Signature Replay | Hack Solidity (0.6)
HTML-код
- Опубликовано: 16 сен 2024
- Learn about signature replay attack
#Solidity #SignatureReplay #hack
Code: solidity-by-ex...
References
github.com/eth...
solidity-05.et...
Remix IDE: remix.ethereum.org
Solidity: solidity.readt...
Follow on Twitter: @ProgrammerSmart / programmersmart
Join me on Discord: / discord
Website: smartcontractp...
0:03 Signature replay attack
0:40 Why use signatures?
2:12 Example of signature replay attack
2:49 3 known ways to do a signature replay attack
5:42 Vulnerable code
7:30 Preventative techinique
You are.... handsdown.... the best solidity teacher on youtube!!! Keep up the great work, your channel will explode my friend!!
Loving your videos!!! Please make a video about Meta Transaction and other ways to do gas-less tx.
awesome video !! Loving the diagram + code review combo 😍 super clear !!
finally someone making videos that answer real questions
Why nonce is set as an parameter, attacker can provide the same nonce, as well as the same signatures, why we did't stored it as a storage an increment it automatically ?
great content. you are doing an excellent job.. keep educating people about what you know
Great video. Thanks.
What application did you use for the illustrations?
Google slide
awesomee
Hi,
What if i don't change the nonce instead I change other data, And that will change the hash and
Is it gonna work with that ? The purpose of nonce, there should be a nonce generator for a specific contract or what?
how did we prevent replay in self destruct scenario, is it that the nonce gets reset to 0 on chain but the signed message nonce is non-zero?
I was thinking the same
Is this thesame thing as Signature Malleability? If No, how does it differ?
it's different. this attack uses the same signature twice
Nice content.
Can you make tutorial on uniswap v3?
Someday
y is eve always the bad guy 😂😂😂
Eve - evil
kinda rymes
Eve is a female
By adding address(this) in the txHash without signing it in the sig, wouldn't the check be invalidated because you're checking against data that wasn't signed?
@@michaelfonda5409 your assumption makes sense, what I'd do is pass the contract's address as a parameter in the transfer() function, that way when signing the transaction off-chain it would be possible to add the contract address to the message before is hashed
@@stalinMaciasETH V3 and V4 of sigs solve this issue by wiring in the contract address to the sig itself inherently. The big issue EVM has though is it being basically impossible to stop signature replays for signed approvals. I'm thinking of making an EIP to add nonces to approvals as a standard, but the gas implications are problematic.
Hi,
What if i don't change the nonce instead I change other data, And that will change the hash and
Is it gonna work with that ? The purpose of nonce, there should be a nonce generator for a specific contract or what?
Hi,
What if i don't change the nonce instead I change other data, And that will change the hash and
Is it gonna work with that ? The purpose of nonce, there should be a nonce generator for a specific contract or what?
That also works