From 87403fadae5140c6fda1cff0fd67739aca4c08e9 Mon Sep 17 00:00:00 2001 From: Alex | Interchain Labs Date: Wed, 19 Mar 2025 13:37:43 -0400 Subject: [PATCH] fix(crypto/ledger): Improve error message when deriving paths (#22116) (#24036) Co-authored-by: Ezequiel Raynaudo --- CHANGELOG.md | 2 +- crypto/ledger/ledger_secp256k1.go | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4aa873a414..5049cb1f10 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,9 +49,9 @@ Ref: https://keepachangelog.com/en/1.0.0/ ### Improvements +* (crypto/ledger) [#24036](https://github.com/cosmos/cosmos-sdk/pull/24036) Improve error message when deriving paths using index > 100 * (gRPC) [#23844](https://github.com/cosmos/cosmos-sdk/pull/23844) Add debug log prints for each gRPC request. - ### Bug Fixes * (client/keys) [#24041](https://github.com/cosmos/cosmos-sdk/pull/24041) `keys delete` won't terminate when a key is not found, but will log the error. diff --git a/crypto/ledger/ledger_secp256k1.go b/crypto/ledger/ledger_secp256k1.go index 285e351f3b..e0f4a4d94a 100644 --- a/crypto/ledger/ledger_secp256k1.go +++ b/crypto/ledger/ledger_secp256k1.go @@ -331,7 +331,7 @@ func getPubKeyUnsafe(device SECP256K1, path hd.BIP44Params) (types.PubKey, error return options.createPubkey(compressedPublicKey), nil } -// getPubKeyAddr reads the pubkey and the address from a ledger device. +// getPubKeyAddrSafe reads the pubkey and the address from a ledger device. // This function is marked as Safe as it will require user confirmation and // account and index will be shown in the device. // @@ -340,7 +340,13 @@ func getPubKeyUnsafe(device SECP256K1, path hd.BIP44Params) (types.PubKey, error func getPubKeyAddrSafe(device SECP256K1, path hd.BIP44Params, hrp string) (types.PubKey, string, error) { publicKey, addr, err := device.GetAddressPubKeySECP256K1(path.DerivationPath(), hrp) if err != nil { - return nil, "", fmt.Errorf("%w: address rejected for path %s", err, path.String()) + // Check special case if user is trying to use an index > 100 + if path.AddressIndex > 100 { + return nil, "", fmt.Errorf("%w: cannot derive paths where index > 100: %s "+ + "This is a security measure to avoid very hard to find derivation paths introduced by a possible attacker. "+ + "You can disable this by setting expert mode in your ledger device. Do this at your own risk", err, path) + } + return nil, "", fmt.Errorf("%w: address rejected for path %s", err, path) } // re-serialize in the 33-byte compressed format