Skip to content

[audit-06] fix: [TRST-M-3] Add nonce-based replay protection #1203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: ma/indexing-payments-audit-fixes-05-M-2
Choose a base branch
from
Open

[audit-06] fix: [TRST-M-3] Add nonce-based replay protection #1203

wants to merge 1 commit into from

Conversation

matiasedgeandnode
Copy link
Contributor

Screenshot 2025-07-23 at 13 03 18

@openzeppelin-code OpenZeppelin Code
Copy link

openzeppelin-code bot commented Jul 23, 2025
edited
Loading

[audit-06] fix: [TRST-M-3] Add nonce-based replay protection

Generated at commit: 8b2e93a342fd1b5e22b3b314927849699e108c33

🚨 Report Summary

Severity Level Results
Contracts Critical
High
Medium
Low
Note
Total		 2
4
0
15
39
60
Dependencies Critical
High
Medium
Low
Note
Total		 0
0
0
0
0
0

For more details view the full report in OpenZeppelin Code Inspector

@matiasedgeandnode matiasedgeandnode changed the title fix: [TRST-M-3] Add nonce-based replay protection [audit-06] fix: [TRST-M-3] Add nonce-based replay protection Jul 24, 2025
@matiasedgeandnode matiasedgeandnode force-pushed the ma/indexing-payments-audit-fixes-05-M-2 branch from eec5ea6 to 17355fe Compare August 3, 2025 18:38
@matiasedgeandnode matiasedgeandnode force-pushed the ma/indexing-payments-audit-fixes-06-M-3 branch from 117672c to e5fefbe Compare August 3, 2025 18:40
@matiasedgeandnode matiasedgeandnode force-pushed the ma/indexing-payments-audit-fixes-05-M-2 branch from 17355fe to 345cfc8 Compare August 3, 2025 19:23
@matiasedgeandnode
fix: [TRST-M-3] Add nonce-based replay protection
8b2e93a 
Fixes signature replay attack vulnerability where old signed RecurringCollectionAgreementUpdate
messages could be replayed to revert agreements to previous terms.

 ## Changes

- Add `nonce` field to RecurringCollectionAgreementUpdate struct (uint32)
- Add `updateNonce` field to AgreementData struct to track current nonce
- Add nonce validation in RecurringCollector.update() to ensure sequential updates
- Update EIP712_RCAU_TYPEHASH to include nonce field
- Add comprehensive tests for nonce validation and replay attack prevention
- Add RecurringCollectorInvalidUpdateNonce error for invalid nonce attempts

 ## Implementation Details

- Nonces start at 0 when agreement is accepted
- Each update must use current nonce + 1
- Nonce is incremented after successful update
- Uses uint32 for gas optimization (supports 4B+ updates per agreement)
- Single source of truth: nonce stored in AgreementData struct
@matiasedgeandnode matiasedgeandnode force-pushed the ma/indexing-payments-audit-fixes-06-M-3 branch from e5fefbe to 8b2e93a Compare August 3, 2025 19:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pcarranzav pcarranzav pcarranzav approved these changes

@tmigone tmigone Awaiting requested review from tmigone

@Maikol Maikol Awaiting requested review from Maikol

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matiasedgeandnode @pcarranzav