chore: Check the signature returned by the ledger device against the …

…public key in the keyring (#14460) Co-authored-by: Marko <marbar3778@yahoo.com> Co-authored-by: Julien Robert <julien@rbrt.fr> Co-authored-by: Facundo Medica <14063057+facundomedica@users.noreply.github.com>
cosmos · Jan 2, 2023 · 03196d7 · 03196d7
1 parent bca18ba
commit 03196d7
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/crypto/keyring/keyring.go b/crypto/keyring/keyring.go
@@ -616,6 +616,10 @@ func SignWithLedger(k *Record, msg []byte) (sig []byte, pub types.PubKey, err er
 		return nil, nil, err
 	}
 
+	if !priv.PubKey().VerifySignature(msg, sig) {
+		return nil, nil, errors.New("Ledger generated an invalid signature. Perhaps you have multiple ledgers and need to try another one")
+	}
+
 	return sig, priv.PubKey(), nil
 }