Monero `unlock_time` issue #33

tsusanka · 2022-10-07T13:22:49Z

tsusanka
Oct 7, 2022
Maintainer

Impact: Destruction of Funds
Scalability: Remote (Interaction)
Severity: High
Fixed in: Firmware 2.3.0
Reported by: Sebastian Kung
Date reported: 2020-02-01

Details

The Monero field unlock_time was not confirmed on the device's display. Since Monero network does not do any sanity checks for this field, this allows a perpetrator to lock user’s funds for a very long time by simply setting it to a very high value.

Fix

trezor/trezor-firmware@7944c1a

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trezor

Monero `unlock_time` issue #33

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

Trezor

Monero unlock_time issue #33

Uh oh!

Uh oh!

tsusanka Oct 7, 2022 Maintainer

Details

Fix

Read more

Replies: 0 comments

Monero `unlock_time` issue #33

tsusanka
Oct 7, 2022
Maintainer