This repository has been archived by the owner on Sep 5, 2020. It is now read-only.
automatic wallet creation when using the Solo network (geth --dev) #3762
Assignees
Labels
Comments
This was referenced Mar 20, 2018
|
Thanks for your through analysis Phil! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
As mentioned already within the infamous "wrong password" github issue (#3513 (comment)), mist versions are creating automatic accounts (if none are present) whenever the user selects the "Solo network" option.
This happens with every new geth versions since version geth 1.7.3 .
see this commit: ethereum/go-ethereum@6d6a5a9
The important parts are the comments "allow --dev to use persistent storage too" and of course the NewAccount("") call:
ethereum/go-ethereum@6d6a5a9#diff-5b7bdb45b66a5017bf89b46e6ef7a7f4R1001
This creates a new keystore file with empty (zero length) password in the normal (not distinct for "solo network") keystore folder.
I also troubleshooted what exactly the windows executable runs, in my case it was:
The dangerous part is of course this one: "--datadir C:\Users\phil\AppData\Roaming\Ethereum"
This means that geth is using the identical datadir folder for the main network (or test network) and the --dev persistent storage.
What implication does this have?
I suggest that Mist and Ethereum Wallet need to be very careful with the --datadir path parameter provided to geth and always set it to distinct folders when the user switches the network.
I think it makes sense to sometimes have persisten storage for the "Solo network" (--dev, if not the user could use --datadir ""), but you can't mix the folders up like this.
The Accounts -> Backup -> Accounts (or File -> Backup -> Accounts) should of course also reflect the correct --datadir that is currently used and open the correct folder that is used for the specific network currently used.
This problem could affect very many users even if they didn't update Mist/Ethereum Wallet, but they only updated to a newer version of geth (on startup), see changes of the update manifest here: https://github.com/ethereum/mist/commits/master/clientBinaries.json
Fortunately, at least my few tests show that all of these wallets can be used with the empty password (still it's not good that the user needs to provide a password that s/he never set. The user doesn't remember setting a password and is trying a lot of possible passwords just to find out that it is the empty password).
It is needless to say that because Mist and Ethereum Wallet always use the same --datadir path between all these networks, the wallets appear also if you switch back to the main network and therefore the user is assuming that this is a "default main network wallet" (even if it was created by --dev instead). The password dialog was never shown to the user!
btw: the identical --datadir for several networks is also the reason why some people see a lot of error messages pop up when switching network. Geth is checking this and throwing this error:
Strangely, the message "Fatal: Error starting protocol stack: database already contains an incompatible genesis block" doesn't really appear in the error message shown to the user, therefore it's not clear what the error is for the user. This should be investigated independently (i.e. why does geth throw this error about incompatible genesis blocks, but mist/ethereum Wallet doesn't really show this substring ?)
update: it seems that on windows the (Desktop) shortcut to the mist and Ethereum Wallet application contain the argument --node-datadir="C:\Users\phil\AppData\Roaming\Ethereum". Since this datadir variable is used globally and always added to the geth argument list and never changed/overridden when changing networks the "automatic account creation" and "incompatible genesis block" problems are very obvious bugs which some basic testing/troubleshooting should have catched very easily.
The text was updated successfully, but these errors were encountered: