-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unusual multisig change path warning using Jade with Sparrow wallet #40
Comments
Hi, |
Just to confirm, does the warning only appear for 'change path' when signing ? Do you have the full path ? |
Looking at the bip48 spec, I assume you mean derivation paths |
apologies! closed in error! |
The full paths are From Sparrow UI: Wallet address derivation path (no warning when displaying this address on the Jade): Change address derivation path (warning when displaying this address on the Jade):
Yes, this is supported, but a warning only appears when showing a change address.
Yes, Sparrow will register a sorted multisig. On the Jade, I see
Yes, correct.
Trying to pull some logs now. |
Not sure if this is helpful, but I ran
|
It seems this may be related to the fact that my transaction is a redeposit to myself with change. I created a new transaction, sending to an address I don't own, and I didn't get the warning (made sure the transaction included change). It's not immediately obvious why the warning shows up because I see that the send and change addresses are correctly picked out by the Jade. '../0/10' is shown as the singular output in the confirmation screen, and '../1/2' is hidden meaning that it's correctly picked up as the change address. |
OK, Yes we have seen similar with other 'companion' code and I think I can guess what is happening ... I am not sure whether the problem is Jade's, really, but am open to suggestion ... ok, here goes ;-) :
Now, I suspect what is happening here, is the wallet is flagging the redeposit output as change - ie. it may be using something like: NOTEs:
Does all this sound consistent with what you are seeing ... I think so ... |
If this is the case, would the issue be in HWI? From my understanding, the wallet (Sparrow) just calls the One strange thing about this though, is that it does seem like the Jade knows what's change and what's redeposit at the signing screen. On the confirmation screen, it shows the output as being the redeposit address, and the change address is hidden (meaning it's detected as the change address), and yet the warning shows up. |
Yes indeed - The [actual] change address is not the issue - it has it has a /1/n path as expected, and since Jade can 'rebuild' the script/pubkey/address from the path given, it is all auto-verified and not shown to the user at all. No problems there. The issue is the redeposit address, which has a /0/n path BUT has been flagged as a change output by the wallet. FYI Jade itself does not 'detect' that it is a change output - the wallet app tells Jade it is change, and Jade internally confirms that indeed the given path creates the given output script/pubkey/address. If this wallet is using hwilib, then yes, the issue would be caused by HWI guessing what is change, using the 'matching fingerprint' method described above. |
Lol! That makes sense. Thank you for investigating. 🙂 |
Options:
|
I see that the |
An additional benefit of option 2: The jade would also be able to mark the output address as a "redeposit" directly on the signing screen (instead of requiring the user to first display the address, and then make sure it matches the output address on the signing screen). |
I have recently made a PR to HWI which should address this issues - ofc we have to wait for HWI to take them, release, and then Sparrow to upgrade HWI ... |
Amazing, I’m really looking forward to the next HWI release. |
I've set up a 2-of-3 multisig using 3 Jades and Sparrow wallet. When I try to sign a transaction to spend from the wallet, I get a warning message:
Unusual multisig change path.
Sparrow wallet uses path
../1/0
for the change, which I believe is standard. It also usesm/48'/0'/0'/2'
as derivation paths.The text was updated successfully, but these errors were encountered: