You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
and may fail due to the requested value transfer exceeding the actual available amount,
and an arbitrary flag may be provided.
Recommendation
Consider checking if the +2 modifier is applied to the message flag.
Q&A
Why AbiHeader expire is not helpful?
A transaction may be replayed several times in one block.
Why replay protection is not working?
The protection uses contract storage to prevent replay. Storage modifications are reverted if a transaction is reverted.
Why draining is possible?
Although a transaction reverts, the contract is charged for the execution as tvm.accept() was called.
The text was updated successfully, but these errors were encountered:
What is the issue?
As it is stated here, if transaction
tvm.accept()call),action phase,+2flag modifier,a validator may replay the transaction and drain the value stored on the contract.
Why is it applicable?
Account - sendTransaction()
Recommendation
Consider checking if the
+2modifier is applied to the message flag.Q&A
Why
AbiHeader expireis not helpful?A transaction may be replayed several times in one block.
Why replay protection is not working?
The protection uses contract storage to prevent replay. Storage modifications are reverted if a transaction is reverted.
Why draining is possible?
Although a transaction reverts, the contract is charged for the execution as
tvm.accept()was called.The text was updated successfully, but these errors were encountered: