This repo contains working exploit code that exfiltrates the private key share from a victim using ZenGo's Lindel17 MPC protocol implementation.
unzip gotham-city.zip
cd gotham-city/integration-tests
cargo test -- --nocaptureThe most interesting parts of the PoC are in the following files inside gotham-city.zip:
- gotham-city/integration-tests/tests/ecdsa.rs
- gotham-city/two-party-ecdsa/src/party_two.rs (in the
computefunction)
- https://github.com/ZenGo-X/gotham-city (server)
- https://github.com/ZenGo-X/multi-party-ecdsa (protocol)
The library was patched: https://github.com/ZenGo-X/gotham-city/releases/tag/v1.0.0