Transaction input/output versions are not bound to commitment signatures #4758
Labels
A-base_node
Area - The Tari base node executable and libraries
A-security
Area - Security related
A-wallet
Area - related to the wallet
C-bug
Category - fixes a bug, typically associated with an issue.
W-consensus_breaking
Warn - A change requiring a hard fork to be activated
Milestone
Transaction inputs and output versions are used when creating commitment signatures. However, a representation of the version is not bound to the signature challenge, which could be used in an attempted downgrade or mismatch attack.
It would be safer to bind the version to the signature challenge.
The text was updated successfully, but these errors were encountered: