I often hear the argument to use different manufacturers to eliminate vendor risk
However, I also understand that you cannot send payments from multisig without additional metadata (public keys of EVERY signator)
So, is there still an attack vector from a compromised chipset?