Fake deposit amount exchange vulnerability in Monero

Ryo Cryptocurrency
Mar 3, 2019 · 2 min read

Foreword to Ryo community

This bug has been fixed in Ryo 7 months ago. Patch is available here, however in case of Monero it might cause a hard fork on exploitation. Another fix is possible by ignoring non-null RingCT coinbase transactions in the wallet.

How does the exploit work?

RingCT has extremely insecure design where the amount displayed to the user (from now called masked amount) is different from the amount checked by the network (from now called commitment).

When a coinbase transaction is minted it will include a plaintext amount and a null rct signature. Network will construct commitment from this plaintext amount.

However if the coinbase transaction includes non-null rct signature, it will be able to communicate a masked amount too. This essentially means that the attacker can make it appear as if he deposited any sum of his choosing to an exchange.

Why did you not report it Monero?

Because of their long history of toxic behaviour towards security researchers [ 1 ] [ 2 ] [ 3 ] [ 4 ] I hope that Monero community uses this opportunity to reconsider their behaviour.

Accidental leak open disclosure

While discussing this exploit on Ryo public channel I confused the issues and accidentally leaked a different issue. Monero might want to get that one patched too. [ 1 ]


Monero Devlopers’ Response


At the request of a Monero moderator I’m adding a link to a community discussion on the topic here. Please keep in mind that some posts are NSFW due to abuse being hurled around.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store