[GUI][Restore wallet] Wallet can be restored with seed that has words truncated/suffixed with junk

[b4n6-b4n6]

Kindly observe video where I restored seed abandon x 25, but specific only aband x 25
restore-bug-3.webm

Expected behavior: cannot restore seed with trunacted/suffixed with junk words

I think this is important, because it is possible to misspell words (especially when writing off paper / for non-english native speakers) and a word can get mixed up for another word in such case and restore to a different seed altogether

[selsta]

Only the first three letters get verified, that's how it is currently programmed. It has downsides and upsides, but this is currently intended behaviour, not only in the GUI but also CLI wallet.

[b4n6-b4n6]

okay... say we have scenario...

user misspells 'ailments' as 'aimlets', dosen't notice the misspelling and continues to restore this wallet, in this case 'aimlets' will successfully restore to 'aimless' instead of 'ailments' and user can be left confused
other words that can be misspelt yet successfully restore to another word include 'criminal' / 'circle' and 'bubble' / 'bulb'

edit: this does not happen in practice because the modern checksum check will catch this in practice, please ignore

Only the first three letters get verified, that's how it is currently programmed. It has downsides and upsides, but this is currently intended behaviour, not only in the GUI but also CLI wallet.

[b4n6-b4n6]

Kindly observe video restore-bug-3.webm
Expected behavior: cannot restore seed with trunacted/suffixed with junk words
I think this is important, because it is possible to misspell words (especially when writing off paper / for non-english native speakers) and a word can get mixed up for another word in such case and restore to a different seed altogether

I am baffled. All wallets should deny access. So he created addresses for you, right? The entropy level is zero.

I want to learn more from the experts.

Entropy level is not relevant to this issue. Seed like abandon x 25 can be used for testing. In video I want to bring attention to the possibility to specifiy seed words as truncated or suffix with any chars. In video I successfully restored wallet with seed a'bandon' x 25 while only specifing 'aband' x 25

[b4n6-b4n6]

problems that can occur in practice from this will be fixed with #4342

[b4n6-b4n6]

Only the first three letters get verified, that's how it is currently programmed. It has downsides and upsides, but this is currently intended behaviour, not only in the GUI but also CLI wallet.

selsta! I am working on a patch for this that does not change existing code, only adds an extra check post error to find strange words, please review PR here

Also I'd love to hear more about these 'upsides'

[selsta]

I've approved the PR you linked, it will be merged with the next round of merges. The main upside is that people that make a typo somewhere after the first 3 letters in the word can still get their wallet restored. I'm not sure if that's the rational behind it, or not. Since the first 3 letters are all unique it's all that is required to verify a seed.