How Does It Work?
The design of RingCT is considered insecure as the masked amount (the one displayed to the user) is different from the commitment amount (the one checked by the network). A Coinbase transaction includes a null
When these Coinbase transactions include non-null
Avoiding a Possible Exploitation
In the blog post, Ryo Cryptocurrency said that it had fixed the problem 7 months ago and gave a link for the patch as well. However, it said that its Monero’s vulnerability is exploited; it could lead to a hard fork. The problem can also be fixed by ignoring non-null RingCT Coinbase transactions.
The Monero mailing list noted that the wallet bug is related to Coinbase transactions and could affect everyone running a wallet on an exchange, a service or a payment gateway. The patch for the same will be released on March 6 at 4 pm GMT.
The email also told users how to avoid the problem. It asked users to run “set refresh-type no-
It also clarified that this is not a consensus bug and there is no double spend problem, stating that coins are not being created out of anywhere.
Monero experienced a bug last year as well where attackers could manipulate the amounts shown on the wallets to manipulate transactions and earn extra XMR.