Error: bad signature

[ghost]

A few users are reporting the error "1010: Invalid Transaction: Transaction has a bad signature" when trying to send KSM/DOT from their Ledger.

What does this error refer to? Can more context be added to the description?

[jacogr]

That gets returned from the Node itself - it means that the signature that is generated by the Ledger for the transaction payload is not recognizable by the RPC node. Not sure what can cause it in some cases.

[ghost]

Will check with Zondax

[jacogr]

Is it widespread atm? Or a couple of users? This is quite weird - and a nightmare to track down in most cases.

[Tbaut]

FWIW I've seen this yesterday, with Parity Signer when I took my time (a minute or 2) between getting the payload, and actually signing it. I did it again and signed right away, and it worked.

I was expecting an error, but I'm used to see something like "transaction expired".. so not sure the longer time I took for signing was the culprit.

[jacogr]

That could be it as well - the default mortality is 5 minutes, so basically you don't have unlimited time before the transaction becomes invalid.

[MirekHruska]

Hi, few members of our community had this problem too. This is caused when you using Ledger with Kusama and Polkadot apps. In new polkadot.js.org version, account are moved accross. When you create account on polkadot and switch tu kusama network, there is new account created with kusama format address. But when you deposit that account, you can't access it to move you funds (Error: bad signature is shown). Here is video https://youtu.be/RIT5uyfDp-c and here is full video (but in czech language) https://studio.youtube.com/video/KxWrc3S4Q4E . You need to tag that accounts to be sure you will not deposit bad account.

[jacogr]

Ok, so make sure you attach the account (tie to this network) in the settings. Initially when the always-show-Ledger enhancement went it, it didn't tie it to a specific chain.

The UI does do that at this now since the start of last week - but for accounts that were added before, you need to click the below toggle under the 3 ellipsis, so it only shows on the specific chain.

If done on e.g. Polkadot, it won't show anywhere else but on Polkadot.

[ghost]

Jaco: So in order to prevent this from happening, users should make sure that "only this network" is switch ON, yes?

Zondax team: For all the others who this has now happened to - are their tokens lost? Or is there any way to retrieve them? My understanding is that the automatically created KSM address is on their Ledger, so shouldn't they be able to access it? Or am I mistaken?

[MirekHruska]

@jacogr thanks, but I think this is serious trap for novices. Is there solution for allready deposited accounts? You can't use polkadot app on kusama network and if you try to sign your transaction with kusama app, bad signature error will appear. Are those kusama (or dots) lost forever? There are people with hundreds dot/ksm locked on that accounts.

[jacogr]

Just tie the account to the network, so it only displays on that specific network. Or remove/re-add and it will by default tie.

The account visibility is within user-control here.

[MirekHruska]

@jacogr as I said, there are a lot of people that allready send their dots/ksm to that accounts. On youtube, there is a lot of instruction videos that didn't mentioned this and a lot of novices will fall into that trap in near future. So, if someone ask me if his dot/ksm is lost forever, answer is yes? Or there is solution? Thanks

[jacogr]

Since accounts are always derivable by the mnemonic and the account/address indices, nothing is ever lost since you can always get the private keys based on that info.

If you have access to the seeds & offsets and it is on a device for a specific network, you can get to the funds. (The addresses are just the publicKeys in a human-readable format, if you have the mnemonic you can get to the same private key which will yield the same public key)

[MirekHruska]

@jacogr thanks. But there must be some difference, no? When I add my account on polkadto network (Ledger 0/0) and switch to kusama network and add same (Ledger 0/0), it generate two different accounts. So, solution is put memoric seed from ledger (24 words) and restore account on polkadot network from it, switch to kusama network and send KSM out?

[jacogr]

No, the accounts are the same - what you are seeing is the ss58 address, when that is decoded it would yield exactly the same public key. (Addresses look different, but for the same mnemonic and offsets, it maps to the exact same public keys - it is just encoded with a checksum and a network prefix for display)

A real example -

KSM - DzdKNKTXuzoiUKdiKY4Ed21espugk7pe35HvGywk5NbWVNN DOT - 12RJoPEemLFMQMWhuFn1UpVAMuYKaNrnG9y2guhLpNBcwwsj

Underlying to those 2 addresses, the public key is exactly the same. It refers to the same mnemonic and offsets. Just the display encoding is different. In this case for both the above different-looking addresses the decoded public key is 0x3ec60ad661b0cd95690220b7ebfd618099cdf958bac075fe6aafd1d980820b9d for both.

[MirekHruska]

@jacogr are you sure that accounts are same? Account Ledger 0/0 moved from Polkadot => Kusama network has different public addres than same account (0/0) directly added via add ledger button on kusama network with kusama application on Ledger device. There must be some difference, becaus if doesn't matter where you created your account, this thread shouldn't exists :-)

[jacogr]

See the example above :) ss58 is only a display format. It encodes the network ss58 + public key + checksum into base58. On decoding you strip all of that and only use the public key. when sending to the node, the ss58 is not transferred, the actual public key (which is the AccountId) is.

[MirekHruska]

@jacogr ok, thanks, I will try to study it more detailed. Good news is that there is solution, superb. Thanks again.

[jleni]

Hi, few members of our community had this problem too. This is caused when you using Ledger with Kusama and Polkadot apps. In new polkadot.js.org version, account are moved accross. When you create account on polkadot and switch tu kusama network, there is new account created with kusama format address. But when you deposit that account, you can't access it to move you funds (Error: bad signature is shown). Here is video https://youtu.be/RIT5uyfDp-c and here is full video (but in czech language) https://studio.youtube.com/video/KxWrc3S4Q4E . You need to tag that accounts to be sure you will not deposit bad account.

Unfortunately this is not related to the Ledger app themselves.. but the way the integration works in Polkadot.js. I wonder why there is even this option "only this network".

@anjaw3f Would it make sense that polkadot.js adds a popup with an explanation to avoid issues being mislabeled as a problem in the apps?

[ghost]

This is good news! Do you have some practical instructions/steps for regular (non-techy) users to access their funds? Apparently they can't access them right now, even though their Ledger is connected and generated that address. What do they have to do in order to send the funds out?

[ghost]

@anjaw3f Would it make sense that polkadot.js adds a popup with an explanation to avoid issues being mislabeled as a problem in the apps?

I'm always for anything that makes things easier and more clear for users. We do have a lot of beginners, so the clearer we can spell things out for them the better.

[gorgos]

This is good news! Do you have some practical instructions/steps for regular (non-techy) users to access their funds? Apparently they can't access them right now, even though their Ledger is connected and generated that address. What do they have to do in order to send the funds out?

I second this as I'm in the same boat. Any instructions how to access the funds are greatly appreciated.

[icollectassets]

This is good news! Do you have some practical instructions/steps for regular (non-techy) users to access their funds? Apparently they can't access them right now, even though their Ledger is connected and generated that address. What do they have to do in order to send the funds out?

I second this as I'm in the same boat. Any instructions how to access the funds are greatly appreciated.

3rded

[elfif]

Hello i'm upping up that issue that i found it being critical. I have exactly the same issue as previously described, some KSM coins are stuck on a wallet which address is just a translation of my polkadot address, both wallets use Ledger apps on polkadotjs. I agree with @jleni that technically issue is more on the ledger integration on polkadot-js than on the ledger itself. Anyway we need an answer to that issue

[icollectassets]

Hello i'm upping up that issue that i found it being critical. I have exactly the same issue as previously described, some KSM coins are stuck on a wallet which address is just a translation of my polkadot address, both wallets use Ledger apps on polkadotjs. I agree with @jleni that technically issue is more on the ledger integration on polkadot-js than on the ledger itself. Anyway we need an answer to that issue

I've tried everything. My ksm is gone. 30+ hours with no hope of a result.

[MirekHruska]

I'll try to look at it on weekend but right now, there is no step by step instructions. @jacogr , is it possible to create step by step instructions how to set those KSMs and DOTs free? Thanks.

[jacogr]

Just to summarize the comments above -

• If you have an Ledger account visible on multiple networks (the UI will show an indicator for those in the accounts list), just apply the "only this network" toggle. The warning will go away once toggled.

• Newly added accounts will always tie to a specific network

If funds have been send to an address on a network where it now yields a signature error -

• Derivation is an open standard, this means the keys can always be derived from the mnemonic + cointype + account + address (the first 2 from the app, the second two as user-selected)

• For this, we are looking at a couple of options (couple being 2, using the standard derivation above) to ensure you can actually transfer it out (and also being able to recover keys at anytime in the future). One of those approaches is https://github.com/polkadot-js/apps/issues/3703, the other is external to the apps UI

• If there is an update on the previous point, will confirm - as of now just be aware that is being looked at for the best approach(es) by multiple people

If unsure about anything -

• This is not a bug in the Ledger app itself, rather due to the app being used on the wrong network (which the first point above covers)

• Ensure that you trust & verify, i.e. use the option in the account menu to display the address on the device - it should match if the app can sign it correctly

[icollectassets]

Note the ledger show a different address than ksm account. I've recreated. Address shown on ledger but no possible way to get same address thats on "lost" account.

[elfif]

Hello @MirekHruska and @jacogr and thanks for your answers. If you need any additional informations, or want me to perform some tests of any kind i'm all yours.

[daledenton1]

I'm also in this boat. I've just Bonded 50 KSM but when I nominate my validators and click sign and submit I get the 1010 Invalid transaction. Transaction has a bad signature. I'm also a novice at this and do not understand all this technical stuff. Really needs to be an easier fix.

[daledenton1]

When I check 'only this network' tab, then when i switch between Dot and Ksm the accounts are then missing until I uncheck the tab.

[icollectassets]

When I check 'only this network' tab, then when i switch between Dot and Ksm the accounts are then missing until I uncheck the tab.

ill kinda break it down for you to where we understand. ive been at it for over 40 hours now.. the account you put the ksm on is actually your polkadot account, and you have no access to the ksm side of it it just sits there and cant sign anything, if you look at ledger its a wrong address, you can recreate the address on the seed, but not the one thats holding the ksm ... just the correct address that displays on the ledger. from what i can tell theres no way to get it off the ledger itself without knowing as much as these guys. This is my first time even using a ledger and attempting to use polkadot-js im mentally exhausted as im sure you are...

[daledenton1]

Yeah I've been in a pretty bad mood all day over this issue. Very frustrating indeed!

[daledenton1]

Just chatting on Polkadot Watercooler. If you click forget account and then add your key again it should fix it. Haven't tried as yet??

[elfif]

I tried, it did not fix anything. Hopefully, because it would mean that you can also potentially lose a working account created with the Ledger.

From a noob perspective to make it work would require the "import from ledger" feature to accept keys from both DOT & KSM ledger apps when I try to connect to KSM.

[icollectassets]

Ive tried everything. i derived hundreds of accounts, even got the one that it says on the ledger when checking the ksm dot accounts.... nothing cant sign with it either, tried proxy, multisig, the offline sig, i tried every single wallet, every possible hard/soft address theres no way to do it that i can find. i just wanted to get that ksm off of it bad. i definately need a new seed phrase after the dark back allies i took that one down.

[elfif]

Ok i agree @ohhichase issue is nasty, there is real money on the line and i did not think neither of the person impacted really did something wrong or reckless at any moment. On my side i manage to display the KSM wallet account that has an issue from a second computer. As said before that's quite easy in fact. I understand it may be difficult for a dev of the project to catch uyp so let me replay that. You just need to import the DOT wallet account from your ledger (the one from which your problematic KSM account is derived). Then you switch off the "only on this network" switch in the account menu. Then go to KSM network. Your KSM account is there with the expected KSM balance. But issue remains, you can't sign any operation because it would require signing using Ledger DOT app and the polkadot-js app expects only TX to be signed with the KSM one because we are on KSM network....

[daledenton1]

I tried that last night. Switched to only on this network on DOT and my KSM wallet wasn't there. Switched it back and my KSM balance was back. Still unable to sign transactions. Very frustrating!

[MirekHruska]

I tried to solve this today but I totally burned out. I think that solution will be extract account out of ledger straight to polkadot.js.org account, but I don't know how to recover account without using ledger. There is a lot of topics on different memoric seed formats and compatibility, a lot of linux command line tools etc ... nothing what normall user can use. I know that it's possible to get that account out of ledger? @jleni is it possible to write step by step instructions how securely import polkadot / kusama account from ledger straigth to polkadot.js.org? Some simple offline tool (even linux / windows command line) that generate polkadot JSON file based on Ledger BIP39 memoric would be nice :-) Thanks

[icollectassets]

i just had a small breakthrough but too tired to finish.... got a new phone today and put trust app on it. imported a polkadot account with qv and checked later to show no balance. I believe only change i made was on polkadotjs and changed the address prefix from kusama to polkadot in the polkadot portal..... now im not sure exactly how id attempt because trust doesnt have a kusama wallet, but i think its an answer to pulling the kusama off if i can get all stars to align. ill get on it tomorrow...

note i have zero experience in this.. im not a tech guy or even a computer guy at all... im just straight trial and error on it in the best ways i can assume work. its a learning curve for sure.

[icollectassets]

I tried to solve this today but I totally burned out. I think that solution will be extract account out of ledger straight to polkadot.js.org account, but I don't know how to recover account without using ledger. There is a lot of topics on different memoric seed formats and compatibility, a lot of linux command line tools etc ... nothing what normall user can use. I know that it's possible to get that account out of ledger? @jleni is it possible to write step by step instructions how securely import polkadot / kusama account from ledger straigth to polkadot.js.org? Some simple offline tool (even linux / windows command line) that generate polkadot JSON file based on Ledger BIP39 memoric would be nice :-) Thanks

ive tried about every way to derive the file onto polkadotjs ive tried every address ie m/44'/434'/0'/0'/0' in every combination on every single app that gives the option to choose the derived path. I think if i can get the kms account that has the same address as the polkadot kms account again and get that private key i might be able to find a multiwallet with both that could work.. ill update.

[MirekHruska]

https://github.com/paritytech/substrate/issues/7824 there si topic about Ledger support in substrate subkey (still opened). Seems that there is no easy way right now. I think that after more study, I'ill figure it out, but there is no way how to make instructions for ordinary nontechnical people. Everything is too 'geeky'.

[Tbaut]

You're not alone in this. Zondax is working with Polkadot.js to make a recovery possible. Please be patient and please avoid spamming this issue. The problem is understood and a workable solution is on its way.

[jleni]

Yes, correct. We are working in coordination with other stakeholders.

In particular, we are building a special recovery tool (based on a Ledger app) that will allow moving funds across chains to mitigate these problems that people are having when using Polkadot.js

@jleni is it possible to write step by step instructions how securely import polkadot / kusama account from ledger straigth to polkadot.js.org?

We also aim to provide additional tooling/libraries to generate keys but we VERY STRONGLY advise against entering your mnemonic in web or deskop apps.

Early next week we will have a more comprehensive article and a FAQ section about this topic.

We are very committed to this community and do not worry if you sent fund to your own (but incorrect addresses) funds are safe and the recovery tool will be available ASAP.

[jleni]

Just for clarity:

• we DO NOT recommend entering your Ledger mnemonic in any tool beyond the device itself.
• we will prepare a Ledger-based recovery tool in the next few days that will allow people to recover funds sent by mistake to public keys in other substrate-based chain.
• we will keep you updated here and in social media.

[gorgos]

Just posted this in Discord as more and more people are running into this issue and it will be interesting for anyone following here as well:

In my opinion this was a serious UX bug by polkadot.js.org, it shouldn't have happened at all. The fix of adding exclamation marks is in my opinion not good enough, people may still send money to this address.

For anyone curious about the technical details, when you create an account with Ledger on polkadot.js.org for Polkadot, a public key is generated by the Ledger device using the Ledger Polkadot app. The ledger app has built-in configuration for how to derive private keys from the mnemonic. Following the BIP-44 standard it's correctly using 354 in the derivation path, see https://github.com/satoshilabs/slips/blob/master/slip-0044.md.

When you now switch to Kusama, the previously created Polkadot account is for some reason also shown in the UI. If you now send KSM to this address and later try to transfer, it will throw 'bad signature'. This is because the Kusama ledger app is using 434 in the derivation path and so the generated private keys are different. When you add new accounts in Kusama via Ledger, you will see that a different account is created for the same account index.

There's no easy solution for this, but the funds are not lost. You can either insecurely import the mnemonic and use a newly created recovery tool to obtain the private key. Not recommended, so I won't post details here, but I solved the issue for me this way.

Or there needs to be direct support by the Ledger apps which is already in the making. So just stay tuned and follow the Github issue.

[feelwelltm]

5 days and nothing is happening,when i can move my kusama???? when your team will prepare a Ledger-based recovery tool????? when I have to be able to move my kusama in any account I want !!!!!!!!!!!!! hello !!!!!!!!!!!!! solve the problem !!!!!!!!!!!! do something to work well

[daledenton1]

They are hoping to have a fix possibly within the week, so maybe another few days.

[feelwelltm]

nothing has happened yet...........?????

[icollectassets]

When I apply to kappa sigma mu i hope my patience will be taken into consideration. Lol.... but I'm serious i think.

On Sun, Feb 7, 2021, 2:22 PM feelwelltm notifications@github.com wrote:

nothing has happened yet...........?????

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/polkadot-js/apps/issues/4487#issuecomment-774754068, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQ2V5O7JLSVZ4GFPGL5PMLTS53ZAFANCNFSM4WRK6G3A .

[daledenton1]

Yes an update by now would be nice...