Author:
Trezor, the company offering hardware cryptocurrency wallets, announced a firmware update 1.9.1 for Trezor One and 2.3.1 for Trezor Model T devices. The introduction of the upgrades will fix a security vulnerability regarding SegWit transactions discovered three months ago.
The Vulnerability In Question
As today’s blog post from the company explains, Trezor requires the previous transaction for non-SegWit transactions to check the UTXO’s real balance. By doing so, the firm ultimately reassures that the user would not become a victim of manipulation between the differences of input and output amounts and wouldn’t pay a significantly larger fee without even knowing it.
Segregated Witness (SegWit) transactions, however, require different data to be signed, as the amount of the UTXO is present there. It simplifies the process, and if an attacker lies about that UTXO amount, the signature will not be valid.
Yet, a security vulnerability, discovered in March this year, was possible in the following example:
The victim has two SegWit (BIP-143) UTXOs of 15 BTC and 20 BTC. A malware asks him to confirm a transaction with input 1 as 15 BTC and input 2 as 5.00000001 BTC, with the user’s chosen outputs and a valid change output, if necessary.
He confirms it, but the malware displays an error and requests another confirmation with input 1 as 0.00000001 BTC and input 2 as 20 BTC, with the same outputs as before. This transaction seems somewhat identical to the first one, and the user confirms it.
The malware could use the signature of input 1 from the first transaction and the signature of input 2 from the second one to create a transaction that spends 15 BTC from input 1 and 20 BTC from input 2. In this scenario, the user will end up paying a transaction fee of just over 15 BTC.
Trezor’s Solution
The implemented fix from Trezor seems rather straightforward. With the recent updates, the firm will treat SegWit transactions in the same manner as non-SegWit ones. More specifically, Trezor will require the validation of the UTXO amounts from the previous transactions.
The company also said that “applications using Trezor Connect version 8 will continue to work seamlessly.” Trezor will also provide a patch for users of the Electrum wallet. Until the patch implementation, they won’t be able to use it with the newest updates.
“Unfortunately, some third-party tools do not allow hardware wallets to obtain the previous transaction in case of SegWit inputs, which is why Trezor will not be able to sign transactions using these tools until they are updated to work correctly. Due to the responsible disclosure process, we were not able to inform the maintainers beforehand.” – reads the statement.