Bitcoin

955 readers

1 users here now

Do not use URL shortening services: always submit the real link.
Begging/asking for bitcoins is absolutely not allowed, no matter how badly you need the bitcoins. Only requests for donations to large, recognized charities are allowed, and only if there is good reason to believe that the person accepting bitcoins on behalf of the charity is trustworthy.
News articles that do not contain the word "Bitcoin" are usually off-topic. This sublemmy is not about general financial news.
Submissions that are mostly about some other cryptocurrency belong elsewhere. This sublemmy is exclusive to Bitcoin.
No referral links in submissions.
No Self Promotion

founded 3 years ago

MODERATORS

Void_Sloth@lemmy.world

Bisq decentralized exchange money drainig bug (bisq.community)

submitted 1 month ago by deafboy@lemmy.world to c/bitcoin@lemmy.world

0 comments fedilink hide all child comments

Trading was halted by the Bisq team, by raising the minimal required trading protocol version.

Only active trade offers could've been affected. The local wallet is safe

How did the exploit happen?

In short, the exploit was caused by a missing validation that should have rejected negative input values provided by the taker.

The maker and taker must use the same miner fee. That fee value is provided by the taker.

The attacker supplied a negative miner fee.

When the maker calculated the multisig output amount — which includes the miner fee for the payout transaction — the negative value reduced the multisig amount to 0.001 BTC, while the remaining funds were redirected to the taker’s change output.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here