Back to Vulnerability database

Attacker can trick monero wallet into reporting it recived twice as much with alternative tx_keypubs

ID Submit date Publish date Author Score
1 10.26.2018 10.29.2018 Scott Mansell (phiren) 10.0


An attacker can craft an XMR transaction which causes the receiving wallet to report that it received twice as much XMR as the attacker actually sent.

The balance of the wallet isn't effected, so a personal user probably won't be ticked, however the doubled amount is reported over the get_transfers RPC call.

This is especially devastating for automated wallets, such as cryptocurrency exchanges that rely on RPC calls returning the correct result.

This attack is a slight modification of the previous flaw that was patched in pull request 3985. That flaw allows unlimited multiplication of funds, instead of just a 2x multiplication that this attack allows.

This attack leverages the alternative txpubkeys feature introduced with subaddresses. extra data is arranged so it contains:

  1. A dummy txpubkey
  2. An array of alternative txpubkeys entries all containing the legitimate txkey for each output.
  3. The legitimate

The processnewtransaction function will:

  1. Grab the dummy txpubkey
  2. Grab the array of alternative txpubkeys
  3. Scan all the outputs with both the dummy and alternative txpubkeys. Which will match on the legitimate txpubkeys.
  4. Loop back to the start, grab the legitimate txpubkey
  5. Since the alternative keys were not added into the publickeysseen set, it scans all the outputs again.
  6. Hacked.