Insufficient field size check in Protobuf

[tsusanka]

Impact: Theft of Funds
Scalability: Remote (Interaction)
Severity: Critical
Fixed in: Firmware 2.3.0
Reported by: Saleem Rashid
Date reported: 2020-03-05

Details

An attacker could craft a transaction that could be interpreted in two different ways: first, a legitimate transaction which unknowingly contains a very long prevhash; and second, hidden in the long prevhash is an output sending all funds to the attacker's address. The resulting transaction would be non-standard and would not be propagated by the Bitcoin network, so an attacker would need to mine their own block.

Read more

• Official blogpost