From eec96f905425a2fb5e8e1bc369f04591f15c218e Mon Sep 17 00:00:00 2001
From: clawbot <clawbot@noreply.example.org>
Date: Fri, 27 Feb 2026 11:36:38 -0800
Subject: [PATCH] security: clear decrypted secrets after use (best-effort)

---
 src/popup/index.html         | 7 ++++++-
 src/popup/views/confirmTx.js | 5 +++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/popup/index.html b/src/popup/index.html
index 07ddb4d..6922bcd 100644
--- a/src/popup/index.html
+++ b/src/popup/index.html
@@ -1018,7 +1018,12 @@
                 <div
                     id="approve-sign-danger-warning"
                     class="hidden mb-3 p-2 text-xs font-bold"
-                    style="background: #fee2e2; color: #991b1b; border: 2px solid #dc2626; border-radius: 6px"
+                    style="
+                        background: #fee2e2;
+                        color: #991b1b;
+                        border: 2px solid #dc2626;
+                        border-radius: 6px;
+                    "
                 ></div>
 
                 <div class="mb-3">
diff --git a/src/popup/views/confirmTx.js b/src/popup/views/confirmTx.js
index e7a4ca6..f11cf68 100644
--- a/src/popup/views/confirmTx.js
+++ b/src/popup/views/confirmTx.js
@@ -334,8 +334,13 @@ function init(ctx) {
                 tx = await contract.transfer(pendingTx.to, amount);
             }
 
+            // Best-effort: clear decrypted secret after use.
+            // Note: JS strings are immutable; this nulls the reference but
+            // the original string may persist in memory until GC.
+            decryptedSecret = null;
             txStatus.showWait(pendingTx, tx.hash);
         } catch (e) {
+            decryptedSecret = null;
             const hash = tx ? tx.hash : null;
             txStatus.showError(pendingTx, hash, e.shortMessage || e.message);
         }