Our friends from Coinspect recently contacted us to inform us about a security vulnerability in Copay which allows peers of a certain wallet to spend coins without the required quorum. The vulnerability affected all implementations of Copay Beta version 0.3.2. We have already fixed the issue in the latest version of Copay (0.4.1), which is now available at copay.io and the Google Play Store. We encourage all users to update to the latest version.
The team at Coinspect discovered that Copay was not checking the signature type (
SIGNHASH) of the incomming transaction proposals. All Copay transaction proposals are generated of type
SIGNHASH_ALL, therefore, all inputs and outputs of the a transaction are secured by the signature.
A malicious member of a Copay wallet could create a transaction proposal with the signature type
Afterwards, the malicious peer could add more outputs to the signed transaction, effectively spending coins without the required quorum.
We appreciate that Coinspect let us know about this important issue, and we encourage the Bitcoin community to evaluate and audit Copay, given its open-source nature. Multisig wallets have the potential to significantly decrease the risk of Bitcoin theft.
We are committed to maintaining and enhancing Copay as an open source solution. Join the Copay community on GitHub and participate in Copay discussion on Gitter – we are happy to assist in any way we can.