This repository has been archived by the owner on Apr 15, 2020. It is now read-only.
Metatransactions have replay potential #71
Comments
Merged
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
uport-identity/contracts/TxRelay.sol
Line 29 in 880f8b8
The keys that sign metatransactions are intended to be used for raw Ethereum transactions as well, especially when bypassing the relay altogether and sending transactions directly. Signed data can be rebroadcast as raw Ethereum transactions if the plaintext is formatted similarly. This should not be possible given the current metatransaction payload since the payload size differs from a raw transaction, but the safest option is to prefix the payload with data that will never be part of a valid transaction.
Recommendation
Consider using EIP 191 signed messages for metatransactions to guarantee protection from replaying as raw transactions.
The text was updated successfully, but these errors were encountered: