You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Patrick stumbled across a bug in 2FA flow: It seems you’re able to enable 2fa without number/email confirmation if I’ve started the recovery link method setup (email/phone). Confirmation isn’t required, only that you’ve sent a recovery link w code. I think it’s not checking for a “confirmed” recovery method before deploying the multisig contract in the contract helper.
Discovered that the response in the 2fa flow from the contract helper was hard-coded to confirmed: true even if the matched 2fa method was not yet actually confirmed (still has securityCode value)
The text was updated successfully, but these errors were encountered:
Patrick stumbled across a bug in 2FA flow:
It seems you’re able to enable 2fa without number/email confirmation if I’ve started the recovery link method setup (email/phone). Confirmation isn’t required, only that you’ve sent a recovery link w code. I think it’s not checking for a “confirmed” recovery method before deploying the multisig contract in the contract helper.Discovered that the response in the 2fa flow from the contract helper was hard-coded to
confirmed: trueeven if the matched 2fa method was not yet actually confirmed (still has securityCode value)The text was updated successfully, but these errors were encountered: