MetaMask / metamask-extension

:globe_with_meridians: :electric_plug: The MetaMask browser extension enables browsing Ethereum blockchain enabled websites
https://metamask.io
Other
12.07k stars 4.93k forks source link

Seed Phrase Bug Bounty #3127

Open danfinlay opened 6 years ago

danfinlay commented 6 years ago

As part of our commitment to the best security we can offer, the MetaMask team is planning to continuously offer a bug bounty on our seed phrase functionality, we are starting the bounty at 1 ether, but anyone is free to add to the bounty as they like.

As we have written about before #2577, and have awarded a bounty for in the past, sometimes users have reported that the seed phrase they were originally given does not restore their original accounts.

We have continued to receive rare but concerning accounts of similar experiences: #2904 #3042 #4756 #4697

The bounty will be paid to anyone who can demonstrate a condition in MetaMask's code base, either through automated tests or manual reproduction, where MetaMask would show a user a seed phrase on first setup that would not work for later restoring their accounts.

Thanks for your interest and participation, we're available to answer any questions about our key management here.

gitcoinbot commented 6 years ago

This issue now has a funding of 1.0 ETH (1189.64 USD) attached to it.

ghost commented 6 years ago

I had same issue with MetaMask chrome extension, a month back, i can reproduce what happened with my account. As i have not read MetaMask's code base, my understanding of seed phrase is limited. But what happened is still a issue.

danfinlay commented 6 years ago

i can reproduce what happened with my account

If you can reproduce a problem that meets this description reliably, you'll be eligible for this bounty, no need to understand the code.

If you'd like to disclose it in secret, please submit your reproduction steps to support@metamask.io

ghost commented 6 years ago

On reading documentation and concept of loose accounts, what happened with my account was, i had imported few accounts with "import account" option, but after reinstalling metmask extension, these imported accounts were gone, luckily i had private keys for these imported accounts, so i had to import these again. In that sense "seed phrase" will only create HD wallet, and will recover only addresses in its derivation path?(Not the previous full state of your account).

danfinlay commented 6 years ago

That's right, the seed phrase is not a password to some server we maintain, it is the secret from which we derive the accounts that you create with MetaMask. It can't help with restoring any other information.

Glad you figured it out!

wong2 commented 6 years ago

Why is this closed?

vs77bb commented 6 years ago

@danfinlay Is this one still open? cc @owocki

danfinlay commented 6 years ago

Sorry, I didn't mean to close this!

owocki commented 6 years ago

working on some issues with gitcoinbot erroneously commenting on issues... looks like it might have happened here. sorry yall, working on it!

owocki commented 6 years ago

just put in a fix for the gitcoinbot craziness. gonna monitor for the next few hours to make sure we're all good.

imcda commented 6 years ago

Hi @danfinlay

METAMASK is really a good wallet. I am a fresh user of METAMASK, and teach my girlfriend to use it. Last night when we use it to join an ICO campaign. We got the TERRIBLE problem. DEEP SAD! We lost our all accounts although we take down the seed prase.

the reproduce progress as below:

  1. we created an account, setted a password and took the seed prase,this is Account 1;

  2. then we created Account 2, 3, 4, 5…… it very easy and there is no seed prase or password (I think this is the important reason)

  3. then we use the address to join the ICO, but we clear all the cache of the browser (this is why my accounts lost )

  4. when we login the metamask use the seed parse and reset the password, we only find the Account 1. the other accounts lost.

That's quite terrible! We lost many tokens which cost us a lot. And I didn't find a good way to get back the account. Maybe never. It really a big BUG, and Why don't you alert users to avoid it? Some advices as below:

  1. Alert all the user one seed parse can only recover the first Account.
  2. if you clear the cache of the browser, you will lose all the accounts.
  3. you should download or takedown every acoount's private key.

Good product but with quite big BUG for fresh users. Hope others good luck. :( a sad day for me.

DanielRX commented 6 years ago

EDIT: @DavidFnck if you press create account it will restore the rest, only account 1 shows but the rest will be there if you create account again

One thing to note, when I clear cache and use the password, it claims to be wrong (it was copied from a text file for testing) so I had to use the seed phrase to restore

BinaryQuasar commented 6 years ago

@DavidFnck The accounts should be restored one-by-one when you perform "create account" in the fresh MetaMask.

EDIT: @DanielMReed edited their comment to say this as well.

tmashuang commented 6 years ago

https://gitcoin.co/funding/details?url=https://github.com/MetaMask/metamask-extension/issues/3127

BGzetro commented 6 years ago

I'm offering up to 20% of my account balance as a bounty if I can gain access to my original address again after being effected by this bug. The bounty I'm offering is worth than the bounty of this issue no (#3127) alone. The issue I created is no #3258 it has been closed but not solved and is the same issue as this one.

BGzetro commented 6 years ago

My original address balance can be seen here and is where I'll pay the bounty out from on regaining access:

https://etherscan.io/address/0xbc70688f0394d98c6016f670d2e2515d0ef63533

BGzetro commented 6 years ago

If the balance increases in value so does the bounty I'm offering i.e 20% of whatever my address is worth at the time of gaining access.

scsaba commented 6 years ago

Hi @BGzetro, can you check if your seed phrase is in correct format?

You can use Notepad++ to check. Copy-paste your seed phrase into a new file. Open the View menu, open "Show Symbols", and select "Show all characters". You should not see CR, LF, array, two consecutive dots, dots at the beginning and the end.

Only the smallest difference can restore/create completely different account.

danfinlay commented 6 years ago

@scsaba Thanks for that summary, I've opened a new issue to automate what you suggested here, we may add a bounty to it:

3440

BGzetro commented 6 years ago

@scsaba

Thanks for the help. I followed your procedure and I can confirm there are no capital letters or double spaces, only a single dot was showing between words.

BGzetro commented 6 years ago

@lazaridiscom As far as i'm aware on note pad++, when you go to "show symbols" spaces are shown as a single dot, as a single dot is shown it indicates a single space between words as it should be so nothing is wrong with my seed. The issue is something else.

BGzetro commented 6 years ago

@danfinlay Could this bug be related to https://github.com/MetaMask/metamask-extension/issues/2577

You and @seesemichaelj original mentioned something about this occuring back in November last year.

BGzetro commented 6 years ago

@lazaridiscom I tried what you said with metamask and generated 15 additional accounts and none matched my original address. I also tried doing the same through myetherwallet so could view 5 addresses related to my seed phrase in order at the time and their balances related to my seed. I checked over 200 address and none showed any balance as none of the addresses matched my original. I feel like I was given an incorrect Seed phase by metamask to copy down inrelation to my original generated address i.e the one I was given was for another string of ethereum addresses.

BGzetro commented 6 years ago

I'm not sure what the correct term is but what I feel has happened on account creation is 2 different accounts were created sort of in parallel somehow at the same time (this should not happen), I was shown a seed phase for one account related to a string of Ethereum addresses but only one account could link to my password upon account creation, the one that linked was for a different seed phase which had a different string of Ethereum addresses.

Me not knowing a bug occurred, saved the seed I was shown and made note of the Ethereum address tied to account 1. I did not go to settings in Metamask to reveal my seed word to check it was the same as I was originally shown I had, If I did I believe I would have been shown a completely different seed phrase to what I had recorded. After a week of successful logins and my Ethereum address showing the same every time I checked, I sent tokens to my Ethereum address for account 1. A couple of days later it would not let me log on with the correct password. I restored my account from the seed phrase I recorded and account 1 then showed a different Ethereum address. I believe this is because this is actually a completely different account, the one I assumed was created in parallel on initial creation.

Anyone think this is a plausable theory?

BGzetro commented 6 years ago

I managed to get back into my account again and transfer all my tokens and Ethereum out of my account into another address I own which i don't use with Metamask :D

Basically last year I installed metamask on mozilla firefox, created an account and recorded that seed. I never used that account and uninistalled metamask.

Then this year I decided to Metamask and completely forgot I created an account i never used. Anyway I installed the lastest version of Metamask on firefox again and this time google chrome also. I created a brand new account using the firefox installation and a brand new seed was shown and an address which i recorded down. It turns out the new accounts address for account 1 does not releate to the new seed I was given but actually relates to the seed from my account I never used last year.

Whilst cleaning up the files on an old memory stick i found a seed phrase to the account I never used. I thought i have nothing to lose as I had already lost it all and tried to recover my account with my seed phase from the account i never used last year. I then created a new password but one which was excatly the same as the new account I recently created and it worked! I went to settings and reveal seed phrase but the new most recent seedphase was still showing not the one I managed to recover my account with. I logged back out and back in and revealed the seed phrase again and this time the correct one was showing. I then as quickly as possible transfered everything out of my address lol.

I beleive this is still a big problem for many.

I think the intial issue of being locked out of your account even if you enter the correct password has something to do with with a conflict between Metamask being used on 2 different browsers for 1 account and how the metamask data is stored. I don't understand it in depth at all but If Metamask is used with firefox then those files are perhaps update and the google chrome data does not until you use it. If you delete your firefox history and have not used the google chrome browser version of Metamask after first creating an account with the firefox browser version then when you enter the correct password perhaps it doesn't recognise it and it locks you out until you restore.

The second issue of being shown a different seed for the ethereum address attached to the metamask account may be to do with previous meta mask data being saved in your browser from along time ago. I don't understand why but it seems after re-installing metamask and creating a new account with the same password as another from along time ago actually restores your previous account but on account creation shows you a seed not relating to your account. If you go to reveal seed word it will show the seed which does not relate to your account. If you get locked out and you restore with the seed phrase most recently shown it will restore an account with a different ethereum address. To get back your original ethereum address back you have to use a previous seed so hopefully you have not deleted it even if you never used that account.

I'm waffling a bit now but please someone try make sense of this, Many people are losing access to their original ethereum address because of this. Hope this helps someone

ghost commented 6 years ago

Well @BGzetro , your luck is back, I guess. If the steps you've given can lead to a reproduction, then your luck is even more back!

danfinlay commented 6 years ago

@BGzetro the current bug bounty is on issue #3127.

Could this be a multiple vault creation issue?

This is what the previous seed phrase bounty was awarded for. We added a few extra locks to ensure that only a single vault is created when the "Create vault" button is clicked.

Could this be a string formatting issue?

The only way to tell if this issue is that issue is to talk to those users, and have them analyze the seed phrases they were trying to use. This would probably require providing a client-side tool they could use to sanitize their seed phrases. I've made tools like this before:

If you could provide a tool that fixes other formatting errors that these don't catch, or could PR against seed-phrase-guesser, and we verified this fixed outstanding issues that we're aware of, we would award this bounty.

What happened?

I'm not sure what the correct term is but what I feel has happened on account creation is 2 different accounts were created sort of in parallel somehow at the same time (this should not happen)

I agree this should not happen, and this is why we have the standing bug bounty for finding anything that would cause something like this (#3127).

I did not go to settings in Metamask to reveal my seed word to check it was the same as I was originally shown I had, If I did I believe I would have been shown a completely different seed phrase to what I had recorded.

This is why we showed a notice to all MetaMask users notifying them to check their settings and back up their seed phrases: https://github.com/MetaMask/metamask-extension/blob/master/notices/archive/notice_3.md

Anyone think this is a plausable theory?

I think it is plausible, and it's a very concerning theory, and I've personally dedicated weeks to looking for possible causes to this, and we've posted a bug bounty. Ultimately, I've come to believe this is basically all we can do. We still have to live our lives, and we can't chase phantoms forever. At a certain point we have to just keep adding to the bounty, and let that serve as our best guarantee that this bug doesn't live.

What a Twist!

I managed to get back into my account again and transfer all my tokens and Ethereum out of my account into another address I own which i don't use with Metamask :D

Basically last year I installed metamask on mozilla firefox, created an account and recorded that seed. I never used that account and uninistalled metamask.

It turns out the new accounts address for account 1 does not releate to the new seed I was given but actually relates to the seed from my account I never used last year.

Now that's something very specific that we can investigate. In my experience, removing an extension also removes all of its data, including your vault, and there should be no way for it to persist, but I've created a new issue for us to investigate this further (#3452).

I think the intial issue of being locked out of your account even if you enter the correct password has something to do with with a conflict between Metamask being used on 2 different browsers for 1 account and how the metamask data is stored.

MetaMask data is entirely local, so there should be no way for MetaMask on one computer to interfere with MetaMask on another computer. They have their own passwords, encrypting their own local vaults. It seems more likely to me that you forgot which password you used on which computer.

We'll investigate the possibility that a computer keeps a deleted vault around, that's very spooky, but for the most part, I'm just glad you were able to recover yours!

BGzetro commented 6 years ago

@lazaridiscom Thank you, it is :). I'll give it a go :+1:

@danfinlay

I was using 2 metamask installations for 1 account, both on the same computer but on different browsers. I'm quite confident I used the same password but what you explain makes sense.

I don't quite have enough knowledge to create a seed phrase tool that fixes other formatting errors or or could PR against seed-phrase-guesser but it is possible that i may be able to reproduce the fault I had. I'll try and see if i can reproduce the fault this week.

Thank you, it's a huge relief! I hope other people with the same issue will do to.

vs77bb commented 6 years ago

@owocki This one could be 'always-open' through expiration, FYI!

matthewarieta commented 6 years ago

Testing GitCoin app

JonnyBurger commented 6 years ago

I have investigated for a few hours, and while I could not produce a scenario where the wrong seed is being shown, I have found some odd things in the code which are a bit wonky and could potentially be a puzzle piece to why a wrong seed is shown.

So although not the solution, I have filed issues / PRs anyway:

  1. Under the hood, two different keys are created initially
  2. Keyrings are duplicated in the code unintentionally
  3. Bug which can cause UI to be updated with old state.
gitcoinbot commented 6 years ago

@gitcointestuser Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

gitcoinbot commented 6 years ago

@gitcointestuser Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

shivgupt commented 6 years ago

Metamask: 3.13.8 Browser: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0"

I found a dangerous situation in which the incorrect seed phrase was shown to the user. If this seed phrase was backed up, it could not be used to restore the accounts being generated & subsequently used.

To reproduce:

  1. install a fresh MetaMask from https://addons.mozilla.org/en-US/firefox/addon/ether-metamask/?src=search

  2. Accept privacy notice and terms & conditions

  3. Click "import new den"

  4. We have prior access to seed words. Maybe a friend generated them and is reciting them to us over the phone. We enter the words as they say them.

  5. Click out of metamask, open password manage and copy our super-strong password to the clipboard.

  6. Open metamask, paste password into the "create a new den" fields and click create

  7. Oops, this isn't what we wanted. We see randomly generated seed words (we'll call these seed words #2) but we're trying to restore an existing seed phrase (#1). Open top-right settings and click logout.

  8. Click "restore from seed phrase" and we see our original seed phrase #1 is still here, how convenient!

  9. Paste our password into these fields and click OK

  10. Here, we see the randomly generated seed words #2. We are told to "Save them somewhere safe and secret." to restore our account. (Warning: these seed words (#2) will not restore the account that we're trying to load into Metamask via seed words #1). Being a naive & forgetful end-user, we don't realize these are different so we save them somewhere safe to ensure we can restore our accounts if the worst happens.

  11. Click "I've saved them somewhere safe" and we see the accounts loaded from seed words #1.

  12. We send funds to these accounts. We transact with these accounts. We develop reputation tied to these accounts. If only we'd revealed our seed words at some point, we'd have seen seed phrase #1 is correctly tied to these accounts & maybe we would have noticed that the phrase we originally backed up (#2) was wrong.

  13. The worst happens! We spill coffee on our laptop or accidentally drill a hole through our hard drive. Good thing we wrote down the seed words that were shown to us!

  14. We enter the seed phrase shown immediately after we restored our account (phrase #2). This phrase does not restore the accounts we've been using, our heart is broken.

If this reproduction satisfies the conditions of the bounty, then send funds to account: 0xada083a3c06ee526F827b43695F2DcFf5C8C892B

Thanks & I hope this helps make a great project even better!

gitcoinbot commented 6 years ago

@amitkumar991 Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

gitcoinbot commented 6 years ago

@rav8815 Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

jchittoda commented 6 years ago

Sometimes when I have some imported PKs in my MetaMask and also modified the names of the accounts, then after some browser restarts MetaMask re-arrange the accounts based on the name of the account. So if this sorting creating the problem then this might be the case also when importing new seed. Sometimes also observed that the names are not stored in MetaMask even after doing multiple attempts. and sometimes it fetched the old stored names even if I have removed old seed and restored new seed, and when restore old seed, again the names of the old seed comes. So somewhere it keeps storing the names of the accounts even if the different seed is configured.

gitcoinbot commented 6 years ago

@thjnhcolag Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

gitcoinbot commented 6 years ago

@thjnhcolag Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

gitcoinbot commented 6 years ago

@thjnhcolag Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

gitcoinbot commented 6 years ago

@thjnhcolag Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

gitcoinbot commented 6 years ago

@thjnhcolag Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

gitcoinbot commented 6 years ago

@thjnhcolag Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

spm32 commented 6 years ago

Hi @thjnhcolag unfortunately we have to remove you from this issue and return it to the crowd as we haven't seen any progress. Please let us know if you think we've made a mistake!

gitcoinbot commented 6 years ago

Issue Status: 1. Open 2. Started 3. Submitted 4. Done


Work has been started.

These users each claimed they can complete the work by 3 weeks, 4 days from now. Please review their questions below:

  1. iC0rraxX has started work (1st dibs).

  2. iC0rraxX has started work (2nd dibs).

gitcoinbot commented 6 years ago

@iC0rraxX Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

gitcoinbot commented 6 years ago

@iC0rraxX Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

owocki commented 6 years ago

cancelling this bounty now

bdresser commented 6 years ago

this bounty is off Gitcoin but still stands - if you're able to identify an issue, please let the team know

gitcoinbot commented 6 years ago

Issue Status: 1. Open 2. Started 3. Submitted 4. Done


This issue now has a funding of 10.0 ETH (2180.79 USD @ $218.08/ETH) attached to it.