How does the wallet protect ageinst qr codes containing malicious payloads in the case where there is a vulnerability in the hardware?
Is there any difference in the way you need to protect ageinst these when using qr compared to other solutions?
We only accept a very small list of certain UR messages and other specific payload types (eg. SeedQR). We then apply strict checks to the format of that payload to ensure it is valid and is what we think it is (for example our PSBT parser can be quite strict in what it accepts). Then after that, we still have the checks and validations we run on the payload (eg. the txn data) regardless of which transport it was received from.
reply