Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

same nonce same from same to same amount get the raw tx is same, the tx hash is same too, Are there safety risks and are there any improvement plans? #5121

Closed
malingzhao opened this issue Jul 24, 2024 · 1 comment
Closed

same nonce same from same to same amount get the raw tx is same, the tx hash is same too, Are there safety risks and are there any improvement plans? #5121

malingzhao opened this issue Jul 24, 2024 · 1 comment
Labels
I10-unconfirmed Issue might be valid, but it's not yet known.

Comments

@malingzhao
Copy link

malingzhao commented Jul 24, 2024
edited
Loading

https://polkadot.subscan.io/account/15vAJ3YhGph1W8JzmsLujJp3vYyXNfYdq75ynvu3ss8ocw1m
image
If I were a hacker, I would first withdraw an amount to my address. If I get the rawTx, I would keep watching, and then wait for the nonce to become 0 again. When I see that the account has enough money, I Just use the transfer_allow_death method to withdraw money, and there will be this problem.
@github-actions github-actions bot added the I10-unconfirmed Issue might be valid, but it's not yet known. label Jul 24, 2024
@bkchr
Copy link
Member

bkchr commented Jul 26, 2024

This is like a known shortcoming. A potential solution is this: #326

@bkchr bkchr closed this as completed Jul 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
I10-unconfirmed Issue might be valid, but it's not yet known.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bkchr @malingzhao