Main crypto {hardware} pockets producer Ledger has denied that its product’s transaction administration software program featured a double-spend vulnerability.
In accordance with Ledger’s CTO Charles Guillemet, the vulnerability just lately revealed by software program pockets ZenGo is — actually — nothing greater than a consumer expertise flaw. He illustrated the character of its {hardware} pockets companion software program Ledger Dwell to Cointelegraph:
“It’s essential to grasp that quite than an assault, the precise flaw could also be seen extra as a intelligent piece of trickery. Trickery is just not a vulnerability. Nevertheless, we do need to stop anybody from falling sufferer to those sorts of intelligent schemes. […] It’s only a UX situation that may very well be utilized by a dishonest product purchaser. ”
The claims should not new
ZenGo’s claims are carefully associated to these launched by Bitcoin Money (BCH)-focused agency BitcoinBCH on the finish of 2019. On the time, the agency’s CEO Hayden Otto defined in a video how a Bitcoin (BTC) point-of-sale resolution misled retailers into believing non-confirmed transactions have been ultimate and accepting them.
Like BitcoinBCH, ZenGo famous that Bitcoin’s replace-by-fee (RBF) characteristic can simply permit customers to interchange an unconfirmed transaction with a brand new one with a distinct goal tackle that has a better charge. It’s value noting that this characteristic solely makes it simpler to leverage the non-finality of unconfirmed transactions, a factor that’s tougher, however nonetheless doable with out RBF.
Moreover, ZenGo’s report additionally factors out that RBF “doesn’t introduce any new vulnerabilities in itself” and as a substitute “it explicitly places the duty on pockets functions and customers’ to establish unconfirmed transactions as unsafe.” That is confirmed by Guillemet:
“We need to thank ZenGo for having responsibly disclosed this situation to us. […] We do need to stop anybody from falling sufferer to those sorts of intelligent schemes. A option to stop that is after all to guarantee that any transaction is first confirmed. Ledger Dwell is releasing an replace on July 2nd. A warning is now displayed on pending transactions.”
ZenGo mentioned that it was awarded a bug bounty for bringing consideration to the difficulty.
Learn the unique article right here