So force people to restore before they can use the wallet??
no. restore is optional. force them to create everything from scratch. i think there was a prompt that suggests making a quick hot wallet or something, and in doing so, you dont get the words for that key.
I never had this occur. I have the seed from my software key like I do any of them. Are you sure you aren’t mistaken? I’ve made and used a bunch of keys with Nunchuk and have never had the situation you describe.
dug into this further and found the cause...(yes, there are bugs) when first entering the app, with no wallets or keys, create a wallet. you cant make a normal wallet without keys so make a hot wallet. this creates a key, and the wallet. now decide you dont want a hot wallet, as you instead want a 2 of 2 multisig with a hotkey and a tapsigner. delete the hot wallet. at this point, you dont have any way to backup the seed words for the key that was created it for the hot wallet, but that key can be used in more wallets. it would be better if users could always export their seed words.
You can also replace keys. Not sure if it works in this scenario. Maybe this is the fail safe. Maybe will test this scenario @c301f133
Concur that's a decent option for an already created wallet using a key without seed words to sweep to a new one
Further to my last thought replacing key works. So I guess that helps if you realize after the fact and still have phone but of no help if you loose phone. Seems like a possible rugging possibility to me. Especially for people new to the space who don’t fully understand what they are doing.
Just to be clear, this is an edge case scenario (that might warrant a fix), but not how the majority of people use Nunchuk. When you create the key or hot wallet, best practice is to back up the key at the earliest. This scenario you ran into is specifically about deleting the hot wallet (without having backed up the key) AND reuse the same key in a multisig. We currently disable exporting the seed phrase more than once, for security reasons. After all, if one can view/export the seed phrase multiple times, it becomes a vulnerability, if someone gets a hold of your phone even for just 15 seconds.