-
-
(HAL-16) MOVETH SIGNATURE REPLAY
Auditor: Halborn
Severity: Critical
Description
The transfer_from function is vulnerable to signature replay attacks. It uses the account's sequence number as a…
-
### Describe the bug
When running reth in dev mode with a small block-time (e.g. 300ms) JSON RPC API returns inconsistent results. After transaction with nonce X is included in the block (node return…
-
In response to comments from Falko:
https://mailarchive.ietf.org/arch/msg/spasm/-wg0a8xuhrosRdZlzvQpYD1r0vE/
OLD
> When considering stripping attacks, one need consider the case where an attack…
-
**This is a follow-up ticket to** https://github.com/gematik/epa-deployment/issues/28.
First of all, thank you for your support and answers, which have been very helpful.
We have tried using the…
-
`OIDC` has a [`nonce` mechanism](https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.2) that gets included in the JWT to prevent replay attacks.
Comparing it after decoding isn't partic…
aagmv updated
9 months ago
-
This issue is related to PR #291 I opened. The solution in the PR does not work properly when a page with the script is loaded for the first from the cache and then replaced with a fresh copy from the…
-
Scenario
0. User has an account for which the last executed tx nonce was 745
1. User has pending transaction with nonce 737 (it is unprocessable, nonce is already used)
2. User creates a new transa…
-
### Summary
i initiate unstaking using `curl -s -X DELETE localhost:1708/stake | jq`. after 20+ minutes the curl call is still pending.
```
$ curl -s -X GET localhost:1708/transactions | jq
{
…
-
when creating create a transient with the nonce in it that lasts as long as nonce life. When verifying check if that transient exists. If so, precede to normal nonce verification and clear that transi…