Which version did you use? I just created a transaction in 4.3.2 and by default it has SIGHASH_ALL.
It shouldn't have SIGHASH_NONE, unless you've specified it. It goes beyond cold storage, the miner can simply change the outputs of your transaction and replace them with their, essentially taking all of your inputs.
Topic: Sighash - page 2. (Read 233 times)
Today I discovered that Electrum is capable of signing transactions with an alternative sighash flag (I tried SIGHASH_NONE) without notifying me in any way. In my opinion, this opens up the possibility of stealing money even when using a cold storage. Am I wrong?
Jump to: