CVE-2021-37491

Vulnerability

In Dogecoin Core versions 1.14.3 and earlier, the CWallet::CreateTransaction() function in src/wallet/wallet.cpp does not shuffle the selected coins before finalizing the transaction outputs. This allows an observer to correlate the order of inputs and outputs, potentially revealing which outputs are change outputs and exposing sensitive information about the wallet's balance and spending patterns. The affected code is similar to the issue fixed in Bitcoin Core commit 2fb9c1e6681370478e24a19172ed6d78d95d50d3 [2].

Exploitation

An attacker with network access to the blockchain can analyze the ordering of transaction inputs and outputs. No authentication or special privileges are required, as the transaction data is public. By observing the deterministic order of inputs and outputs, an attacker can identify change outputs and infer the wallet's private information, such as which outputs belong to the same transaction and the approximate balance.

Impact

Successful exploitation leads to information disclosure (privacy breach). An attacker can correlate transaction inputs and outputs, identifying change outputs and potentially linking multiple transactions to the same wallet. This compromises the user's financial privacy and can enable targeted attacks.

Mitigation

A fix was introduced in Bitcoin Core commit 2fb9c1e6 and is applicable to Dogecoin. The fix adds a shuffle of selected coins before transaction finalization. Updating to a patched version (e.g., after the fix) is recommended. As of the publication date, Dogecoin Core should be updated to a version that includes the fix. Users should upgrade to the latest version. If no patched version is available, manual code changes can be applied by incorporating the shuffle logic from the referenced commit [2].