A team of researchers at dWallet Labs has identified a zero-day flaw in Tron multisig accounts, exposing a loophole that could allow an attacker to override the multi-signature system, thereby authenticating transactions with only one signature.
In a detailed technical analysis post, the team revealed that this flaw could affect up to $500 million worth of assets secured in Tron multisig accounts. This is because the flaw allows any signer to “fully bypass the multisig protection offered by TRON.”
Multisignature wallets, as the name implies, require several predefined signers in an account to validate transactions and transfer assets. This allows for the formation of shared accounts in the crypto world. Every signer of an account maintains their unique keys, and the account necessitates a specific threshold for transaction approval.
The dWallet Labs team discovered that Tron’s multisig flaw enables the creation of multiple legitimate signatures.
We can bypass the multisig verification process by signing the same message with non-deterministic nonces of our choice. By doing so, we will be able to generate many valid different signatures for the same message by the same private key.
dWallet Labs said.
The Vulnerability Details
In the words of the cybersecurity team, Tron confirms the uniqueness of the signatures rather than verifying the uniqueness of the signers. This loophole allows signers to potentially “double vote” or sign twice. dWallet Labs’ CEO, Omer Sadika, explained that the resolution is straightforward: validate the address instead of the count of signatures.
The security team observed that this vulnerability was communicated to Tron in February and patched within a few days.
The Swift Response by Tron
Tron confirmed that they responded promptly once they received the report in February. The Tron representatives explained that the flaw was remediated swiftly, preventing potential vulnerability exploitation.
