Smart Contract Security · Term

What is a signature replay attack?

Off-chain signatures let users authorize actions without a transaction, but if a signature can be reused, an attacker can replay it. Here is how signature replay attacks happen and how to stop them.

Smart Contract Security · TermSmart Contract Audit
TL;DR

A signature replay attack reuses a valid cryptographic signature to authorize an action more than once, or in a context it was not meant for. Smart contracts often accept off-chain signatures (for gasless approvals, meta-transactions, permits), and if the signed message lacks a nonce, a deadline, a chain ID, or the contract address, an attacker can replay it, repeating a withdrawal or replaying it on another chain or contract. The fix is binding each signature to a unique, single-use, scoped context (the EIP-712 pattern).

By SecureLayer7 Audit Team, Smart Contract Audit, SecureLayer7Updated

What it is

To save gas and improve UX, contracts let users sign a message off-chain that authorizes an action; someone then submits it on-chain and the contract verifies the signature. Examples include token permits, meta-transactions, and order approvals.

A signature replay attack abuses a signature that is not uniquely scoped. If the same signed message stays valid, it can be submitted again (replay), or used on a different contract or chain that accepts the same format, performing the action repeatedly or where it was never intended.

How it works and example

Replay arises when the signed data omits binding fields:

  • No nonce: a signature authorizing "transfer 100" can be submitted repeatedly, draining the account.
  • No deadline: an old signature stays valid forever and can be used much later.
  • No chain ID: a signature valid on one chain is replayed on another (cross-chain replay).
  • No contract address / domain: a signature for one contract is accepted by another using the same scheme.

The attacker simply re-submits the captured signature. Documented for defensive context.

How to defend

  • Include a unique nonce per signature and mark it used, so each signature works only once.
  • Add a deadline/expiry so old signatures cannot be replayed later.
  • Bind to the chain ID and contract address (the EIP-712 domain separator) to stop cross-chain and cross-contract replay.
  • Use EIP-712 typed structured data rather than raw message signing.
  • Audit every signature-verification path for missing nonce, deadline, or domain binding.

References

  1. [1]SWC Registry: Smart Contract Weakness Classification(SWC Registry)
  2. [2]Ethereum.org: Smart contract security(Ethereum.org)
  3. [3]MITRE CWE-294: Authentication Bypass by Capture-replay(MITRE CWE)
Related terms

Common questions

Smart contract security, asked often

Shipping a contract on-chain soon?

Scope an audit

Get your smart contracts audited before they go on-chain.

Our auditors review your Solidity line by line and model the economic attacks a real adversary would run, then deliver a report your team can act on with every finding reproduced and a fix. Re-test of fixes included.

See smart contract audit30-min scoping call, fixed-price proposal in 48 hours.