Ledger Security Bulletin 009

30 April 2020: Monero funds lock-up.

Summary

The Monero protocol specifies a Transaction Unlock Time where the recipient can only spend the funds after a future date, as set by the sender. This field wasn’t verified by the device, allowing an attacker to lock a user funds for a very long time.

Impact

This vulnerability allows an attacker having forged a malicious transaction to lock a user funds for a very long time if the user validates it. It affects both Nano S and Nano X users.

Remediation

If the field unlock_time isn’t set to 0, a confirmation is displayed on the device. Fixing this vulnerability required changes in the Monero client running on the Desktop computer as well as changes in the Monero app running on the Ledger Nano device.

The pull request in the Monero client still needs to be merged into the next release. Unfortunately there is no fixed timeline.

The vulnerability is fixed in the last Monero app version (1.6.0 at the time of writing) with protocol version 3. However, in order to ensure compatiblity with the current Monero client, no confirmation is displayed with the version 2 of the protocol.

Once a new Monero client will be released, a new version of the Monero app disabling the version 2 of the protocol will also be released.

Credits

We would like to thank the security researcher Sebastian Kung who discovered the vulnerability and reported it through our bug bounty program.

References

  1. Transaction Unlock Time - Moneropedia
  2. Add timelock verification on device #6436