Author

Topic: ledger vulnerability: Invalid addresses for certain miniscript policies (Read 94 times)

hero member
Activity: 406
Merit: 443
I wonder what they mean with complex spending conditions? I assume it's got nothing to do with standard sending/receiving, generating addresses, etc. Could it be related to Taproot and the "bitcoin tokens" and ordinals?
No, Since bitcoin script is a stack-based language with too many edge cases, miniscript is the function representation for these stack-based scripts and designed for Tapscript (BIP342) embedded scripts.
what is happen above is vulnerability enable bypassing some spending conditions which was not allowed in the previously generated script and thus enables a third party to the possibility of spending.

Apparently, Liana is the only client where the Miniscript feature worked completely.   
even Liana is not effected because there is no release of it that allows the user to create descriptor that was affected by this vulnerability

You will find technical details, sources and more here https://wizardsardine.com/blog/ledger-vulnerability-disclosure/

The Miniscript fragment a:X was incorrectly encoded by the Ledger Bitcoin application. Instead of translating to:

Code:
OP_TOALTSTACK X OP_FROMALTSTACK
It was encoded to:

Code:
OP_TOALTSTACK X
This opens the possibility for the spender to always provide the return value of the expression preceding a a: in a Miniscript. This implies any type of check (preimage, signature, timelock) preceding a a: may be bypassed (just feed a 1 at the correct place in the witness).
legendary
Activity: 2730
Merit: 7065
I wonder what they mean with complex spending conditions? I assume it's got nothing to do with standard sending/receiving, generating addresses, etc. Could it be related to Taproot and the "bitcoin tokens" and ordinals?

If I understood correctly, for a successful attack, the software you use would have to be malicious, hacked, or manipulated with malware. The second condition is that the user doesn't verify the address on the hardware wallet screen. Apparently, Liana is the only client where the Miniscript feature worked completely.   
legendary
Activity: 2212
Merit: 7064
Although there are very few (users) who use such functions and will be affected by this vulnerability (this will only happen if you are using advanced hand-rolled tooling), it is necessary to upgrade to version 2.1.2.
Thanks for reporting before me, I was just getting ready to write about this  Wink
This was very serious bug and result of this exploit could be theft of coins, this could happen if it wasn't reported by this guys and fixed on time.
Maybe this would never happen if Ledger would spent more time improving their Bitcoin app instead of wasting time with bunch of shitcoins.
Everyone better update latest version of your BTC app that was released few days ago.

EDIT:
Bitcoin app v2.1.2 is latest one.
hero member
Activity: 406
Merit: 443
Miniscript is a language to define possibly complex spending conditions for bitcoin wallets.

The Ledger bitcoin app supports miniscript policies since version 2.1.0, deployed in February 2023.

Quote
Versions 2.1.0 and 2.1.1 of the app incorrectly handle the a: fragment, causing the app to produce wrong addresses.

In theory this is critical as the device is usually trusted to display the right address. In practice, the impact is limited, as there is no currently deployed wallet software with a full integration with such policies.

Any other wallet not using miniscript, or any miniscript policy not containing the a: fragment, is not affected.

Users who encounter issues related to spending Bitcoins can reach out Ledger Support.

Source https://donjon.ledger.com/lsb/019/
Read more in the detailed report by Antoine Poinsot https://wizardsardine.com/blog/ledger-vulnerability-disclosure/

Although there are very few (users) who use such functions and will be affected by this vulnerability (this will only happen if you are using advanced hand-rolled tooling), it is necessary to upgrade to version 2.1.2.
Jump to: