π Secure Meta-Transaction Replay ProtectionΒ #54
Description
π Overview
Meta-transactions enable users to submit gasless transactions via relayers. However, without proper safeguards, these transactions are vulnerable to replay attacks, where a malicious actor resubmits a transaction to drain funds or manipulate state.
This task introduces Secure Meta-Transaction Replay Protection to harden the gasless transaction flow by enforcing nonce validation and signature expiration.
π― Objective
Build a protection system that:
- Validates nonces for each meta-transaction
- Enforces signature expiration to prevent replay over time
- Ensures secure and deterministic processing of gasless transactions
- Maintains backward compatibility with existing relayer infrastructure
π Scope of Work
1οΈβ£ Nonce Validation
- Maintain a per-user nonce tracking system
- Ensure incoming meta-transactions use the next expected nonce
- Reject duplicate or out-of-order transactions
Example behavior:
| User | Expected Nonce | Received Nonce | Result |
|---|---|---|---|
| 0x123... | 10 | 10 | Accepted |
| 0x123... | 10 | 9 | Rejected (replay) |
| 0x123... | 10 | 10 | Rejected (duplicate) |
- Store nonces in:
- On-chain mapping (recommended for decentralization)
- Off-chain cache (Redis) for fast validation
2οΈβ£ Signature Expiration
- Include
expiryfield in meta-transaction payload - Reject transactions after expiration timestamp
- Provide clear rejection response:
{
"error": "SignatureExpired",
"message": "Meta-transaction signature has expired."
}