From e4b5cb4649d9e5092c5de95331274d84b39664cd Mon Sep 17 00:00:00 2001
From: Penzlik <schoolkam@gmail.com>
Date: Thu, 7 May 2026 10:01:42 +0300
Subject: [PATCH] fix(docs): replace Math.random() nonce with
 crypto.randomUUID() in Wagmi setup example

Closes #1390

Math.random() is not cryptographically secure and should not be used
for SIWE nonces. Replaced with crypto.randomUUID() which is available
in all modern browsers and Node.js 14.17+, consistent with the
authenticate-users guide.
---
 docs/base-account/framework-integrations/wagmi/setup.mdx | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/docs/base-account/framework-integrations/wagmi/setup.mdx b/docs/base-account/framework-integrations/wagmi/setup.mdx
index cd96ec631..1d7242e80 100644
--- a/docs/base-account/framework-integrations/wagmi/setup.mdx
+++ b/docs/base-account/framework-integrations/wagmi/setup.mdx
@@ -334,10 +334,8 @@ export function SignInWithBase({ connector }: SignInWithBaseProps) {
     const provider = await connector.getProvider();
     if (provider) {
       try {
-        // Generate a fresh nonce (this will be overwritten with the backend nonce)
-        const clientNonce =
-          Math.random().toString(36).substring(2, 15) +
-          Math.random().toString(36).substring(2, 15);
+        // Generate a cryptographically secure nonce using Web Crypto API
+        const clientNonce = crypto.randomUUID();
         console.log("clientNonce", clientNonce);
         // Connect with SIWE to get signature, message, and address
         const accounts = await (provider as any).request({