Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This feature prevents change path attacks.
Let's say the Bob's computer is now compromised and controlled by an attacker.
The next time Bob wants to send bitcoin, the attacker will stream a legit transaction to Bob's hardware wallet, except the change address requested will be derived from a hard to retrieve change path.
Such a path would be for instance:
44'/0'/234454354'/545343432/4654657657
As the transaction is valid and the change path is not displayed on the hardware wallet screen, there is no reason for Bob not to approve the request.
The attacker has the freedom to choose any number for the last 8 elements of the change path (Ledger allows up to 10 elements in a BIP32 path). Each of these elements are 32 bits long, which leaves Bob with 2^256 possible paths to explore to retrieve his funds in the worst case, which is not possible to achieve.
This path is not saved anywhere once the transaction is signed, so there is no other option than to do a brute-force search on the derivation space to recover the funds sent there, which is statistically unlikely to succeed.
The attacker can then ransom Bob, asking for money in exchange of the change path where Bob's money is located.
This PR adds a check when a change path with unusual index is requested by the host computer.
In the case of a BIP44 compliant path, if the account index is superior to 100, or the change is different from 1, or the address index is beyond 50 000, then a warning is displayed on the device's screen, asking for user confirmation and showing the change path.
If the path is not BIP44 compliant, then the warning is displayed no matter the values it carries.