Giszmo
commented
3 years ago I tagged this as "bug" as users who update their Trezor will surely consider it a bug that Mycelium stops working with it.
Open tsusanka opened 4 years ago
Giszmo
commented
3 years ago I tagged this as "bug" as users who update their Trezor will surely consider it a bug that Mycelium stops working with it.
A security issue* in the design of BIP-143 allows an attacker to lie about segwit input amounts and get the user to pay an unexpectedly high transaction fee. The problem affects all HWW vendors.
We are fixing this by making Trezor require the full UTXO for all types of inputs, so we can validate that the input amount is correct. We have introduced this change in firmware versions 2.3.1 and 1.9.1.
*) Details in our blogpost: https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd
Might make sense to do with #555.