-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The available balance button #3502
Comments
This feature seems like it would be a vulnerability waiting to be massively exploited.Sent from my iPhoneOn Mar 31, 2024, at 5:23 AM, Skylar Loomis ***@***.***> wrote:
Feature Request
Screenshot.from.2024-03-31.08-09-19.png (view on web)
Describe the Feature Request
The use available balance button allows users to send the full available amount in their account to a specified address.
Describe Preferred Solution
When you click on the button, it will automatically fill in the full available amount in the amount text field.
Related Code
The feature is already available on Bitcoin Core.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
Please elaborate. |
It seems to me like open source is the real limitation here. A would be attacker tracks the repo and waits.Identifies a potential exploit and waits for the code to be developed.The code is open source.The attacker lurks until the feature is deployed without having identified it as an exploit early on in the process.The end result is a zero day exploit on your hands.Everyone who deploys the next version is caught with their pants down and their wallets emptied.Not knocking the feature just not best suited for an open source crypto currency project.Sent from my iPhoneOn Apr 1, 2024, at 5:37 AM, Old Dip Tracker ***@***.***> wrote:
This feature seems like it would be a vulnerability waiting to be massively exploited.
Please elaborate.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
|
With "elaborate", I meant: how is a button that selects all spendable inputs a vulnerability, i.e. what additional risk does the button add? Especially since right now, there already is a button in coin control that lets you select all inputs, so this isn't new functionality in that sense. Additionally: how does this proposed button heighten the risk? Rationale for this not increasing remote exploit risk: if I can RCE on your Qt wallet, calling the existing Both paths are however secured by wallet passphrase. So if this were a proposal to circumvent or weaken that, I would agree with your sentiment; I don't see a reason for this concept to do that - please correct me if I'm wrong here. |
The additional risk is that it would wipe out the entire wallet in one click if exploited.Sent from my iPhoneOn Apr 2, 2024, at 5:11 AM, Old Dip Tracker ***@***.***> wrote:
The end result is a zero day exploit on your hands.
With "elaborate", I meant: how is a button that selects all spendable inputs a vulnerability, i.e. what additional risk does the button add? Especially since right now, there already is a button in coin control that lets you select all inputs, so this isn't new functionality in that sense. Additionally: how does this proposed button heighten the risk?
Rationale for this not increasing remote exploit risk: if I can RCE on your Qt wallet, calling the existing GetBalance() + SendMoney() is a shorter execution path than triggering a button on a form, filling out the form items, and triggering the send button.
Both paths are however secured by wallet passphrase. So if this were a proposal to circumvent or weaken that, I would agree with your sentiment; I don't see a reason for this concept to do that - please correct me if I'm wrong here.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
|
Elaborating further, there should in my opinion be a multisig requirement to be able to use it if approved - something like that. Just seemed like a major red flag without bringing up for dicussion the potential vulnerabilities.Sent from my iPhoneOn Apr 2, 2024, at 5:33 AM, George Artem ***@***.***> wrote:The additional risk is that it would wipe out the entire wallet in one click if exploited.Sent from my iPhoneOn Apr 2, 2024, at 5:11 AM, Old Dip Tracker ***@***.***> wrote:
The end result is a zero day exploit on your hands.
With "elaborate", I meant: how is a button that selects all spendable inputs a vulnerability, i.e. what additional risk does the button add? Especially since right now, there already is a button in coin control that lets you select all inputs, so this isn't new functionality in that sense. Additionally: how does this proposed button heighten the risk?
Rationale for this not increasing remote exploit risk: if I can RCE on your Qt wallet, calling the existing GetBalance() + SendMoney() is a shorter execution path than triggering a button on a form, filling out the form items, and triggering the send button.
Both paths are however secured by wallet passphrase. So if this were a proposal to circumvent or weaken that, I would agree with your sentiment; I don't see a reason for this concept to do that - please correct me if I'm wrong here.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
|
How does the attacker get around the wallet passphrase? |
There are any number of vulnerabilities related to the passphrase. How and where it is stored by the user would be the determining factor in identifying the simples “brute force” path that doesn’t require much thought at all.Use of pay-to-hack both dark and clear net tools etc etc are very common in this space.Social engineering and OS remote access vulnerability would be the second easiest path toward acquiring a passphrase on core for someone with super admin privileges and knowledge.So called ethical hacking always has a price (fiat, crypto or something else) and is closely linked with the attorneys practicing in the class action “data-breach” space IMHOJust a few examples.Sent from my iPhoneOn Apr 2, 2024, at 5:50 AM, Old Dip Tracker ***@***.***> wrote:
The additional risk is that it would wipe out the entire wallet in one click if exploited.
How does the attacker get around the wallet passphrase?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
|
Appreciate it but this conversation is starting to go beyond the scope of the feature being proposed.Suggest dropping it into a discussion 😉Sent from my iPhoneOn Apr 2, 2024, at 7:15 AM, George Artem ***@***.***> wrote:There are any number of vulnerabilities related to the passphrase. How and where it is stored by the user would be the determining factor in identifying the simples “brute force” path that doesn’t require much thought at all.Use of pay-to-hack both dark and clear net tools etc etc are very common in this space.Social engineering and OS remote access vulnerability would be the second easiest path toward acquiring a passphrase on core for someone with super admin privileges and knowledge.So called ethical hacking always has a price (fiat, crypto or something else) and is closely linked with the attorneys practicing in the class action “data-breach” space IMHOJust a few examples.Sent from my iPhoneOn Apr 2, 2024, at 5:50 AM, Old Dip Tracker ***@***.***> wrote:
The additional risk is that it would wipe out the entire wallet in one click if exploited.
How does the attacker get around the wallet passphrase?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
|
But always helpful to have one or two guys looking out on your six for baddies and not actually carrying anything of value to anyone else if one has a sincere desire to operate in this space and do everything on the clear net like a big dumb dumb like me.Oops. Sent from my iPhoneOn Apr 2, 2024, at 7:18 AM, George Artem ***@***.***> wrote:Appreciate it but this conversation is starting to go beyond the scope of the feature being proposed.Suggest dropping it into a discussion 😉Sent from my iPhoneOn Apr 2, 2024, at 7:15 AM, George Artem ***@***.***> wrote:There are any number of vulnerabilities related to the passphrase. How and where it is stored by the user would be the determining factor in identifying the simples “brute force” path that doesn’t require much thought at all.Use of pay-to-hack both dark and clear net tools etc etc are very common in this space.Social engineering and OS remote access vulnerability would be the second easiest path toward acquiring a passphrase on core for someone with super admin privileges and knowledge.So called ethical hacking always has a price (fiat, crypto or something else) and is closely linked with the attorneys practicing in the class action “data-breach” space IMHOJust a few examples.Sent from my iPhoneOn Apr 2, 2024, at 5:50 AM, Old Dip Tracker ***@***.***> wrote:
The additional risk is that it would wipe out the entire wallet in one click if exploited.
How does the attacker get around the wallet passphrase?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>
|
This is the current flow that the button would replace: empty-wallet.mp4Adding or not adding the proposed feature does not significantly impact the security, in my opinion, because it's easy to do today. If you add a wallet passphrase today, you have the same vulnerabilities as you describe. I don't agree that obstructing the user will lead to better security. Instead, I think that complicated UX leads to mistakes, whereas simplifying UX allows people to think about the important parts, like "hey how do I secure this?". |
Ok |
@patricklodder @AjaxPop I would like to try to implement this feature , but i have few doubts , is this feature request accepted because i didn't see any label attached to this issue , Secondly is this feature request intended for 1.15 or 1.21 version ? |
There's no gatekeeping on requests, feel free to implement.
1.21 already has this, so this is a backport for 1.15
Adding, sorry for being lazy |
This may help to get started with the backport: the Bitcoin Core pull requests this was done in initially is bitcoin/bitcoin#11316. You will want to look if there have been any subsequent fixes on the introduced code, let me know if you need help analyzing. |
Backport Available Balance Button from Bitcoin
Feature Request
Describe the Feature Request
The use available balance button allows users to send the full available amount in their account to a specified address.
Describe Preferred Solution
When you click on the button, it will automatically fill in the full available amount in the amount text field.
Related Code
The feature is already available on Bitcoin Core.
The text was updated successfully, but these errors were encountered: