search

Bitcoin-com / Wallet

MIT License
330 stars 233 forks source link

Incorrect derivation path when restoring a BCH wallet using BIP-39 mnemonic seed #68

Open patricknwn opened 6 years ago

patricknwn commented 6 years ago

When trying to import a wallet using my BIP-39 mnemonic seed, the derivation path defaults to m/44'/0'/0' which is the "old" BTC derivation path. I can succesfully import my wallet with this derivation path and see the one test transaction I made using that derivation path.

BCH wallets are expected to use the m/44'/145'/0' derivation path however for the first account, as per the SLIP-0044 list of coin types (https://github.com/satoshilabs/slips/blob/master/slip-0044.md). The wallet that I am trying to restore thus uses this m/44'/145'/0' derivation path.

When I'm trying to import my wallet using this m/44'/145'/0' derivation path, I get an error message that the derivation path is incorrect. The m/44'/0' path seems to be hardcoded for non-testnet wallets in the file Wallet/src/js/services/derivationPathHelper.js. On line 43 the function returns false if the coin_type is not either 0' (live) or 1' (testnet). It should support 145' too for BCH.

[EDIT]: it seems related to Copay issue #7216

emergent-reasons commented 6 years ago

To add some detail, even if it should be 44'/145'/0', many services use the 44'/0'/0' derivation path. In other words, hard-coding this to the new path will cause problems also.

For example:

44'/0'/0'

44'/145'/0'

0'

pezcore commented 6 years ago

It should definitely be 44'/145'/0'. Using the BTC BIP44 derivation path 44'/0'/0' will cause users to share keys with BTC outputs which is a security risk.

emergent-reasons commented 5 years ago

Here is an example where it looks like this issue is causing a user to avoid the bitcoin.com wallet (I have not reproduced that user's full procedure that fails yet though).

I came to post the copay issue that discussed the scenarios and saw patricknwn had already edited into the original post. I think that issue is at least a good guide for the scenarios to be considered.

@pezcore hard coding to 145 will cause many seeds to be unusable in the bitcoin.com wallet. It's good as the default but there must be a way to use other paths, no?

pezcore commented 5 years ago

@emergent-reasons Absolutely. The derivation path should be user-controllable with 145' as the default coin path as per SLIP-0044. Also it is important for the app to educate users about how BIP32 works: at the minimum it should be made clear that both a secret key and a derivation path are required to back up an account.

alfonsofy commented 5 years ago

We're looking into this, excuse us for taking this long to respond.