Ledger Security Bulletin 010

3 June 2020: Massive transaction fees in BTC app and derivative.

Summary

A vulnerability was found in the implementation of BIP-143, affecting the Bitcoin app and its derivative. It allows an attacker to increase transaction fees without confirmation on the device.

Impact

This vulnerability allows an attacker having compromised the client software of a user to increase transaction fees without confirmation on the device. The user should be tricked into signing a transaction at least twice, which isn’t an unrealistic scenario because the first transaction can be aborted pretending there was an error. A successful exploitation results in the loss of funds for the user. The attacker can also collude with a miner to profit from the transaction fees.

All Bitcoin forks with SegWit support are impacted, as well as apps with BIP-143 support:

  • Bitcoin (BTC)
  • Bitcoin Cash (BCH)
  • Bitcoin Gold (BTG)
  • Digibyte (DGB)
  • Komodo (KMD)
  • Litecoin (LTC)
  • GameCredit (GAME)
  • NIX
  • Qtum
  • Vertcoin (VTC)
  • Viacoin (VIA)
  • XSN
  • ZCash
  • ZClassic (ZCL)

The vulnerability is fixed from version 1.4.0 of the Bitcoin app (being used as a library by the other apps.)

It’s worth noting that several hardware wallets implementation are affected even if this issue has been publicly discussed a few years ago.

Credits

We would like to thank the security researcher Saleem Rashid who discovered the vulnerability and reported it through our bug bounty program.

References

  1. BIP-143: Transaction Signature Verification for Version 0 Witness Program
  2. BIP Proposal - Partially Signed Bitcoin Transaction (PSBT) format