different address returns from sfa and mfa

[irfanonk]

hi i have enabled mfa with Open Login Adapter using cognito and provider returns an address. but when i implement single factor auth without openloginadaptor it returns a different address. The custom login providers (cognito) and the emails remain the same but it end up giving a different wallet address. I was thinking to get exactly the same address from the same email. Is it supposed to be so?

 web3auth.on(ADAPTER_EVENTS.CONNECTED, async (data: unknown) => {
        console.log('successfully logged in', data);
        const _userInfo = await web3auth.getUserInfo();

          const _provider = new providers.Web3Provider(web3auth.provider);
          const signer = _provider.getSigner();
          const address = await signer.getAddress();
          console.log('address', address);
      });

this provider with mfa returns address 0x5844762a298d6A63e1b302e4382a91b02FA4404D

     const web3AuthProvider = await web3Auth?.connect({
        verifier: 'my-verifier-name', // verifier that you created earlier from web3auth dashboard.
        verifierId: sub, // user's id from firebase login response or this can be any unique user's id like email etc.
        idToken
      });
      const _provider = new providers.Web3Provider(web3AuthProvider);
      const signer = _provider.getSigner();
      const address = await signer.getAddress();
     console.log('address', address);
      const user = parseToken(idToken);
      console.log('User info', { user, signer, address });

and that provider with sfa returns address 0x35318fF704DaF98C0FC3B11AD17752d86caFDe8C

[shahbaz17]

Hey @irfanonk

With MFA, I'm assuming you're using the same verifier for both. Right? If so, it should return the same address. Meanwhile, can you try https://github.com/Web3Auth/examples/tree/main/web-single-factor-auth/react-evm-sfa-example and see if you're able to replicate the same or not?

If not, please share which SDK and its version are you using. And the initialization and login code snippets for both approaches.

[irfanonk]

aa missed that point. there are two different verifier but i could not use them interchangeably since one of them has sub jwt verifier the other is email. If any issue emerge i will continue here.
thank you

[irfanonk]

I have created a new verifier with sub id. then create wallet with the same user with sfa and mfa. they return different wallet address.
Later clone the example project you mentioned https://github.com/Web3Auth/examples/tree/main/web-single-factor-auth/react-evm-sfa-example run the app without touching anything. Login first it returns address from SFA. Then click "Enable MFA" and select "Maybe Next Time".

Get Accoıunts button returns these for [email protected]:

sfa: 0x9fe7374f17E4ebacF819162a7a6a7204A40e8F96
mfa: 0x42B0663E00B440a26Ca89F1575ed0168a480dE14

[TheBossDragon]

I am having the exact same issue.

@web3auth/single-factor-auth and @web3auth/node-sdk are returning the same wallets, but @web3auth/openlogin-adapter is returning with a completely different wallet for the same verifier and verifierId.

[himanshuchawla009]

which versions of both sdks are you using?

[irfanonk]

    "@web3auth/base": "^2.1.3",
    "@web3auth/core": "^2.1.3",
    "@web3auth/node-sdk": "^1.0.0",
    "@web3auth/openlogin-adapter": "^2.1.3",
    "@web3auth/single-factor-auth": "^4.1.1",

[TheBossDragon]

I am running the following:

"@web3auth/base": "4.0.0",
"@web3auth/core": "^4.0.0",
"@web3auth/openlogin-adapter": "^4.2.0",
"@web3auth/single-factor-auth": "^4.1.1",
"@web3auth/node-sdk": "^1.0.0",

[shahbaz17]

Hey @irfanonk @TheBossDragon

We have released a fix to this. Please update your packages to the latest and try again. Let us know if you're still facing the issue.

[TheBossDragon]

Hi,

Tried it just a few mins ago. I am still facing the same issue. Below are the packages I am using. Also, if all of a sudden these libs return a different wallet address, wouldn't it impact other users in a big way? What do you see as a permanent fix to all of this? Obviously not ideal if the wallet address could change randomly due to lib bugs or updates in the future as user assets and identities could be tied to it.

"@web3auth/base": "^4.2.2",
"@web3auth/core": "^4.2.2",
"@web3auth/openlogin-adapter": "^4.2.2",
"@web3auth/single-factor-auth": "^4.2.2,
"@web3auth/node-sdk": "^1.0.1",

[TheBossDragon]

Any word on this? @shahbaz17 @himanshuchawla009

[TheBossDragon]

Can anyone answer on this, please?

[yashovardhan]

Hey folks,

We noticed this issue and are working on a fix for this. The MFA returns a sub key from the main key due to which this issue is arising.

Here's the PR where the work on this issue is going on: #1208

Please expect this to release by mid February.

[shahbaz17]

Hey @TheBossDragon @irfanonk

The issue is now fixed, you can checkout https://github.com/Web3Auth/examples/tree/main/web-single-factor-auth/react-evm-sfa-example

When using SFA and Web3Auth Core SDK together, you would need to use useCoreKitKey: true while initializing the Web3Auth Core SDK.

const web3authCore = new Web3AuthCore({
    clientId,
    chainConfig,
    web3AuthNetwork: "cyan",
    useCoreKitKey: true // <-- this is a new addition, please update your web3auth SDK to latest.
});

[TheBossDragon]

Great! Thank you for the update. Appreciate you guys!

[TheBossDragon]

Confirmed, working as expected. Thanks again.

[enu-kuro]

@yashovardhan

I found MFA private key can be restored from SFA private key by this code.
But why MFA uses sub key?

import { subkey } from "@toruslabs/openlogin-subkey";

subkey(
  SFA_PRIVATE_KEY.padStart(
    64,
    "0"
  ),
  Buffer.from(CLIENT_ID, "base64")
);

[yashovardhan]

please don't use subkey in your codebase, it will create problems for you in the future. This is for our plug and play implementation which uses subkey from the main key one gets.

[shahbaz17]

The issue is fixed now.

You can check out the example here 👉 https://github.com/Web3Auth/examples/tree/main/web-single-factor-auth/react-evm-sfa-example.

Please use the latest web3auth packages.

When using SFA and Web3Auth Core SDK together, you would need to use useCoreKitKey: true while initializing the Web3Auth Core SDK.

const web3authCore = new Web3AuthCore({
    clientId,
    chainConfig,
    web3AuthNetwork: "cyan",
    useCoreKitKey: true // <-- this is a new addition, please update your web3auth SDK to latest.
});

[chusla]

Would this be why I'm seeing diff addresses between Gmail login on current sdk and older sdk? And also why I'm not able to then see the newly generated Gmail wallet in torus

[dziugasmeskauskas]

@shahbaz17 The example that is linked isn't available anymore. Also the Web3AuthCore library / class is deprecated from what I understand.

I figured @web3auth/no-modal should be used:

export const web3auth = new Web3AuthNoModal({
  clientId, 
  chainConfig,
  useCoreKitKey: true, // <-- same flag as in the example above.
});

However doing so i'm getting an error of coreKitKey being not available:

useCoreKitKey flag is enabled but coreKitKey is not available.

I get the error by running:

const web3AuthProvider = await web3auth.connectTo(WALLET_ADAPTERS.OPENLOGIN, {
  loginProvider: "jwt",
  extraLoginOptions: {
    id_token: idToken,
    verifierIdField: "sub",
    domain: window.location.origin,
  },
  mfaLevel: "mandatory",
});

What am I missing? Thanks