valora-inc
User is able to restore account even after entering wrong pin while performing restore flow
Frequency: 100%
Repro on build version: Android Internal Release build V 1.42.0 , iOS Test Flight Release build V 1.42.0 , Android Play store build V 1.41.0, iOS AppStore build V 1.41.0 Repro on devices: Google Pixel 2XL (11.0) , OnePlus 7t(11.0) , iPhone 12(14.7.1), iPhone 13(15.1.1), Google Pixel 4a(12.0)
Pre-condition: 1] User must have installed the main net application 2] User must be on create / restore account page 3] User must have enabled finger print / face authentication in the device locally
Repro Steps: 1] Tap on restore account / I already have a wallet button 2] Enter name and click on next button 3] Enter a valid pin two times 4] On enter recovery phrase page , kill the app and relaunch 5] Enter valid recovery phrase in the field, and click on restore button 6] It will ask for entering pin 7] Enter invalid Pin and observe
Bug: User is able to restore account even after entering an invalid PIN
Expected Behavior: User should get an proper validation message as invalid PIN is being entered
Investigation:
- Same issue is also occuring when user performs create account flow ( User is redirected to phone number page when kills the app from authentication page and relaunches it)
Impact: Bad user impact it is accepting wrong PIN and allowing user to create / restore account
Attachment: Restore account wrong pin.mp4 Bug observed at 0.44 seconds
@ValoraQA after completing the restore flow, what pin is used to access the account. E.g. from the home screen closing the app do both pins work or just the second one.
Hey @MuckT we verified the above issue on latest Android Internal Release build V 1.42.0 , iOS Test Flight Release build V 1.42.0 , and observed that it is accepting any PIN even after user completed the PIN setup step And if we have performed the restore flow completely then closing the application and reopening then second PIN (the newly PIN created) is accepted Thanks.!