Bitcoin Forum

When trying to send some Doge from my Ledger using Ledger Live, it missed one character on the display when comparing the address. Let's say the address was xxxxNyyyyzzzz. The address is split over several screens because it's too large, and looks like this on the Ledger:
The character in between xxxxNyyyy didn't show up! I tried a small amount, and set a low fee. It didn't show up on a block explorer, and didn't confirm.
Ledger Live shows the correct address, but the Ledger device doesn't!

After a while the funds returned to Ledger, and I made a new transaction to another address. Everything worked as expected.

I'm just posting here for latere reference.

Probably not an issue, at least not with the type of attack I'm thinking of - like clipboard malware. It would have to match all other characters, which is pretty much impossible. Perhaps I'm not evil enough though, maybe there is some other way to exploit this.

I don't think it's caused by an exploit, and I expect a missing character to result in an invalid address. My hope is that it's just a display bug on the Ledger, my fear is it's creating an incorrect (and invalid) transaction.

My clipboard was correct :)

I'm assuming it's a display issue, and I was thinking if/how it could be exploited, not that it's caused by an exploit.

If it's not a display issue and it really cuts one character out and puts that mangled hash in the TX that'd be quite nasty.

Do Doge addresses contain a checksum as bitcoin addresses do? If so, it shouldn't be necessary to worry about a single omitted address, as the transaction would be invalid if incorrect.

If you are concerned about an attacker creating a vanity address that matches the entire 1st page displayed on your Ledger device, remember that creating vanity addresses get exponentially more difficult with each additional character you want.

As far as I am aware, the only difference between a Dogecoin address and a legacy Bitcoin address is that the Dogecoin address uses a 0x1E version byte instead of a 0x00 version byte, meaning the first character of the address is "D" rather than "1". So yes, they contain the same double SHA256 checksum.

Is it a repeatable bug? ??? Or does it only do it with particular address? Kinda seems like the sort of thing that should be highlighted to Ledger support and/or logged on their issue register.

Ledger has announced that there are difficulties with Doge transactions in Ledger Live, perhaps this is the reason that the addresses in Ledger Live and Ledger devices are not identical.


More info here - > Send DOGE with ledger live to exchange but does not get sent. (https://www.reddit.com/r/ledgerwallet/comments/msoydt/send_doge_with_ledger_live_to_exchange_but_does/l)

I can repeat it, but only with 1 out of the 2 addresses I've tried. This is the address:
This is what it looks like on the Ledger:
https://loyce.club/other/bug.jpg
If you can verify the bug by creating a test-transaction (no need to broadcast it, just reject it on the Ledger), that would be much appreciated.
There's a firmware update waiting, but I haven't installed it yet.

Unless it's fixed already in the latest firmware, but I'm always afraid to upgrade those.

I did upgrade Ledger Live recently. That would mean Ledger Live omits a character when sending the address to the Ledger device.

I tried it on my Nano X, and the address you have a problem with is displayed correctly on my device - The Nano X at least has a larger screen so the entire address can be displayed at once.

https://i.imgur.com/fAb9Rko.jpg


In the worst case, it can happen that you brick your hardware wallet - but I think that happens very rarely. Yet those initial problems that have occurred with Ledger firmware should be a thing of the past - this process is now much more painless and faster - unless you are using some old OS like Windows 7.

I'm still confused by this. If it's a Ledger Live bug, wouldn't the address be wrong on any device? Or do you two use different Live versions?

Which part (Live or the device) is splitting the address into multiple lines for display? I was assuming it was the device doing this, and dropping one character - seemed like too much of a coincidence that this specific character position on the boundary of two lines is missing.

I heard about similar problem with Bitcoin addresses on ledger that was cause by some malicious program that was changing only last four characters on bitcoin address to steal funds, but right now I can't find the source of this information.

Ledger reddit page is full of posts with people complaining and asking where are their coins, but have you seen this doge page on ledger wallet website?

https://support.ledger.com/hc/en-us/articles/115005174025

I have the latest version available (2.25.1), and LoyceV claims to have also made an update recently, so I guess we use the same Ledger Live version, but a different device.


When it comes to Nano S, due to the size of the screen, it is not possible to display the address at once, but what exactly causes the address not to be displayed correctly at this time we cannot say. Maybe LoyceV has problematic (old) firmware that is combined with current Ledger Live and problems that Ledger has currently with Doge.

Edit:

I found my Nano S and tried to reproduce the same error when displaying the address, and I can confirm that the (w) character is really missing. Since I couldn’t reproduce the same thing on the Nano X, we can conclude that something is wrong with the Nano S combined with the current Ledger Live.

https://i.imgur.com/LEeVIhe.jpg

In all my years with a Ledger wallet, I have never seen such a thing. I don't have Dogecoins on my Ledger device, but I thought I would be able to create a 0-value transaction and get to the confirmation screen to have the address displayed on the device. After installing the app and adding a Doge account, it unfortunately didn't work. The continue button is only clickable with a valid balance.

All I could try was to generate a new receiving address and compare the one in Ledger Live to the one displayed on the screen of my Nano. Both were identical, there were no missing characters. Can you recreate the bug when you generate new receiving addresses or when you try to send to any random Doge address found on the blockchain?

Probably. I expect it to take some trial and error, but haven't tested other addresses.

I've sent Ledger an email, now we wait :D

Oh...good luck with that, it's time to pop a champagne bottle.
You should expect to receive stupid generic automatic machine answer and experience their terrible customer support. :)

Just now reading on their reddit page that other altcoins like Vertcoin also have some issues with ledger.

They responded (as promised within 24 hours):

So... it's a display bug in their "UX library" but apparently it results in an invalid transaction. That sounds a bit contrary to how I thought a hardware wallet is supposed to work.

I thought it goes like this - you build a TX (e.g on a phone or a PC), send it to the device, it shows the receiving address, you confirm it, the device signs the TX. Why is the device allowed to change the output script?

It could have been rejected due to my the low fee, I have no idea what the minimum is for Doge. Ledger surprised me with a default fee of more than 2 Doge for one input and 2 outputs.

Reading some of the comments on Reddit it sounded like people were complaining about not being able to send coins, and not so much about the address showing up incorrectly on the device.

But who knows, what with Ledger trying so hard to avoid explaining what the issue is and what to do (or not to do) to prevent it.

This is what their co-founder and ledger reddit moderator btchip has to say about this issue:

https://www.reddit.com/user/btchip/

He is obviously not informed what is written on ledger website, he is ignoring many complains on their reddit page, and last step is probably banning and muting people.

Yeah sending a shill labelled "co-founder" to spread false information on social media is not the smartest thing to do when you have a problem but Ledger isn't really known for doing smart things lately.

@LoyceV have you had an opportunity to send Doge from your Ledger using Ledger Live? I've noticed that the warning that appeared on the official support page[1] is no longer there, so I'm assuming that it has been solved? I haven't been able to confirm this, but since the posts complaining about Doge have disappeared from their official sub - r/ledgerwallet - (regarding this problem) I'm guessing that maybe it has been solved?

---

[1] https://support.ledger.com/hc/en-us/articles/115005174025-Dogecoin-DOGE-

I haven't tested the same address yet, but I doubt it can be solved without a firmware update.

I didn't see any real mention of bug fixes in the release notes (https://support.ledger.com/hc/en-us/articles/360010446000-Ledger-Nano-S-firmware-release-notes) but it would be interesting to see if it was solved in the new 2.0.0 firmware update... ???

I managed to upgrade Nano S firmware version to 2.0.0, and then I did a test again with your address. I can confirm that the missing character is now showing correctly. The whole firmware update process is very fast and without any problems (W10), it took a little over 5 minutes in my case.

https://i.imgur.com/uCgsvnL.jpg

https://i.imgur.com/Q01XmpS.jpg