using the bip39 passphrase to derive it's seed and that was being used as the wallet's backup account.

I have a fix for this but to avoid migrating this node for all existing users it will be patched in the fresh start app we're doing. Will update here when that app is ready to be tested.

[Jasonvdb]

Fixed here https://github.com/synonymdev/bitkit/pull/1771

[catch-21]

Tested on 898a58a42979ef8bee906b10182c8a12399e1d16 Restore appears to correctly use the passphrase now for LN and profile. Closing.