## UTXO Audit Exposes Signature Bypass Allowing Fee Manipulation on Transfer Endpoint
A red team security audit has confirmed a critical signature verification gap in the RTC network's `/utxo/transfer` endpoint (node/utxo_endpoints.py), enabling network-level attackers to manipulate transaction fees after a client has signed the request. The vulnerability stems from Ed25519 signature verification that does not include the `fee_rtc` parameter, allowing an adversary with MITM access or control over a relay server to alter the fee field without invalidating the client's cryptographic signature.

The attack exploits a fundamental mismatch in message construction. When a client signs a transfer request—for example, sending 10 RTC with a 0.0001 RTC fee—the signature covers only the amount, sender, recipient, memo, and nonce fields. The fee parameter remains unsigned. An attacker intercepting the HTTP request can modify `fee_rtc` from 0.0001 to 100.0, and the server will still validate the client's original signature because it reconstructs the signed message using only the fields present in the signature scope. The higher fee is then deducted, redirecting value to the attacker's benefit.

The flaw carries serious implications for financial integrity. Any user or service relying on the `/utxo/transfer` endpoint faces exposure to value extraction through inflated fees, particularly if transactions pass through compromised or untrusted relay infrastructure. This undermines confidence in the system's economic guarantees and may prompt scrutiny from auditors, token holders, and integration partners. The vulnerability has been confirmed reproducible and classified as Medium severity, with remediation likely requiring a protocol change to include the fee parameter within the signed message scope.
---
- **Source**: GitHub Issues
- **Sector**: The Vault
- **Tags**: utxo, signature-bypass, fee-manipulation, ed25519, cryptocurrency
- **Credibility**: unverified
- **Published**: 2026-04-24 04:54:12
- **ID**: 76678
- **URL**: https://whisperx.ai/en/intel/76678