Skip to content
This repository has been archived by the owner on Jun 27, 2022. It is now read-only.

signP2SHTransaction large fee vulnerability #815

Open
landabaso opened this issue Mar 17, 2022 · 0 comments
Open

signP2SHTransaction large fee vulnerability #815

landabaso opened this issue Mar 17, 2022 · 0 comments

Comments

@landabaso
Copy link

Could you guys take a look and confirm if signP2SHTransaction was updated to deal with the large fee transaction vulnerability[1]?

When signing a p2wsh transaction the Ledger device will show "Unverified Inputs Update Ledger Live or third party wallet software".
It will still sign the transaction (with correct signatures - I can confirm). But that message makes me suspicious that ledgerjs's signP2SHTransaction may still be affected by the vulnerability which could lead to a potential security problem. Also the UX is pretty bad.

I've seen this problem in my tests and confirmed it happens to other parties that use ledgerjs for p2wsh. See for example Unchained Capital:
unchained-capital/unchained-wallets#32

signP2SHTransaction was updated with deal with segwit in 2018 (#189), way before that vulnerability was disclosed.

I tried to find the pull request that fixed the fee vulnerability for createPaymentTransactionNew to see if signP2SHTransaction was easily fixable by comparison but could not find it.

[1] https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant