0:03 Signature replay attack 0:40 Why use signatures? 2:12 Example of signature replay attack 2:49 3 known ways to do a signature replay attack 5:42 Vulnerable code 7:30 Preventative techinique
Why nonce is set as an parameter, attacker can provide the same nonce, as well as the same signatures, why we did't stored it as a storage an increment it automatically ?
Hi, What if i don't change the nonce instead I change other data, And that will change the hash and Is it gonna work with that ? The purpose of nonce, there should be a nonce generator for a specific contract or what?
By adding address(this) in the txHash without signing it in the sig, wouldn't the check be invalidated because you're checking against data that wasn't signed?
@@michaelfonda5409 your assumption makes sense, what I'd do is pass the contract's address as a parameter in the transfer() function, that way when signing the transaction off-chain it would be possible to add the contract address to the message before is hashed
@@stalinMaciasETH V3 and V4 of sigs solve this issue by wiring in the contract address to the sig itself inherently. The big issue EVM has though is it being basically impossible to stop signature replays for signed approvals. I'm thinking of making an EIP to add nonces to approvals as a standard, but the gas implications are problematic.
Hi, What if i don't change the nonce instead I change other data, And that will change the hash and Is it gonna work with that ? The purpose of nonce, there should be a nonce generator for a specific contract or what?
Hi, What if i don't change the nonce instead I change other data, And that will change the hash and Is it gonna work with that ? The purpose of nonce, there should be a nonce generator for a specific contract or what?
0:03 Signature replay attack
0:40 Why use signatures?
2:12 Example of signature replay attack
2:49 3 known ways to do a signature replay attack
5:42 Vulnerable code
7:30 Preventative techinique
You are.... handsdown.... the best solidity teacher on youtube!!! Keep up the great work, your channel will explode my friend!!
Loving your videos!!! Please make a video about Meta Transaction and other ways to do gas-less tx.
finally someone making videos that answer real questions
awesome video !! Loving the diagram + code review combo 😍 super clear !!
great content. you are doing an excellent job.. keep educating people about what you know
Why nonce is set as an parameter, attacker can provide the same nonce, as well as the same signatures, why we did't stored it as a storage an increment it automatically ?
Great video. Thanks.
What application did you use for the illustrations?
Google slide
Hi,
What if i don't change the nonce instead I change other data, And that will change the hash and
Is it gonna work with that ? The purpose of nonce, there should be a nonce generator for a specific contract or what?
Is this thesame thing as Signature Malleability? If No, how does it differ?
it's different. this attack uses the same signature twice
how did we prevent replay in self destruct scenario, is it that the nonce gets reset to 0 on chain but the signed message nonce is non-zero?
I was thinking the same
awesomee
Nice content.
Can you make tutorial on uniswap v3?
Someday
y is eve always the bad guy 😂😂😂
Eve - evil
kinda rymes
Eve is a female
By adding address(this) in the txHash without signing it in the sig, wouldn't the check be invalidated because you're checking against data that wasn't signed?
@@michaelfonda5409 your assumption makes sense, what I'd do is pass the contract's address as a parameter in the transfer() function, that way when signing the transaction off-chain it would be possible to add the contract address to the message before is hashed
@@stalinMaciasETH V3 and V4 of sigs solve this issue by wiring in the contract address to the sig itself inherently. The big issue EVM has though is it being basically impossible to stop signature replays for signed approvals. I'm thinking of making an EIP to add nonces to approvals as a standard, but the gas implications are problematic.
Hi,
What if i don't change the nonce instead I change other data, And that will change the hash and
Is it gonna work with that ? The purpose of nonce, there should be a nonce generator for a specific contract or what?
Hi,
What if i don't change the nonce instead I change other data, And that will change the hash and
Is it gonna work with that ? The purpose of nonce, there should be a nonce generator for a specific contract or what?
That also works