Ledger's CTO claims there is no vulnerability in their software
ZenGo wallet software has recently discovered a vulnerability that, according to Ledger's CTO, Charles Guillemet, is actually a flaw in the user experience.
A bug in the user experience
ZenGo wallet software has recently discovered a vulnerability that, according to Ledger's CTO, Charles Guillemet, is actually a flaw in the user experience. Users reported that Bitcoin's replace-by-free (RBF) function allows to easily replace an unconfirmed transaction with a new one with a different destination address.
** Walmart is increasingly investing in technological solutions associated with the Blockchain. I recently announced their union to the Food Trust Network and now they announced the union with the Hyperledger platform.
Guillemet explained: "It is important to understand that more than an attack, the real flaw can be seen more as a clever trap. The trap is not a vulnerability. However, we want to prevent someone from falling victim to this type of clever trick. [...] It is just a question of UX that could be used by a dishonest buyer of the product. ”In short, it would not be a system vulnerability, but a simple deception that tries to make users believe that unconfirmed transactions are definitive and, as a result, accept them.This method was already reported by Bitcoin Cash at the end of 2019 when it registered some similar tricks.
** The Dutch multinational financial and banking services company, Rabobank, announced the use of blockchain technology to carry out the settlement of an intercontinental trade in commodities worth USD 12 million.
Finally, Guillemet thanked ZenGo and revealed the measures taken by the firm to avoid cheating: "We want to thank ZenGo for having responsibly communicated this matter to us. [...] We want to prevent someone from falling victim to this type of cheating. One way to prevent this is, of course, making sure any transaction gets committed first. Ledger Live will release an update on July 2. A warning about pending transactions is now displayed".