Postmortem 4

2021-09-09 14:10 UTC

For at least several users app storage was completely wiped out, leaving users with no wallets (wallets were recovered via written down mnemonics)

Affects version:

v6.0.2..v6.2.4

Root cause:

If at the exact moment when user stares at "Enter password" dialogue (given he encrypted his storage) a push notification arrives - the handler would try to process this notification, and since there are no wallets loaded - it could not find relevant wallet and would trigger update of all wallets, which has a mandatory saveToDisk() operation, which in turn saves back all wallets to storage, and since there are no wallets loaded - it would overwrite storage with an empty array. This is also due to the fact that all stored data is packed and stored as a single blob, since BW has a "plausible deniability" feature which means several such blobs can exist, that are unpacked during startup time, and packed when saveToDisk() is called.

Why did it happen?

A combination of: a) non-conventional data storage mechanism, which was designed with "plausible deniability" and multiple storages in mind b) absence of some failsafe mechanisms

How to prevent this from happening?

Fix was applied and rolled out (5b5a9ba924a7e8f3d2efb0971cc917dd5cc479f5): push notifications are not processed when wallets are not in initialized states, plus some failsafe checks.