I am new to StarkNet and very excited about the project. Most of my blockchain development experience is centered around the EVM. I have been following Cairo and StarkWare for the past year and have been a bit more hands-on as I’ve been evaluating it for a project.
I have identified a possible issue with transaction hashes on StarkNet Alpha v4 and the Account abstraction. This results in behavior that may be unexpected by folks used to EVM development.
Problem: Buggy signing code or a malicious actor can prevent an Account contract from being used by submitting a StarkNet transaction that fails due to invalid signature. Because StarkNet Alpha v4 does not allow resubmitting/updating a previously submitted transaction hash, a failed contract invocation due to invalid signature can guarantee future failures, even for future properly signed calls with the same transaction hash (same nonce + parameters).
Potential Solutions: StarkNet should allow reprocessing of same transaction hash or the Account contract should support nonces > current_nonce
Steps to reproduce:
- Deploy Account contract
- submit an execute transaction invoking a specific external contract, such as the Counter contract (GitHub - fracek/starknet-react-example) with an increment of 1, but with an invalid signature
- The transaction fails due to invalid signature
- Reinvoke the same call with the same nonce + arguments, but include a valid signature
- The transaction will not be reprocessed on StarkNet Alpha v4
Workaround: After the failed invocation with the bad signature, Invoke a different contract with a correct signature, which forces the nonce to increment, and you can make a successful invocation with the newly updated nonce
Note: It is unclear to me if the problem can occur with a correct signature. For example, if Alice makes an invocation that fails for some other reason, like an assertion failing due to a contract state. Then say the state on the target contract is updated by Bob, which should result in a success should Alice attempt to make the same call again. Alice’s invocation could fail because StarkNet Alpha v4 will not reprocess the transaction due to having the same transaction hash.
Background: Adding User Authentication — Cairo documentation
I am wondering what sort of mitigation is possible for the failed signature problem or other issues related to duplicate transaction hashes?
I’ve posted it as a Github issue, however it is unclear whether this should be addressed at the Account level or at the StarkNet level: Failed transactions can't be reprocessed due to current_nonce logic · Issue #112 · OpenZeppelin/cairo-contracts · GitHub
The most adversarial concern I can think of would be if there is a particular account contract with a significant amount of trading activity, a malicious actor could target this Account by spamming the network with a range of possible contract calls with a variety of plausible parameters and nonces, but with an invalid signature. This could effectively block their trades as it creates many transaction hashes that won’t get reprocessed.
It is also unclear whether this is a non-issue and is mitigated in some other way.
Additionally, I have published a minimal demo attempting to explain the transaction hash behavior: GitHub - hubsmoke/starknet-tx-hash-demo: This repo demonstrates an important StarkNet concept with regard to transaction hashes and how they are processed by StarkNet Alpha v4.
I am wondering whether these issues are valid for discussion and worth including as reference for beginners. Totally open to feedback as I want to learn more about this platform.