Malicious change in mixed transactions #36

tsusanka · 2022-10-07T13:33:33Z

tsusanka
Oct 7, 2022
Maintainer

Impact: Theft of Funds
Scalability: Remote (Interaction)
Severity: Critical
Fixed in: Firmware 2.3.0
Reported by: Saleem Rashid
Date reported: 2020-03-02

Details

A specially crafted multisig transaction could leverage a ToCToU bug to include a change output of an attacker, which wasn't confirmed by the user.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trezor

Malicious change in mixed transactions #36

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

Trezor

Malicious change in mixed transactions #36

Uh oh!

Uh oh!

tsusanka Oct 7, 2022 Maintainer

Details

Read more

Replies: 0 comments

tsusanka
Oct 7, 2022
Maintainer