A security issue* in the design of BIP-143 allows an attacker to lie about segwit input amounts and get the user to pay an unexpectedly high transaction fee. The problem affects all HWW vendors.
We are fixing this by making Trezor require the full UTXO for all types of inputs, so we can validate that the input amount is correct. We have introduced this change in firmware versions 2.3.1 and 1.9.1.
A security issue* in the design of BIP-143 allows an attacker to lie about segwit input amounts and get the user to pay an unexpectedly high transaction fee. The problem affects all HWW vendors.
We are fixing this by making Trezor require the full UTXO for all types of inputs, so we can validate that the input amount is correct. We have introduced this change in firmware versions 2.3.1 and 1.9.1.
*) Details in our blogpost: https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd
Might make sense to do with #555.