I wonder what they mean with complex spending conditions? I assume it's got nothing to do with standard sending/receiving, generating addresses, etc. Could it be related to Taproot and the "bitcoin tokens" and ordinals?
No, Since bitcoin script is a stack-based language with too many edge cases, miniscript is the function representation for these stack-based scripts and designed for Tapscript (BIP342) embedded scripts.what is happen above is vulnerability enable bypassing some spending conditions which was not allowed in the previously generated script and thus enables a third party to the possibility of spending.
Apparently, Liana is the only client where the Miniscript feature worked completely.
even Liana is not effected because there is no release of it that allows the user to create descriptor that was affected by this vulnerabilityYou will find technical details, sources and more here https://wizardsardine.com/blog/ledger-vulnerability-disclosure/
The Miniscript fragment a:X was incorrectly encoded by the Ledger Bitcoin application. Instead of translating to:
Code:
OP_TOALTSTACK X OP_FROMALTSTACK
It was encoded to:Code:
OP_TOALTSTACK X
This opens the possibility for the spender to always provide the return value of the expression preceding a a: in a Miniscript. This implies any type of check (preimage, signature, timelock) preceding a a: may be bypassed (just feed a 1 at the correct place in the witness).
