Incorrect Nonce Update (Signature Replay Attack)

What it detects

This detector searches for signature verification logic that fails to increment or store the used nonce. Attackers can replay old signatures to repeat privileged actions.

Typical symptoms

Nonce value read but never updated
Multiple transactions succeed with the same signature

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract Signing {
    mapping(address => uint256) public nonces;
    
    function exec(address user, uint8 v, bytes32 r, bytes32 s) external {
        // nonce not incremented after use
        bytes32 hash = keccak256(abi.encode(user, nonces[user]));
        address signer = ecrecover(hash, v, r, s);
        require(signer == user, "bad sig");
    }
}

Why it matters on EVM

Without proper nonce updates, attackers can replicate actions and drain funds or change state repeatedly with the same signed message.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM