How Does It Work?
The design of RingCT is considered insecure as the masked amount (the one displayed to the user) is different from the commitment amount (the one checked by the network). A Coinbase transaction includes a null rct signature and a plaintext amount from where the network constructs its commitment amount.
When these Coinbase transactions include non-null rct signature, it can commit a masked amount as well. This means that an attacker exploiting the vulnerability can make any sum of his choice appear in an exchange. Ryo said that it did not report it directly to Monero because of the community’s toxic behavior towards security researchers.
Avoiding a Possible Exploitation
In the blog post, Ryo Cryptocurrency said that it had fixed the problem 7 months ago and gave a link for the patch as well. However, it said that its Monero’s vulnerability is exploited; it could lead to a hard fork. The problem can also be fixed by ignoring non-null RingCT Coinbase transactions.
The Monero mailing list noted that the wallet bug is related to Coinbase transactions and could affect everyone running a wallet on an exchange, a service or a payment gateway. The patch for the same will be released on March 6 at 4 pm GMT.
The email also told users how to avoid the problem. It asked users to run “set refresh-type no-coinbase” in monero-wallet-cli. It added that users would first have to “close monero-wallet-rpc and open the wallet with monero-wallet-cli. This should be set for every wallet you’re running. This is a persistent flag, so once you quit monero-wallet-cli and start monero-wallet-rpc on that same wallet, the setting will persist.”
also clarified that this is not a consensus bug and there is no
double spend problem, stating that coins are not being created out of
Monero experienced a bug last year as well where attackers could manipulate the amounts shown on the wallets to manipulate transactions and earn extra XMR.