Problem with private keys using 2FA

ivanmmurcia · October 19, 2023, 9:55am

Hello web3auth community,

I’m writing this post because yesterday I realized that the private key between no2FA and the same email address but with (now mandatory) 2FA is changing.

IMHO, this makes difficult (if not impossible) the use of web3auth in any app, because the noncryptonative user will lose all their assets from one login to another.

Tested with:

"@web3auth/base": "^6.1.7",
"@web3auth/modal": "^6.1.7"

Login before 2FA (first and second login)

0xe0b270898926915Be4734daAB128008BaE935c10

Login after mandatory 2FA

0x9EcE75dCBB6981853dCa168BfdbE94313328cc6a

Any solution to this recently problem?

Best regards

vjgee · October 20, 2023, 2:48am

@ivanmmurcia Welcome Aboard!

Could you upgrade to the latest version V7 and check ?

ivanmmurcia · October 20, 2023, 2:48pm

Hey @vjgee thanks for reply.

It seems that updating to the new version is aparently fixed. I have a couple of questions regarding this past issue:

How much probably is that web3auth updates the modal-SDK and kept attraped into a old version that be mandatory use a 2FA and change the private key again?
Let’s imagine this scenario: I login sucessfully into 0xe0b270898926915Be4734daAB128008BaE935c10 and transfer 1 NFT. Then I login again and set a 2FA changing to 0x9EcE75dCBB6981853dCa168BfdbE94313328cc6a, I lost my NFT but… once the 2FA setted, is there any way to recover the first address and recover my NFT? A type of “remove/forget” 2FA?

I understand that change the pk is because oauth token changes, but… would there be any way to maintain it with and without 2FA? It’s a little dangerous IMO.

Thanks in advance
Best,

system · November 3, 2023, 2:48pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.