Malicious change in mixed transactions #15
tsusanka
announced in
Past Security Issues
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Detail
A specially crafted multisig transaction could leverage a ToCToU bug to include a change output of an attacker, which wasn't confirmed by the user.
Fix
trezor/trezor-firmware@137a60c
Beta Was this translation helpful? Give feedback.
All reactions