Open think-in-universe opened 3 months ago
The MPC contract now uses payload as the key for chain signature request and response: https://github.com/near/mpc-recovery/blob/e1cbbd0d03500844008bdf48d981356263c3b7ec/contract/src/lib.rs#L370-L372
But it's possible that payloads from different users can be the same and leads to key collision (if nonces are the same). The latter request cannot be sent until the former one with the same payload is fulfilled.
This can be reproduced by sending the same amount of ETH to the same addresses from two new derived accounts, with the demo component by Matt: https://test.near.social/md1.testnet/widget/chainsig-sign-eth-tx
Description
The MPC contract now uses payload as the key for chain signature request and response: https://github.com/near/mpc-recovery/blob/e1cbbd0d03500844008bdf48d981356263c3b7ec/contract/src/lib.rs#L370-L372
But it's possible that payloads from different users can be the same and leads to key collision (if nonces are the same). The latter request cannot be sent until the former one with the same payload is fulfilled.
This can be reproduced by sending the same amount of ETH to the same addresses from two new derived accounts, with the demo component by Matt: https://test.near.social/md1.testnet/widget/chainsig-sign-eth-tx