Incorrect Keys imported using "Create Account" from Unicove

[RichardSlater]

Description

I've created two WAX accounts using the Unicove "New Account" function and Anchor to get a .gm; in both instances I created the accounts using the "With Ledger" option 2 (Anchor for active key and ledger for account recovery - i.e. owner key) - in both instances what actually happened was the active key was from the ledger and the owner key is not listed in Anchor at all.

Platform

Desktop (Windows)

Steps To Reproduce

1. Access https://unicove.com/
2. Click "+ New Account" (takes you to create.anchor.link)
3. Complete payment details
4. Click "Create Account Now"
5. Click "Launch Anchor on this device"
6. Anchor opens
7. From here enter your preferred name, and click next.
8. Check "Use a ledger hardware wallet for this new account"
9. Open the 2nd option "Ledger for account recovery and Anchor for regular use" and click continue

10. Complete ledger interactions to verify public key, approve public key, continue

11. Click create, and enter your Anchor Password

This is where things get weird...

12. A identity request dialog pops up which you can use to select the "active / ledger" for the account you just created.
13. Sign and confirm the message, and "Account successfully created" pops up
14. Look through the keys in Tools -> Manage Keys and the new account has it's active key from the default derivation path on the ledger, and no owner key to be found.

Expected Behaviour

1. No identity request dialog, there may be a reason for it but without any context it is just confusing
2. Owner key created using the ledger (likely the default derivation path, but being able to choose would help)
3. New private key added to Anchor and set the corresponding public key to the account's active key

Actual Behaviour

1. On-chain public Owner key not matched with a corresponding private key and presumably lost.
2. Active key using the ledger, not Anchor - this is as opposed to the UX

Relevant log output

[2023-06-26 20:13:19.904] [info]  anchor: initializing
[2023-06-26 20:13:19.969] [info]  anchor: ready
[2023-06-26 20:13:19.970] [info]  enableSigningRequests
[2023-06-26 20:13:19.987] [info]  tray menu: creating
[2023-06-26 20:13:20.012] [info]  creating tray menu
[2023-06-26 20:13:20.013] [info]  C:\Program Files\Anchor Wallet\resources\app.asar\renderer\assets\icons\png\3[email protected]
[2023-06-26 20:13:20.049] [info]  initManager /
[2023-06-26 20:13:20.050] [info]  wallet ui: creating
[2023-06-26 20:13:20.073] [info]  initProtocolHandler: initializing protocol handler
[2023-06-26 20:13:20.074] [info]  protocol handler: creating ui
[2023-06-26 20:13:20.074] [info]  initial request false
[2023-06-26 20:13:20.881] [info]  initSessionManager: initializing session manager
[2023-06-26 20:13:20.881] [info]  initSessionManager: initializing session manager (lock is false)
[2023-06-26 20:13:20.882] [info]  [ 'SessionManager::constructor' ]
[2023-06-26 20:13:20.883] [info]  [ 'SessionManager::createHandler' ]
[2023-06-26 20:13:20.928] [info]  protocol handler: loaded ui
[2023-06-26 20:13:21.639] [info]  manager: successfully loaded
[2023-06-26 20:14:24.216] [info]  anchor: initializing
[2023-06-26 20:14:24.252] [info]  anchor: ready
[2023-06-26 20:14:24.252] [info]  enableSigningRequests
[2023-06-26 20:14:24.258] [info]  tray menu: creating
[2023-06-26 20:14:24.276] [info]  creating tray menu
[2023-06-26 20:14:24.276] [info]  C:\Program Files\Anchor Wallet\resources\app.asar\renderer\assets\icons\png\3[email protected]
[2023-06-26 20:14:24.317] [info]  initManager /
[2023-06-26 20:14:24.317] [info]  wallet ui: creating
[2023-06-26 20:14:24.335] [info]  initProtocolHandler: initializing protocol handler
[2023-06-26 20:14:24.335] [info]  protocol handler: creating ui
[2023-06-26 20:14:24.335] [info]  initial request false
[2023-06-26 20:14:25.026] [info]  initSessionManager: initializing session manager
[2023-06-26 20:14:25.026] [info]  initSessionManager: initializing session manager (lock is false)
[2023-06-26 20:14:25.027] [info]  [ 'SessionManager::constructor' ]
[2023-06-26 20:14:25.028] [info]  [ 'SessionManager::createHandler' ]
[2023-06-26 20:14:25.066] [info]  protocol handler: loaded ui
[2023-06-26 20:14:25.765] [info]  manager: successfully loaded
[2023-06-26 20:14:44.507] [info]  initHardwareLedger: initializing hardware ledger
[2023-06-26 20:14:44.564] [info]  initHardwareLedger: hardware ledger transport success
[2023-06-26 20:14:51.834] [info]  initHardwareLedger: initializing hardware ledger
[2023-06-26 20:14:51.839] [info]  initHardwareLedger: hardware ledger transport success
[2023-06-26 20:36:57.984] [info]  anchor: initializing
[2023-06-26 20:36:58.084] [info]  anchor: ready
[2023-06-26 20:36:58.085] [info]  enableSigningRequests
[2023-06-26 20:36:58.092] [info]  tray menu: creating
[2023-06-26 20:36:58.123] [info]  creating tray menu
[2023-06-26 20:36:58.124] [info]  C:\Program Files\Anchor Wallet\resources\app.asar\renderer\assets\icons\png\3[email protected]
[2023-06-26 20:36:58.163] [info]  initManager /
[2023-06-26 20:36:58.164] [info]  wallet ui: creating
[2023-06-26 20:36:58.179] [info]  initProtocolHandler: initializing protocol handler
[2023-06-26 20:36:58.180] [info]  protocol handler: creating ui
[2023-06-26 20:36:58.180] [info]  initial request false
[2023-06-26 20:40:06.716] [info]  showManager: init manager
[2023-06-26 20:40:06.718] [info]  initManager /
[2023-06-26 20:40:06.719] [info]  wallet ui: creating
[2023-06-26 20:40:07.231] [info]  showManager: showing manager
[2023-06-26 20:40:09.008] [info]  manager: successfully loaded
[2023-06-26 20:40:49.633] [info]  anchor: before-quit
[2023-06-26 20:40:49.809] [info]  anchor: will-quit
[2023-06-26 20:40:49.811] [info]  anchor: quit
[2023-06-26 20:40:52.791] [info]  anchor: initializing
[2023-06-26 20:40:52.828] [info]  anchor: ready
[2023-06-26 20:40:52.829] [info]  enableSigningRequests
[2023-06-26 20:40:52.834] [info]  tray menu: creating
[2023-06-26 20:40:52.866] [info]  creating tray menu
[2023-06-26 20:40:52.867] [info]  C:\Program Files\Anchor Wallet\resources\app.asar\renderer\assets\icons\png\3[email protected]
[2023-06-26 20:40:52.907] [info]  initManager /
[2023-06-26 20:40:52.908] [info]  wallet ui: creating
[2023-06-26 20:40:52.940] [info]  initProtocolHandler: initializing protocol handler
[2023-06-26 20:40:52.941] [info]  protocol handler: creating ui
[2023-06-26 20:40:52.941] [info]  initial request false
[2023-06-26 20:40:53.624] [info]  initSessionManager: initializing session manager
[2023-06-26 20:40:53.625] [info]  initSessionManager: initializing session manager (lock is false)
[2023-06-26 20:40:53.625] [info]  [ 'SessionManager::constructor' ]
[2023-06-26 20:40:53.626] [info]  [ 'SessionManager::createHandler' ]
[2023-06-26 20:40:53.659] [info]  protocol handler: loaded ui
[2023-06-26 20:40:54.499] [info]  initHardwareLedger: initializing hardware ledger
[2023-06-26 20:40:54.535] [info]  initHardwareLedger: hardware ledger transport success
[2023-06-26 20:40:54.624] [info]  manager: successfully loaded
[2023-06-26 21:10:32.447] [info]  anchor: initializing
[2023-06-26 21:10:32.582] [info]  anchor: ready
[2023-06-26 21:10:32.583] [info]  enableSigningRequests
[2023-06-26 21:10:32.589] [info]  tray menu: creating
[2023-06-26 21:10:32.609] [info]  creating tray menu
[2023-06-26 21:10:32.610] [info]  C:\Program Files\Anchor Wallet\resources\app.asar\renderer\assets\icons\png\3[email protected]
[2023-06-26 21:10:32.655] [info]  initManager /
[2023-06-26 21:10:32.656] [info]  wallet ui: creating
[2023-06-26 21:10:32.677] [info]  initProtocolHandler: initializing protocol handler
[2023-06-26 21:10:32.678] [info]  protocol handler: creating ui
[2023-06-26 21:10:32.678] [info]  initial request false
[2023-06-26 21:32:13.187] [info]  anchor: initializing
[2023-06-26 21:32:13.234] [info]  anchor: ready
[2023-06-26 21:32:13.234] [info]  enableSigningRequests
[2023-06-26 21:32:13.240] [info]  tray menu: creating
[2023-06-26 21:32:13.264] [info]  creating tray menu
[2023-06-26 21:32:13.264] [info]  C:\Program Files\Anchor Wallet\resources\app.asar\renderer\assets\icons\png\3[email protected]
[2023-06-26 21:32:13.307] [info]  initManager /
[2023-06-26 21:32:13.308] [info]  wallet ui: creating
[2023-06-26 21:32:13.329] [info]  initProtocolHandler: initializing protocol handler
[2023-06-26 21:32:13.329] [info]  protocol handler: creating ui
[2023-06-26 21:32:13.329] [info]  initial request false
[2023-06-26 21:32:14.081] [info]  initSessionManager: initializing session manager
[2023-06-26 21:32:14.082] [info]  initSessionManager: initializing session manager (lock is false)
[2023-06-26 21:32:14.083] [info]  [ 'SessionManager::constructor' ]
[2023-06-26 21:32:14.085] [info]  [ 'SessionManager::createHandler' ]
[2023-06-26 21:32:14.127] [info]  protocol handler: loaded ui
[2023-06-26 21:32:15.023] [info]  manager: successfully loaded

Contact Details

Scetrov on Discord

Anything else?

Chain: WAX Mainnet
Anchor: 1.3.10-beta.1 (current testing new connection manager)
Accounts with missing owner key: scetrov.gm, vortecs.gm, sketrov.gm
Windows 11 Pro

[aaroncox]

Thanks for the detailed report, I'm going to start looking into this.

Looking at the accounts you listed (there was a duplicate, I didn't see a 3rd if there was supposed to be one):

• https://waxblock.io/account/vortecs.gm#keys
• https://waxblock.io/account/scetrov.gm#keys

It also appears as if the active permission on each of them is different as well, which makes me question if the Ledger is being used for those too.

Can you confirm via Tools -> Manage Keys, that you cannot search and find any of the following:

PUB_K1_6tRgFW17dg7C71iT8gyX7fpethyahZYsHBSk9HTYiDD2myTsTo
PUB_K1_5hoh9L595rVDXah2faksUs8EAZH2QZGP4FHS3AUx7TRJka1z11
PUB_K1_4vUcV2LD9AYMradJPmAChqKZL59QT4yP1ivQSdMyTTSeioNfcY
PUB_K1_75cKvCLAuTzekEf4fEt3GtjxuhHX3qZfhsTrK4h35MGYmopvn5

I'm wondering if any of them got saved 🤔

[aaroncox]

Alright I just ran through the process a few times, and it looks like there is a bug here with how the account gets imported after its created. The creation seems to work properly, with the owner permission being associated to the Ledger's key, and the active permission being assigned to a newly generated key that's then saved in Anchor. So the creation itself seems fine.

However, when the account is imported, it's set as a "Ledger" type wallet - when in fact it should be a "Hot" type wallet using the key stored within Anchor.

Out of the dozen or so tests I ran against the service, all of the keys did get saved into Anchor and were all viewable in the Tools -> Manage Keys section. Check to see if that's the case with yours too.

If so, you can:

• Remove the "Ledger" version of these accounts through Manage Wallets
• Export the key(s) from Tools -> Manage Keys
• Import the account again using "Import via Private Key" and paste in the key you exported

That should import the accounts properly and make them usable.

I have a fix for this issue and will include it in a 1.3.11 release, which should be coming out shortly which is now available in the releases section.

[RichardSlater]

Thanks Aaron,

Can you confirm via Tools -> Manage Keys, that you cannot search and find any of the following

I've searched for all four of those keys, using the "Search by Public Key" function but that doesn't show the keys (is search broken?). Visually searching however yields the following:

Key	Account	Permission	Imported into Anchor Desktop
PUB_K1_6tRgFW17dg7C71iT8gyX7fpethyahZYsHBSk9HTYiDD2myTsTo	scetrov.gm	active	yes
PUB_K1_5hoh9L595rVDXah2faksUs8EAZH2QZGP4FHS3AUx7TRJka1z11	scetrov.gm	owner	no
PUB_K1_4vUcV2LD9AYMradJPmAChqKZL59QT4yP1ivQSdMyTTSeioNfcY	vortecs.gm	owner	no
PUB_K1_75cKvCLAuTzekEf4fEt3GtjxuhHX3qZfhsTrK4h35MGYmopvn5	vortecs.gm	active	yes

Additionally, I created sketrov.gm:

https://waxblock.io/account/sketrov.gm#keys

Key	Account	Permission	Imported into Anchor Desktop
PUB_K1_5hoh9L595rVDXah2faksUs8EAZH2QZGP4FHS3AUx7TRJka1z11	sketrov.gm	owner	no
PUB_K1_5xRkys1TJQvnXpcbRanak1LL9QBeNfr12bSHzs7dLzm6tdffYy	sketrov.gm	active	yes

The owner key for sketrov.gm and scetrov.gm are one and the same as each other which is expected assuming they came from the same derivation path (i.e. 0'/0/0), although it doesn't explain why the owner key for vortecs.gm ended up as a different key.

As an additional twist, the active key for vortecs.gm is uses a different Derivation Path in Anchor:

Key	Derivation Path	Assignment
PUB_K1_6tRgFW17dg7C71iT8gyX7fpethyahZYsHBSk9HTYiDD2myTsTo	44'/194'/0'/0/0	scetrov.gm@active
PUB_K1_75cKvCLAuTzekEf4fEt3GtjxuhHX3qZfhsTrK4h35MGYmopvn5	44'/194'/0'/0/22	vortecs.gm@active
PUB_K1_5xRkys1TJQvnXpcbRanak1LL9QBeNfr12bSHzs7dLzm6tdffYy	44'/194'/0'/0/0	sketrov.gm@active

I did do some spelunking around pulling public keys from my ledger to try and work out which index/derivation path was used by anchor and 22 may well have been the last one I tried, at the time I thought this was a "Fault is between keyboard and seat" error.

To close this off, I have:

1. Remove the "Ledger" version of these accounts through Manage Wallets.
2. Exported and backed up the active private keys via Manage Keys.
3. Imported all three as new accounts (scetrov.gm, sketrov.gm and vortecs.gm).
4. All three now have working active keys in Anchor Desktop \o/, I could still not pull the owner keys via Manage Wallets -> Import Account(s) -> Existing Account -> Load from Ledger
5. Upgraded to Anchor Desktop 1.3.11
6. I can now "Load from Ledger" via "Import Account(s)", and using index 0 or 22.

I ran through the process once again with 1.3.11 and can confirm that this defect is now fixed, I'm happy to close this issue.

[RichardSlater]

Follow on questions:

1. Is there a testnet address for create[.]anchor[.]link / unicove; that is publicly accessible - or would I need to run these locally?
2. What's the purpose of the "Identity Request" signing prompt as part of create[.]anchor[.]link, does this call back to the Web UI to complete the process?

[aaroncox]

Glad to hear they were all there! We did try to make sure anytime a key was generated during the creation process it was automatically saved to storage, to ensure if anything went wrong they'd exist somewhere for recovery - but I feared maybe that failed somewhere along the way.

As for the vortecs.gm account, I am honestly not sure how it ended up using a different derivation path on that one account. By default it should always uses 44'/194'/0'/0/0 during creation and I am unaware of any step in the process where it would even let you change that. I'll have to do some investigating on that end...

For some answers to your questions:

Is there a testnet address for create[.]anchor[.]link / unicove; that is publicly accessible - or would I need to run these locally?

This URL should work for any network, it's chain agnostic and we run all testnets/mainnets through this one URL. It's just a payload delivery service for delivering messages between app <> wallet, regardless of which chain.

https://github.com/greymass/buoy-nodejs

What's the purpose of the "Identity Request" signing prompt as part of create[.]anchor[.]link, does this call back to the Web UI to complete the process?

The Identity Request is a pseudo-transaction that comes to the wallet without knowing which blockchain(s) or account(s) the user has loaded in their wallet. Anchor receives the request and prompts the user to select a blockchain + account pair, and then signs the pseudo-transaction using the selected account. The signature can then be used to verify the user controls that account.

The Identity Request does also contains a callback request to cb.anchor.link, which is then triggered after signing, to relay the blockchain, account, signature, and other information back to the web UI. The UI then uses this information to complete the login and establish a more permanent connection with the wallet through that service.

If you want to get into the details of how it all works, here's a few good starting points:

• https://github.com/greymass/anchor-link
• https://github.com/greymass/eosio-signing-request

[RichardSlater]

Thanks Aaron,

I shall have a read up, I know a little about ESR just from being around the chains and seeing the messages in the console. In terms of the identity request, from a UX perspective I found it confusing to use - I honestly wasn't sure what I was supposed to do given I had multiple addresses already in Anchor.

Thanks again for your help :)