novasamatech/parity-signer

Latest PV Android version (6.2.0) restores Joystream account differently than the previous version (6.1.2)

Juanma0x opened this issue · 6 comments

I'm assisting a user experiencing issues while trying to restore a Joystream account created on the previous version of the Polkadot Vault for Android.

Here is a brief summary of the situation:

  • The user had a Polkadot Vault account on an online Android phone (v6.1.2).
  • Polkadot Vault app asks to upgrade to the latest version (6.2.0).
  • The user restores a different account, so I suggested restoring the accounts without the derivation path (the older one uses no derivation path by default, and the latest one uses //network by default.)
  • That didn't restore the right accounts. The user noted down both the mnemonic and derivation paths.
  • They have an account for Joystream, which has its own Metadata portal.
  • I suggested trying hard and soft derivation paths and restoring multiple accounts (i.e., //joystream-node//0, //joystream-node//1, ...)
  • I contacted Joystream's team, but they haven't changed any chain specs lately.
  • The user reassures that they wrote down the mnemonic phrase three times, when they created the account and during the upgrade.

I forwarded the entire conversation to signer@parity.io, in case you need more info.

Thx for reaching us.
What exactly is not working or what is different?
Default paths changed, but you can always create any path manually to restore keys.
What is the error, can we reproduce it somehow?

Polkadot Vault app asks to upgrade to the latest version (6.2.0).

How? Vault doesn't know about other versions. It may ask to update properly if user updated app on top of old version with old data schemas. But if you using old version, it doesn't know about new versions out there.
Play store may suggest an update, or even updated automatically if user configured so (never do that with airgapped apps!)

As a workaround - you can always download any version you want from github releases and install it to wiped and properly airgapped device.
But if there is a bug and something broken - please explain so we can fix it.

Manual is here

Thanks @Dmitry-Borodin for your comment. As I mentioned, I provided the whole interaction with the user to signer@parity.io from Web3 Foundation Support team.

I'll respond to your comments to the best of my ability. However, I would appreciate it if you could review the emails containing all the information related to the case.

What exactly is not working or what is different? Default paths changed, but you can always create any path manually to restore keys. What is the error, can we reproduce it somehow?

The restored account is different. I suggested to modify the derivation path, which the user did to not avail. There's no "error" message. I couldn't reproduce it myself.

Polkadot Vault app asks to upgrade to the latest version (6.2.0).

How? Vault doesn't know about other versions. It may ask to update properly if user updated app on top of old version with old data schemas. But if you using old version, it doesn't know about new versions out there. Play store may suggest an update, or even updated automatically if user configured so (never do that with airgapped apps!)

The phone was not an offline phone.

As a workaround - you can always download any version you want from github releases and install it to wiped and properly airgapped device. But if there is a bug and something broken - please explain so we can fix it.
Manual is here

I suggested the same manual to the user, but they bought a new phone to install the latest (6.2.0) version of Polkadot Vault.

Suddenly I cannot see this email in this group. You can forward it to dmitry.borodin at parity.io

The restored account is different. I suggested to modify the derivation path, which the user did to not avail. There's no "error" message. I couldn't reproduce it myself.

Will need to restore keyset, Then restore keys by creating keys with appropriate derivation paths for networks needed.
I mean I can't reproduce problem as well, so Cannot help more here.

The phone was not an offline phone.
Even then Vault won't update itself and won't check for newer version.

I think easiest way would be for the user to install 6.1.2. and see if everything works - check again derivation paths and create them in newer 6.2.0 or even stay for now in 6.1.2 if needed.

@Juanma0x I suspect it could be a representation issue. In the new Signer versions, the root public key is displayed as BareSr25519, but before it was Sr25519, although the key itself remains the same. For more details on key representation, please refer to: https://hackmd.io/7OPDldkXRhOIBwlHfnwzSw

Also ran into this issue. Using vault upto 6.1.2, I can recover my keys and get the "correct" key imported. When using 6.2.0 or higher, using the same seed results in a different account.
Found the issue to be that anything <=6.1.2 doesn't add a derivation, while >=6.2.0 adds the network name as derivation.

If I use <= 6.1.2 and create a derived key with "//polkadot" as derivation, I get the same key as I would get importing my seed into >=6.2.0. Problem is that >= 6.2.0 doesn't seem to support restoring the seed without a derivation / empty derivation / root path (or however it's called).

That means I'm stuck on 6.1.2 for now.

UPDATE: seems you can add without derivation, just need to remove everything in the derived key entry box, my try before, I deleted upto the slashes '//' but you also need to delete those. Leaving this info here as it might help some other people.

You are not stuck, you can derive the account (with the wrong key) and when asked about the derivation path, you should delete everything. You end up with no derivation path, and hence your "root account"

The main issue is that the current maintainers don't listen to the feedback, which has been given many many time... see #2167 (comment)