Skip to content

fix(onboarding): recovery phrase corruption via PIN mismatch#339

Merged
bakoushin merged 1 commit intomainfrom
alex/pin-fix
Feb 16, 2026
Merged

fix(onboarding): recovery phrase corruption via PIN mismatch#339
bakoushin merged 1 commit intomainfrom
alex/pin-fix

Conversation

@bakoushin
Copy link
Contributor

@bakoushin bakoushin commented Feb 16, 2026

Description

When a user taps "Create Account", sets PIN A, and proceeds to cloud backup setup, the account is created with secrets encrypted using PIN A. If the user then navigates back to Welcome (e.g. backup setup fails) and taps "Create Account" again, they go through PincodeSet a second time and can set a different PIN B. The old getOrCreateAccount() silently returned the existing account because it found one in Redux state, but PIN B is now cached in memory. All secrets remain encrypted with PIN A. Every subsequent operation that decrypts the mnemonic or private key uses the wrong password leading to corrupted mnemonic readings.

Reproduction

Ensure Cloud Backup is enabled.

  1. Tap "Create Account", set PIN A (e.g. 111112), proceed to cloud backup setup
  2. Don't set up the cloud backup, navigate back to Welcome
  3. Tap "Create Account" again, set a different PIN B (e.g. 111113)
  4. Proceed to cloud backup, choose "Sign in another way" and tap "Continue" to reveal the recovery phrase.
Corrupted recovery phrase
Screenshot 2026-02-12 at 12 59 35

Fix

Instead of relying on whether an account already exists in state, we now rely on user intent. If the user chose "Create Account", we always clean up stale keychain entries and create a fresh account -- regardless of what might be left over from a previous attempt.

If the user chose to restore, we skip account creation entirely, since restore flows (seed phrase import, cloud backup) set up the account themselves before reaching initializeAccountSaga.

Specifically:

  • web3/saga.ts: Renamed getOrCreateAccount to createAccount, removed the early-return guard, and added clearStoredAccounts() at the top to wipe orphaned private key entries before creating fresh ones.
  • account/saga.ts: The initializeAccountSaga checks choseToRestoreAccount to decide whether to call createAccount.

Test plan

  • Updated unit test
  • Tested manually against reproduction scenario
  • Tested manually against restore from recovery phrase (to ensure it is not broken)

Related issues

User feedback: https://clabsco.slack.com/archives/C0A7SBUCQ12/p1770251915898519

Backwards compatibility

Y

Network scalability

NA

MuckT
MuckT approved these changes Feb 16, 2026
View reviewed changes
Copy link
Contributor

@MuckT MuckT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@bakoushin bakoushin added this pull request to the merge queue Feb 16, 2026
Merged via the queue into main with commit 812e273 Feb 16, 2026
16 of 17 checks passed
@bakoushin bakoushin deleted the alex/pin-fix branch February 16, 2026 18:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MuckT MuckT MuckT approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bakoushin @MuckT

Comments