SwiftLightning icon indicating copy to clipboard operation
SwiftLightning copied to clipboard

Published 20 hours ago verified publisher icon biscottigelato

Initial seed gets confirmed if you force quit the app and launch it again

Open sergioabril opened this issue 6 years ago • 3 comments

What happens

If you close (force quit) the app while you are on the 24 word seed screen, the next time you open it, it skips that process you were on (even if you had not validated it yet), and shows you the wallet balance/sync.

Expected

It should ask you to create a new wallet again with a new bunch of words, or keep the previous ones but showing you the validation controller (where you must enter -n random words).

Posible problems

If this scenario happens, some users might think everything is already setup, and start pouring funds on it, without having written down the seed.

Possible solution

Don't save nor generate any key until you validate the seed properly

sergioabril avatar Oct 06 '18 22:10 sergioabril

This is sort of a limitation with the underlying LND engine. Once a password is submitted it returns the Seeds, and proceed with sync at the back right away.

Ideally the Seed words would be saved in the app outside of LND. And can be recalled in a later Settings type menu. But storing sensitive parameters like this is also non-trivial.

A nice to have down the road tho. Thanks for filing the issue!

biscottigelato avatar Oct 12 '18 03:10 biscottigelato

No problem!

Maybe, at least for now, instead of saving the seed (which I agree can be insecure), it could save a simple bool value to the disk once you verify it's correct.

This way, if you happen to open the App after a force-quit, and lnd asks you to unlock the wallet it detects, but we don't have this specific bool set to true, the app should delete the saved wallet, forcing lnd to create a new one again with new words.

(Not sure if this is a possibility, I'm still understanding how it is the life cycle of lnd)

sergioabril avatar Oct 13 '18 15:10 sergioabril

Yeah you are totally correct. It's possible to save the state of whether Seed have been confirmed, and check it on Wallet start. If the Seed have not been confirmed it'd erase the wallet. Even tho I'm abit edgy on how a single bit can erase a private key, despite most likely it should've already been backed-up/written down.

My hope is LND itself will have someway of responding with the Seed down the road. So that the user can go into Settings and look at the Seed again, ideally provided that they entire their password again.

I'll leave this open, but I don't think it's a little early to say what the right solution to this might be.

biscottigelato avatar Oct 13 '18 20:10 biscottigelato