Bug: get_private_keys returns keys from empty passphrase in iguana mode

[DeckerSU]

When calling get_private_keys in iguana mode, the method always returns private keys derived from an empty passphrase, instead of the actual wallet’s keys. This leads to completely incorrect private keys that do not correspond to any addresses in the wallet.

This issue is critical, as it affects key recovery, export, and potentially wallet migration or backup flows.

Steps to Reproduce

1. Start Komodo Wallet 2.5.2-beta_bebdc9a the usual way (from KW dev).

2. Create a non-HD (iguana) wallet with passphrase:

   beyond quality alcohol install snake chalk deposit system baby present stock must
   

3. Log in to the wallet and verify:

   • get_public_key_hash → 5e9a2c6f3a7103a5fd04104615be680b11457235

   • my_balance for KMD shows address RHuQHiTvP9zaJhfWXkaiBLrau9jaAuYsSp

   • get_public_key →

     {
       "mmrpc": "2.0",
       "result": {
         "public_key": "030cbd78ac351604db30939d6566efe52bb0150707116350a57febf05382399f05"
       },
       "id": 1762776187181
     }

     ✅ All correct so far.

4. Run the following get_private_keys request:

   curl -X POST "http://127.0.0.1:7783" \
     -H "Content-Type: application/json" \
     --data-raw '{
       "method": "get_private_keys",
       "mmrpc": "2.0",
       "params": {
         "coins": ["KMD"],
         "mode": "iguana"
       },
       "userpass": "your_RPC_password"
     }'

5. The result is incorrect:

   {
     "mmrpc": "2.0",
     "result": [
       {
         "coin": "KMD",
         "pubkey": "032833aadbf22a7ab67f6623a3a840a288d305e09915dc83c81fce6af0e31aa3b0",
         "address": "RJt3kSRU3XxikWoixmyoA8CFT8kMaSs72M",
         "priv_key": "UwYK689WcBLyiBEaAdTvvJuyGa5mxmfWxeMzahwpEmEpCErq5Abj"
       }
     ],
     "id": null
   }

   This corresponds to a key derived from an empty passphrase, not the real wallet’s key.

---

Expected Behavior

get_private_keys should return private keys corresponding to the current wallet’s passphrase, not from an empty seed.

---

Actual Behavior

get_private_keys ignores the active wallet’s passphrase in iguana mode and returns keys derived from an empty passphrase.

---

Impact

• Exported private keys are invalid.
• Users cannot back up or recover funds from these keys.
• Potential loss of funds if exported keys are used for recovery or migration.

[DeckerSU]

Possible fix:

diff --git a/mm2src/coins/rpc_command/offline_keys.rs b/mm2src/coins/rpc_command/offline_keys.rs
index 3a306503b..e6377b3dc 100644
--- a/mm2src/coins/rpc_command/offline_keys.rs
+++ b/mm2src/coins/rpc_command/offline_keys.rs
@@ -507,18 +507,19 @@ async fn offline_iguana_keys_export_internal(
 
             let prefix_values = extract_prefix_values(&ctx, &ticker, &coin_conf)?;
 
-            let passphrase = ctx.conf["passphrase"].as_str().unwrap_or("");
+            // Get the key pair from CryptoCtx instead of generating from passphrase
+            // This ensures we use the actual wallet's key, not an empty passphrase
+            let crypto_ctx = CryptoCtx::from_ctx(&ctx)
+                .map_err(|e| OfflineKeysError::Internal(format!("Failed to get crypto context: {e}")))?;
 
-            let key_pair = {
-                match key_pair_from_seed(passphrase) {
-                    Ok(kp) => kp,
-                    Err(e) => {
-                        return MmError::err(OfflineKeysError::KeyDerivationFailed {
-                            ticker: ticker.clone(),
-                            error: e.to_string(),
-                        });
-                    },
-                }
+            let key_pair = match crypto_ctx.key_pair_policy() {
+                KeyPairPolicy::Iguana => crypto_ctx.mm2_internal_key_pair().clone(),
+                KeyPairPolicy::GlobalHDAccount(_) => {
+                    return MmError::err(OfflineKeysError::KeyDerivationFailed {
+                        ticker: ticker.clone(),
+                        error: "Iguana key derivation requires Iguana mode".to_string(),
+                    });
+                },
             };
 
             let protocol: CoinProtocol = serde_json::from_value(coin_conf["protocol"].clone()).map_err(|e| {

[onur-ozkan]

I was addressing this problem as part of #2615 while ago.

[shamardy]

Fixed in #2683