Skip to content

feat(rn-cli-wallet): add multi-chain wallet import for TON, TRON, and SUI #371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ignaciosantise wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat(rn-cli-wallet): add multi-chain wallet import for TON, TRON, and SUI #371

ignaciosantise wants to merge 3 commits into from

Conversation

@ignaciosantise
Copy link
Collaborator

@ignaciosantise ignaciosantise commented Jan 30, 2026

Summary

Add wallet import functionality for TON (secret key/seed), TRON (private key), and SUI (BIP39 mnemonic) chains alongside existing EVM support. Implements a new SegmentedControl component for chain selection and enhances the SecretPhrase screen to display secrets for all supported chains. Also fixes toast notification z-index by repositioning it within the navigation stack.

Changes

  • New SegmentedControl component: Reusable animated UI element for chain selection with spring animation
  • Wallet import functions: Chain-specific validation and import for TON, TRON, and SUI
  • ImportWalletModal enhancement: Multi-chain support with dynamic placeholder text and validation
  • SecretPhrase screen redesign: Shows secrets for all chains with copy functionality
  • SUI balance support: Added SUI to wallet balance tracking and display

Test Plan

  • Import TON wallet using 128-char secret key or 64-char seed
  • Import TRON wallet using 64-char hex private key
  • Import SUI wallet using 12-24 word BIP39 mnemonic
  • Verify Secret Keys & Phrases screen displays all chain secrets
  • Verify balances refresh after importing new wallets
  • Verify toast notifications appear above navigation bar
  • Test SUI balance display with 0 balance fallback

🤖 Generated with Claude Code

@ignaciosantise @claude
feat(rn-cli-wallet): add multi-chain wallet import for TON, TRON, and…
2ae1d13 
… SUI

Add import functionality for TON (secret key/seed), TRON (private key), and SUI (BIP39 mnemonic) wallets. Includes:
- New wallet import functions for each chain with validation
- SegmentedControl component for chain selection
- Updated ImportWalletModal supporting all chains
- Enhanced SecretPhrase screen displaying secrets for all chains
- SUI balance support in WalletStore
- Proper state management in SettingsStore

Fixes toast notification z-index by moving Toast component after Navigator.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings January 30, 2026 18:25
@vercel
Copy link

vercel bot commented Jan 30, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
react-native-examples Ready Ready Preview, Comment Jan 30, 2026 6:50pm

Request Review

@claude
Copy link

claude bot commented Jan 30, 2026
edited
Loading

Claude finished @ignaciosantise's task in 1m 35s —— View job

Code Review Complete

Reviewed multi-chain wallet import implementation for TON, TRON, and SUI.

Found 3 issue(s)

Issue 1: Sensitive data displayed in plaintext error messages

ID: importwalletmodal-error-plaintext-a7f2
File: wallets/rn_cli_wallet/src/modals/ImportWalletModal.tsx:122-129
Severity: MEDIUM
Category: security

Context:

  • Pattern: Error handling at line 123-129 displays user input in error toasts via error.message
  • Risk: Failed validation or import errors may echo back the user's private key/mnemonic in the toast notification
  • Impact: Sensitive cryptographic material exposed in UI notifications, potentially visible in screenshots or screen recordings
  • Trigger: Any validation error from loadTonWallet, loadTronWallet, or loadSuiWallet that includes the input string

Recommendation: Sanitize error messages before displaying:

} catch (error: unknown) {
  // Never display the actual input in error messages
  Toast.show({
    type: 'error',
    text1: 'Import failed',
    text2: error instanceof Error ? error.message : 'Invalid input format',
  });
}

Additionally, review wallet util files (TonWalletUtil.ts:59-61, TronWalletUtil.ts:53-55, SuiWalletUtil.ts:52) to ensure error messages don't include input values.

Issue 2: Unencrypted storage of private keys

ID: tonwalletutil-storage-unencrypted-b4c9
File: wallets/rn_cli_wallet/src/utils/TonWalletUtil.ts:77, TronWalletUtil.ts:68, SuiWalletUtil.ts:64
Severity: HIGH
Category: security

Context:

  • Pattern: Private keys, secret keys, and mnemonics stored directly in MMKV without encryption (TonWalletUtil:77, TronWalletUtil:68, SuiWalletUtil:64)
  • Risk: MMKV provides persistence but not encryption; sensitive material is accessible to anyone with file system access
  • Impact: Compromised device = immediate access to all wallet private keys and funds
  • Trigger: Any wallet import or creation operation

Recommendation: While comments acknowledge this is for development, add explicit runtime warning:

// After storage.setItem calls
if (__DEV__) {
  console.warn(
    '[SECURITY] Private keys stored unencrypted. Use secure enclave (Keychain/Keystore) in production'
  );
}

For production reference implementation, consider adding commented example using react-native-keychain or platform secure storage.

Issue 3: Missing input sanitization before validation

ID: importwalletmodal-input-sanitize-c2e1
File: wallets/rn_cli_wallet/src/modals/ImportWalletModal.tsx:156-174
Severity: LOW
Category: code_quality

Context:

  • Pattern: TextInput at lines 156-174 allows multiline input with no sanitization before passing to wallet loaders
  • Risk: Users may accidentally paste extra whitespace, newlines, or hidden characters that could bypass validation
  • Impact: Confusing validation errors or potential edge cases in hex/mnemonic parsing
  • Trigger: Copy-paste from documents, notes apps, or terminals with formatting

Recommendation: Sanitize input before validation:

const handleImport = async () => {
  // Normalize: trim, remove newlines, collapse multiple spaces
  const sanitized = input.trim().replace(/\s+/g, ' ');
  
  if (!sanitized) {
    Toast.show({
      type: 'error',
      text1: EMPTY_INPUT_ERROR[selectedChain],
    });
    return;
  }
  
  // Use sanitized input for all imports
  const result = await loadTonWallet(sanitized);
  // ...
}

Summary

PR Scope: 11 files, 610 additions, 103 deletions - moderate size, acceptable.

Overall Assessment: Implementation follows React Native patterns well with proper TypeScript usage, state management via Valtio, and good component structure. The SegmentedControl component is well-designed with smooth animations. Input validation for each chain format is comprehensive.

Key Issues:

  1. Security: Error messages may leak sensitive input; sanitize before displaying
  2. Security: Unencrypted storage acknowledged but needs explicit warnings for reference implementation
  3. UX: Input sanitization missing; users may encounter confusing errors from formatting issues

Recommendations:

  • Add error message sanitization to prevent leaking sensitive data in toasts
  • Add explicit security warnings in dev console about unencrypted storage
  • Sanitize user input (trim, normalize whitespace) before validation

github-actions[bot]
github-actions bot reviewed Jan 30, 2026
View reviewed changes
Copilot AI reviewed Jan 30, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds multi-chain wallet import functionality for TON, TRON, and SUI blockchains to complement the existing EVM support. It introduces a new SegmentedControl component for chain selection, enhances the SecretPhrase screen to display secrets for all supported chains, and adds SUI balance tracking.

Changes:

  • Added wallet import functions with chain-specific validation for TON (secret key/seed), TRON (private key), and SUI (BIP39 mnemonic)
  • Created reusable SegmentedControl component with animated chain selection
  • Enhanced SecretPhrase screen to display all chain secrets with copy functionality
  • Added SUI balance support and updated WalletStore to handle optional addresses for all chains

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
wallets/rn_cli_wallet/src/utils/TonWalletUtil.ts Added loadTonWallet function with validation for 128-char secret key or 64-char seed input
wallets/rn_cli_wallet/src/utils/TronWalletUtil.ts Added loadTronWallet function with validation for 64-char hex private key input
wallets/rn_cli_wallet/src/utils/SuiWalletUtil.ts Added loadSuiWallet function with BIP39 mnemonic validation
wallets/rn_cli_wallet/src/store/WalletStore.ts Added SUI balance support and made eip155Address optional to support multi-chain scenarios
wallets/rn_cli_wallet/src/store/SettingsStore.ts Added tonWallet and tronWallet state properties with corresponding setter methods
wallets/rn_cli_wallet/src/screens/Wallets/index.tsx Added suiAddress handling for wallet balance fetching
wallets/rn_cli_wallet/src/screens/Wallets/components/TokenBalanceCard.tsx Increased address truncation from 4 to 6 trailing characters
wallets/rn_cli_wallet/src/screens/Settings/index.tsx Updated labels from "Secret phrases" to "Secret Keys & Phrases" and "Import EVM Wallet" to "Import Wallet"
wallets/rn_cli_wallet/src/screens/SecretPhrase/index.tsx Redesigned to show secrets for all chains (EVM, SUI, TON, TRON) with individual copy buttons
wallets/rn_cli_wallet/src/modals/ImportWalletModal.tsx Added multi-chain support with SegmentedControl, dynamic placeholders, and chain-specific validation
wallets/rn_cli_wallet/src/components/SegmentedControl.tsx New component providing animated tab-style control for chain selection

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ignaciosantise @claude
fix(rn-cli-wallet): address PR review feedback
d60ac1c 
- Add __DEV__ console warnings for unencrypted storage in wallet utils
- Add whitespace normalization for user input in ImportWalletModal
- Add defensive default case with LogStore error logging
- Use reactive state from SettingsStore in SecretPhrase screen
- Improve TON error message to include expected length info

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ignaciosantise