Malicious change in mixed transactions #31
tsusanka
announced in
Past Security Issues
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Details
A specially crafted multisig transaction could leverage a ToCToU bug to include a change output of an attacker, which wasn't confirmed by the user.
Fix
trezor/trezor-firmware@8eb6ce0
Read more
Official blogpost
Beta Was this translation helpful? Give feedback.
All reactions