arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-03 04:58:25 +00:00
Code Issues Releases Wiki Activity

fixup! fix(core): disallow per-node paths in getaddress

Browse Source
This commit is contained in:
Ondřej Vejpustek 2024-11-27 15:57:22 +01:00
parent edd0fcab3d
commit c703cacdcc
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
core/src/apps/bitcoin/sign_tx/change_detector.py
View File

@ -64,7 +64,15 @@ class ChangeDetector:
and self.multisig_fingerprint.output_matches(txo) and self.multisig_fingerprint.output_matches(txo)
and common.multisig_uses_single_path( and common.multisig_uses_single_path(
txo.multisig txo.multisig
) # An output that uses different derivation paths for different xpubs could be difficult to discover ) # An address that uses different derivation paths for different xpubs
# could be difficult to discover if the user did not note all the paths.
# The reason is that each path ends with an address index, which can
# have 1,000,000 possible values. If the address is a t-out-of-n
# multisig, the total number of possible paths is 1,000,000^n. This can
# be exploited by an attacker who has compromised the user's computer.
# The attacker could randomize the address indices and then demand a
# ransom from the user to reveal the paths. To prevent this, we require
# that all xpubs use the same derivation path.
): ):
return False return False