search

iotaledger / trinity-wallet

Trinity is IOTA's old, deprecated wallet. Use Firefly instead.
https://trinity.iota.org
Other
470 stars 120 forks source link

Ledger Nano X - Wrong Address Generated When Using Additional Passphrase #2621

Open iotavanhelsing opened 4 years ago

iotavanhelsing commented 4 years ago

Bug description

An address is generated for the wrong ledger account (same ledger device set up with 2 accounts; 1 without passphrase, 1 with passphrase).

Environment Specs

Steps To Reproduce

  1. Reset ledger, set up 24 words and choose a pin. This is now referred to as account 1.
  2. Add a second pin to the same ledger, which attaches to an additional passphrase. This is now referred to as account 2. (See https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security)
  3. Install iota app on ledger.
  4. Disconnect ledger, login with pin to account 1. (first pin). Open IOTA app on ledger.
  5. Add account 1 to trinity.
  6. Disconnect ledger and reconnect, log in with pin to account 2 (connected to seedphrase). Open IOTA app on ledger.
  7. Add account 2 to trinity.
  8. Disconnect ledger and reconnect, login with pin to account 1. Open IOTA app on ledger.
  9. Use the receive function to generate an address on account 1 in trinity. This should work as the 2 accounts (trinity/ledger match). Confirm on the ledger device by pressing both buttons.
  10. Try to use the receive function to generate an address on account 2 in trinity. This fails (ledger device mismatch) as of course account 1 (ledger) cannot be used to generate an address for account 2.
  11. Disconnect the ledger, login with account 2. The IOTA app appears to still be open, I don't have to open it again (perhaps this is cause of the error?)
  12. Use the receive function to generate an address on account 2 in trinity. This should work as the 2 accounts (trinity/ledger) match, however IT DOES NOT!
  13. Try to use the receive function to generate an address on account 1 in trinity. This should not work however it DOES!
iotavanhelsing commented 4 years ago

I too cannot replicate on nano s either. After I disconnect on the ledger nano s and log in with second pin, the iota app does not remain open as was the case on ledger nano x, I have to open it again hence why there is no error there.

I tried again on nano x and couldn't replicate it any more as when I disconnect the nano x, the device now stays turned on. I believe the bug is caused by the fact that the battery was low (it was a new device) when I used it, as it did turn the screen off and asked for the pin code again when I reconnected it. (Now it does not ask for the pin again). Because the iota app remained open, the above error happened.

cvarley100 commented 4 years ago

@iotavanhelsing Forgive me, I have not yet used a Ledger Nano X. So from what I understand, the Ledger Nano X will stay on when disconnected from a power source (unlike the S), and close the IOTA app. However, you are suggesting that, when in lower power mode, it will go to sleep once disconnected from a power source and the IOTA app will remain open, thus causing this issue?

cvarley100 commented 4 years ago

@iotavanhelsing If you are able to try again and provide reproduction steps that would be great, we have not managed to reproduce this.

JettaRed commented 3 years ago

When you add a passphrase to your Ledger, you are actually creating a second wallet entirely, often referred to as a hidden wallet. So, the receive addresses will be different as if you had a 2nd Ledger with a different 24-word seed phrase. This is not a Ledger bug, but a function/feature of the BIP39 protocols.