From 5163195fc462557c7049c7bf6fcbe896ec77ad23 Mon Sep 17 00:00:00 2001
From: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Date: Sat, 7 Feb 2026 16:19:49 +0700
Subject: [PATCH 1/2] Potential fix for code scanning alert no. 84: Insecure
 randomness

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
---
 packages/wallet/dapp-client/src/DappTransport.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/wallet/dapp-client/src/DappTransport.ts b/packages/wallet/dapp-client/src/DappTransport.ts
index 072fa056f4..2dc898f746 100644
--- a/packages/wallet/dapp-client/src/DappTransport.ts
+++ b/packages/wallet/dapp-client/src/DappTransport.ts
@@ -513,6 +513,10 @@ export class DappTransport {
   }
 
   private generateId(): string {
-    return `${Date.now().toString(36)}-${Math.random().toString(36).substring(2, 9)}`
+    // Use crypto.getRandomValues for cryptographically secure randomness
+    const array = new Uint32Array(1);
+    window.crypto.getRandomValues(array);
+    const randStr = array[0].toString(36);
+    return `${Date.now().toString(36)}-${randStr}`;
   }
 }

From 4971e7798ea42412ab1baf96c43bce2f86368872 Mon Sep 17 00:00:00 2001
From: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Date: Sat, 7 Feb 2026 16:23:47 +0700
Subject: [PATCH 2/2] Update packages/wallet/dapp-client/src/DappTransport.ts

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
---
 packages/wallet/dapp-client/src/DappTransport.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/wallet/dapp-client/src/DappTransport.ts b/packages/wallet/dapp-client/src/DappTransport.ts
index 2dc898f746..0eb0804ae3 100644
--- a/packages/wallet/dapp-client/src/DappTransport.ts
+++ b/packages/wallet/dapp-client/src/DappTransport.ts
@@ -516,7 +516,7 @@ export class DappTransport {
     // Use crypto.getRandomValues for cryptographically secure randomness
     const array = new Uint32Array(1);
     window.crypto.getRandomValues(array);
-    const randStr = array[0].toString(36);
+    const randStr = array[0].toString(36).padStart(7, '0');
     return `${Date.now().toString(36)}-${randStr}`;
   }
 }