User see different Gaia data with the same private key on different browsers

[pradel]

Component

On Chrome:

On Arc:

Severity

• Major (Unable to proceed on a journey)

Summary

Jay Jay from Liquidium reported an issue when connecting on Sigle with Xverse on 2 different browsers. The content he sees in his drafts is different in both browsers.

I suspect that Xverse is not injecting the correct Gaia Sigle URL and thus 2 buckets were created. You can see in the 2 following JSON that the Gaia URL for other apps are differents too.

Here is the content of blockstack-session for the chrome one (the one which is up to date)

{
  "version": "1.0.0",
  "userData": {
    "profile": {
      "@type": "Person",
      "@context": "http://schema.org",
      "apps": {
        "https://app.hirevibes.io": "https://gaia.blockstack.org/hub/1QJvNZpdH8v2v8AHfdxPGQhbDiBaVTUmBp/",
        "https://app.alexlab.co": "https://gaia.blockstack.org/hub/1Finx3TP4vyi5Y4W9zZvazKMau1vY3PARU/",
        "https://app.sigle.io": "https://gaia.hiro.so/hub/19mnKRBDf8CN6AfLgYe1R36iJF5xzQV1wJ/",
        "https://blocksurvey.io": "https://gaia.blockstack.org/hub/1EDWHWz9Y3821WbqJRftzb9scj6yoJBRJJ/",
        "https://liquidium.finance": "https://gaia.blockstack.org/hub/1PAy9HiKHPuwo2PbAabJj9jdU96aFzu3ww/",
        "https://explorer.stacks.co": "https://gaia.blockstack.org/hub/1NKvUxwNzwqupsB9chp9GcXnZsYLJy9qsg/",
        "https://sendstx.com": "https://gaia.blockstack.org/hub/1NsLq45jbqjRfnfhYwNefPF6Wa23YQGKri/",
        "https://fanciful-faloodeh-b57848.netlify.app": "https://gaia.blockstack.org/hub/1HhUQBAKf8KT6wLjbPgsf9GWjfrUYfsChm/",
        "https://app.arkadiko.finance": "https://gaia.hiro.so/hub/199wQR5BXRSGDRc48jgvzMkfGggjYEcT6E/",
        "https://www.tradeport.xyz": "https://gaia.blockstack.org/hub/14Sr37FEAEbKqm6CyEUNtrBtcJzfziF6m7/",
        "https://create.gamma.io": "https://gaia.blockstack.org/hub/1ERKfzDDvoShgmiSdyZgXq3ZumnBuVLjUr/",
        "http://localhost:3000": "https://gaia.blockstack.org/hub/1PLXFodXzjt8vSo18CzzGaGXd46RwD21sD/",
        "https://stxape.com": "https://gaia.blockstack.org/hub/1AWeDHUkKqDCaMPEYF4kDCrwHtS1X2hdkJ/",
        "https://app.testnet.alexlab.co": "https://gaia.blockstack.org/hub/1HieMM4hHNR17L7LnpQM2zZ3sxwifs3LKh/",
        "https://app.liquidium.fi": "https://gaia.blockstack.org/hub/1EPs4XJUxJqdve4xSiTvopHF6ghyV7fwSt/",
        "https://app.hirevibes.com": "https://gaia.blockstack.org/hub/1NmposivxVyyJWjsAiEmMwnVUYx8QmY2MJ/",
        "https://testnet.liquidium.fi": "https://gaia.blockstack.org/hub/1DU6Vz5Hm4By8DaheRPiqFYLjaJACr9t9c/",
        "https://beta.bitflow.finance": "https://gaia.hiro.so/hub/12tfwp1QNzHituBEPApcYAjMGTmU419t7J/"
      },
      "appsMeta": {
        "https://app.hirevibes.io": {
          "storage": "https://gaia.blockstack.org/hub/1QJvNZpdH8v2v8AHfdxPGQhbDiBaVTUmBp/",
          "publicKey": "02a914bb8f49166846e41bb437290399190acaa12038239ae01e2a4afcb5ee6520"
        },
        "https://app.alexlab.co": {
          "storage": "https://gaia.blockstack.org/hub/1Finx3TP4vyi5Y4W9zZvazKMau1vY3PARU/",
          "publicKey": "02dc91c9ec3564aea1f533044d6a5431442a065f566f5d4ad2956c29fa74f33c97"
        },
        "https://app.sigle.io": {
          "storage": "https://gaia.hiro.so/hub/19mnKRBDf8CN6AfLgYe1R36iJF5xzQV1wJ/",
          "publicKey": "02d08796c8f91f91eb4563ca20c4ced9457326abef5c614465ee7aa94fbd9d48e9"
        },
        "https://blocksurvey.io": {
          "storage": "https://gaia.blockstack.org/hub/1EDWHWz9Y3821WbqJRftzb9scj6yoJBRJJ/",
          "publicKey": "030387f36a893d49ae077ffe257a6d401ab762272506bc108dca9ca35f280c4254"
        },
        "https://liquidium.finance": {
          "storage": "https://gaia.blockstack.org/hub/1PAy9HiKHPuwo2PbAabJj9jdU96aFzu3ww/",
          "publicKey": "027c4fa66d02ddcb53a974980cfa60af121709e3278496acae994e4466240c0d49"
        },
        "https://explorer.stacks.co": {
          "storage": "https://gaia.blockstack.org/hub/1NKvUxwNzwqupsB9chp9GcXnZsYLJy9qsg/",
          "publicKey": "02846858ad84e7994d54de9b320d9b2b518c9f8d0a96d14b0f5db51ec4f4da08ce"
        },
        "https://sendstx.com": {
          "storage": "https://gaia.blockstack.org/hub/1NsLq45jbqjRfnfhYwNefPF6Wa23YQGKri/",
          "publicKey": "02c33666cba617a235dbc5ca05afecba625bc80a60cdaf3b5bbf6dc641727fa7be"
        },
        "https://fanciful-faloodeh-b57848.netlify.app": {
          "storage": "https://gaia.blockstack.org/hub/1HhUQBAKf8KT6wLjbPgsf9GWjfrUYfsChm/",
          "publicKey": "03a5e78f26c6d64d3e00fb798c5238a28004f942698dd8dabde0435d1e2c9484c5"
        },
        "https://app.arkadiko.finance": {
          "storage": "https://gaia.hiro.so/hub/199wQR5BXRSGDRc48jgvzMkfGggjYEcT6E/",
          "publicKey": "02d9ce4b8157cbf0d77ebc28309b4b785c545437cba1efe5a4a795c39cc3b1fb2e"
        },
        "https://www.tradeport.xyz": {
          "storage": "https://gaia.blockstack.org/hub/14Sr37FEAEbKqm6CyEUNtrBtcJzfziF6m7/",
          "publicKey": "02f320fdb9670f5bb55aab0a3f5f441be05dc69bc1cb3976976cd3d7809c7e8237"
        },
        "https://create.gamma.io": {
          "storage": "https://gaia.blockstack.org/hub/1ERKfzDDvoShgmiSdyZgXq3ZumnBuVLjUr/",
          "publicKey": "02b7bcf71d3446e4d166e4fbdabbdd2450a07810bc61886f96fa5b249cdf7f8b89"
        },
        "http://localhost:3000": {
          "storage": "https://gaia.blockstack.org/hub/1PLXFodXzjt8vSo18CzzGaGXd46RwD21sD/",
          "publicKey": "02f30fe0128dc0b2802e852b568fe245ca0eecad3a9df193d4811af72487c56859"
        },
        "https://stxape.com": {
          "storage": "https://gaia.blockstack.org/hub/1AWeDHUkKqDCaMPEYF4kDCrwHtS1X2hdkJ/",
          "publicKey": "0253342a031552cd161fc964e7951e817f8496edddae7f51ab5beef1d29d8a36af"
        },
        "https://app.testnet.alexlab.co": {
          "storage": "https://gaia.blockstack.org/hub/1HieMM4hHNR17L7LnpQM2zZ3sxwifs3LKh/",
          "publicKey": "02e25e282a94a542f8febd3a6caf664fab8edba9c9e80a3caa0823fbbff9dcf4e0"
        },
        "https://app.liquidium.fi": {
          "storage": "https://gaia.blockstack.org/hub/1EPs4XJUxJqdve4xSiTvopHF6ghyV7fwSt/",
          "publicKey": "0268cb179b3567c06a8715e508687e12b5fabf3f4ff2f23ee079e51b9524a453d4"
        },
        "https://app.hirevibes.com": {
          "storage": "https://gaia.blockstack.org/hub/1NmposivxVyyJWjsAiEmMwnVUYx8QmY2MJ/",
          "publicKey": "03f5519b3f113e88c118af9de63595426de957d4e4bb62d64ad18561b07174a4a8"
        },
        "https://testnet.liquidium.fi": {
          "storage": "https://gaia.blockstack.org/hub/1DU6Vz5Hm4By8DaheRPiqFYLjaJACr9t9c/",
          "publicKey": "03865dd8f55c078f6986fd5d5e240465087c2232b814c8a0a2a2c3791f6e8922d9"
        },
        "https://beta.bitflow.finance": {
          "storage": "https://gaia.hiro.so/hub/12tfwp1QNzHituBEPApcYAjMGTmU419t7J/",
          "publicKey": "03a17cf4244d59a82ec08701b750be7ef12a99889bc504c3222a46777e56f21900"
        }
      },
      "stxAddress": {
        "testnet": "STYHY9MV6S08YJQVW0R400ADXZBBJ0GM0AJD73A0",
        "mainnet": "SPYHY9MV6S08YJQVW0R400ADXZBBJ0GM096BMY34"
      }
    },
    "email": null,
    "decentralizedID": "did:btc-addr:17duq65vx5mJGoxg5J11gqmMJNrwkg2jx1",
    "identityAddress": "17duq65vx5mJGoxg5J11gqmMJNrwkg2jx1",
    "appPrivateKey": "xxx",
    "coreSessionToken": null,
    "authResponseToken": "xxx",
    "hubUrl": "https://hub.hiro.so",
    "appPrivateKeyFromWalletSalt": null,
    "coreNode": null,
    "gaiaAssociationToken": "xxx",
    "gaiaHubConfig": {
      "url_prefix": "https://gaia.hiro.so/hub/",
      "max_file_upload_size_megabytes": 20,
      "address": "19mnKRBDf8CN6AfLgYe1R36iJF5xzQV1wJ",
      "token": "xxx",
      "server": "https://hub.hiro.so"
    }
  },
  "transitKey": "xxx",
  "etags": {
    "settings.json": "0x8DB8194D0813F0A",
    "stories.json": "0x8DB920521EA676E"
  }
}

Here is the content of blockstack-session for the arc one (the one which is not up to date)

{
  "version": "1.0.0",
  "userData": {
    "profile": {
      "@type": "Person",
      "@context": "http://schema.org",
      "apps": {
        "https://app.hirevibes.io": "https://gaia.blockstack.org/hub/1QJvNZpdH8v2v8AHfdxPGQhbDiBaVTUmBp/",
        "https://app.alexlab.co": "https://gaia.blockstack.org/hub/1CfXisC9pRiLHK6hMMuBDvJAHYxtVBEgVJ/",
        "https://app.sigle.io": "https://gaia.blockstack.org/hub/169DVfuD4HCP3ECsGRNo8eeyedpkjEDSMG/",
        "https://blocksurvey.io": "https://gaia.blockstack.org/hub/1Ee2nVx9vHuSzJMwydkUwywNZNpRCc6Wr8/",
        "https://liquidium.finance": "https://gaia.blockstack.org/hub/1PAy9HiKHPuwo2PbAabJj9jdU96aFzu3ww/",
        "https://explorer.stacks.co": "https://gaia.blockstack.org/hub/1NKvUxwNzwqupsB9chp9GcXnZsYLJy9qsg/",
        "https://sendstx.com": "https://gaia.blockstack.org/hub/1NsLq45jbqjRfnfhYwNefPF6Wa23YQGKri/",
        "https://fanciful-faloodeh-b57848.netlify.app": "https://gaia.blockstack.org/hub/1HhUQBAKf8KT6wLjbPgsf9GWjfrUYfsChm/",
        "https://app.arkadiko.finance": "https://gaia.blockstack.org/hub/199wQR5BXRSGDRc48jgvzMkfGggjYEcT6E/",
        "https://www.tradeport.xyz": "https://gaia.blockstack.org/hub/14Sr37FEAEbKqm6CyEUNtrBtcJzfziF6m7/",
        "https://create.gamma.io": "https://gaia.blockstack.org/hub/1ERKfzDDvoShgmiSdyZgXq3ZumnBuVLjUr/",
        "http://localhost:3000": "https://gaia.blockstack.org/hub/1PLXFodXzjt8vSo18CzzGaGXd46RwD21sD/"
      },
      "appsMeta": {
        "https://app.hirevibes.io": {
          "storage": "https://gaia.blockstack.org/hub/1QJvNZpdH8v2v8AHfdxPGQhbDiBaVTUmBp/",
          "publicKey": "02a914bb8f49166846e41bb437290399190acaa12038239ae01e2a4afcb5ee6520"
        },
        "https://app.alexlab.co": {
          "storage": "https://gaia.blockstack.org/hub/1CfXisC9pRiLHK6hMMuBDvJAHYxtVBEgVJ/",
          "publicKey": "02692dc597fbb5a7f5536a9567b42b95aea63fd9962d869926e1ab8a0148f14346"
        },
        "https://app.sigle.io": {
          "storage": "https://gaia.blockstack.org/hub/169DVfuD4HCP3ECsGRNo8eeyedpkjEDSMG/",
          "publicKey": "0237e9f52ffdc018c96c84c0bac2b1398b66bcb47b5769f33b0d1b0a54005b5b2f"
        },
        "https://blocksurvey.io": {
          "storage": "https://gaia.blockstack.org/hub/1Ee2nVx9vHuSzJMwydkUwywNZNpRCc6Wr8/",
          "publicKey": "039556a80de9087a9266fb80067b35c552a538863c7c262be1876c34b25733ef4a"
        },
        "https://liquidium.finance": {
          "storage": "https://gaia.blockstack.org/hub/1PAy9HiKHPuwo2PbAabJj9jdU96aFzu3ww/",
          "publicKey": "027c4fa66d02ddcb53a974980cfa60af121709e3278496acae994e4466240c0d49"
        },
        "https://explorer.stacks.co": {
          "storage": "https://gaia.blockstack.org/hub/1NKvUxwNzwqupsB9chp9GcXnZsYLJy9qsg/",
          "publicKey": "02846858ad84e7994d54de9b320d9b2b518c9f8d0a96d14b0f5db51ec4f4da08ce"
        },
        "https://sendstx.com": {
          "storage": "https://gaia.blockstack.org/hub/1NsLq45jbqjRfnfhYwNefPF6Wa23YQGKri/",
          "publicKey": "02c33666cba617a235dbc5ca05afecba625bc80a60cdaf3b5bbf6dc641727fa7be"
        },
        "https://fanciful-faloodeh-b57848.netlify.app": {
          "storage": "https://gaia.blockstack.org/hub/1HhUQBAKf8KT6wLjbPgsf9GWjfrUYfsChm/",
          "publicKey": "03a5e78f26c6d64d3e00fb798c5238a28004f942698dd8dabde0435d1e2c9484c5"
        },
        "https://app.arkadiko.finance": {
          "storage": "https://gaia.blockstack.org/hub/199wQR5BXRSGDRc48jgvzMkfGggjYEcT6E/",
          "publicKey": "02d9ce4b8157cbf0d77ebc28309b4b785c545437cba1efe5a4a795c39cc3b1fb2e"
        },
        "https://www.tradeport.xyz": {
          "storage": "https://gaia.blockstack.org/hub/14Sr37FEAEbKqm6CyEUNtrBtcJzfziF6m7/",
          "publicKey": "02f320fdb9670f5bb55aab0a3f5f441be05dc69bc1cb3976976cd3d7809c7e8237"
        },
        "https://create.gamma.io": {
          "storage": "https://gaia.blockstack.org/hub/1ERKfzDDvoShgmiSdyZgXq3ZumnBuVLjUr/",
          "publicKey": "02b7bcf71d3446e4d166e4fbdabbdd2450a07810bc61886f96fa5b249cdf7f8b89"
        },
        "http://localhost:3000": {
          "storage": "https://gaia.blockstack.org/hub/1PLXFodXzjt8vSo18CzzGaGXd46RwD21sD/",
          "publicKey": "02f30fe0128dc0b2802e852b568fe245ca0eecad3a9df193d4811af72487c56859"
        }
      },
      "stxAddress": {
        "testnet": "STYHY9MV6S08YJQVW0R400ADXZBBJ0GM0AJD73A0",
        "mainnet": "SPYHY9MV6S08YJQVW0R400ADXZBBJ0GM096BMY34"
      }
    },
    "email": null,
    "decentralizedID": "did:btc-addr:17duq65vx5mJGoxg5J11gqmMJNrwkg2jx1",
    "identityAddress": "17duq65vx5mJGoxg5J11gqmMJNrwkg2jx1",
    "appPrivateKey": "xxx",
    "coreSessionToken": null,
    "authResponseToken": "xxx",
    "hubUrl": "https://hub.blockstack.org",
    "appPrivateKeyFromWalletSalt": null,
    "coreNode": null,
    "gaiaAssociationToken": "xxx",
    "gaiaHubConfig": {
      "url_prefix": "https://gaia.hiro.so/hub/",
      "max_file_upload_size_megabytes": 20,
      "address": "169DVfuD4HCP3ECsGRNo8eeyedpkjEDSMG",
      "token": "xxx",
      "server": "https://hub.blockstack.org"
    }
  },
  "transitKey": "xxx",
  "etags": {
    "settings.json": "0x8DBC896C2350F51",
    "stories.json": "0x8DBDDFE318E21EA"
  }
}

Reproduce steps

This is the tricky part, I haven't been able to reproduce the behavior on my side. However it's not the first time a user reported losing access to his content. What I saw is that the Gaia hub where files were stored always changed for these users.

Expected result

Jay Jay should see the same Gaia hub on both browsers

Actual result

He gets 2 differents Gaia buckets for Sigle.

Remark

Let me know if you need more info from my side or Jay Jay side.

[teebszet]

Hi @pradel,

Thanks for reporting this issue to us!

we did recently migrate our gaiahub hostname, which may explain the difference in data seen between xverse versions, but theoretically all your data should have also been migrated by Hiro.

more info on the hiro migration here: https://forum.stacks.org/t/gaia-hub-data-archival-and-migration/15281

if your users have missing data, it could be that the data migration had some issues from the Hiro side

[pradel]

@teebszet I think the problem reported on this issue is different. This user uses the same Xverse version in his 2 browsers (0.22.0). However logging in with the same private key and account on each browser produces a different result. The Gaia config injected is different and thus creating an issue when accessing Sigle (and potentially other apps depending on Gaia too).

[teebszet]

@pradel I'm not sure I know how to reproduce this. are your users still seeing this behaviour?

[pradel]

@teebszet yes they are, what kind of logs or others would you need?

[teebszet]

hi @pradel , do you have any sort of reproduction steps?

I suspect that Xverse is not injecting the correct Gaia Sigle URL and thus 2 buckets were created. You can see in the 2 following JSON that the Gaia URL for other apps are differents too.

Can you explain a bit more the flow of how Sigle uses Xverse to inject the Gaia Sigle URL?

Here is the content of blockstack-session for the chrome one (the one which is up to date)

where does hubUrl come from in this JSON?

[pradel]

hi @pradel , do you have any sort of reproduction steps?

I never managed to reproduce it myself, but multiple users reported this issue in the past and they were all using Xverse, Leather users never reported it.

Can you explain a bit more the flow of how Sigle uses Xverse to inject the Gaia Sigle URL?

It's not something we are injecting, it's a URL that is injected by Xverse/Leather when a user login with any app along with other user information like an app private key to interact with the user Gaia bucket.

where does hubUrl come from in this JSON?

All the JSON is available in the local storage, my guess is that Xverse is sending some data on Auth and the Stacks.js library saves it to the local storage.

[teebszet]

hi @pradel, just want to revisit this and see if your users are still reporting this issue?

[pradel]

Hi @teebszet, yes I am still seeing that issue coming up

[teebszet]

@pradel would you be able to have the affected users output their chrome local storage state to help debug this?

let's open up a telegram group, if we don't have one already. I DM'd your X handle