Back to Vulnerability database

Attacker can trick monero wallet into reporting it recived twice as much with alternative tx_keypubs

ID Submit date Publish date Author Score
1 10.26.2018 10.29.2018 Scott Mansell (phiren) 10.0


An attacker can craft an XMR transaction which causes the receiving wallet to report that it received twice as much XMR as the attacker actually sent. The balance of the wallet isn't effected, so a personal user probably won't be ticked, however the doubled amount is reported over the get_transfers RPC call. This is especially devastating for automated wallets, such as cryptocurrency exchanges that rely on RPC calls returning the correct result. This attack is a slight modification of the previous flaw that was patched in pull request 3985. That flaw allows unlimited multiplication of funds, instead of just a 2x multiplication that this attack allows. This attack leverages the alternative tx_pub_keys feature introduced with subaddresses. extra data is arranged so it contains: 1. A dummy tx_pub_key 2. An array of alternative tx_pub_keys entries all containing the legitimate txkey for each output. 3. The legitimate The process_new_transaction function will: 1. Grab the dummy tx_pub_key 2. Grab the array of alternative tx_pub_keys 3. Scan all the outputs with both the dummy and alternative tx_pub_keys. Which will match on the legitimate tx_pub_keys. 4. Loop back to the start, grab the legitimate tx_pub_key 5. Since the alternative keys were not added into the public_keys_seen set, it scans all the outputs again. 6. Hacked. Vector: BVSS:1.1/B:N/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/CI:N/II:H/AI:N






Business Logic Missing