Why do we need Nonce with transaction!?
I - Definition.
"Nonce" is the total number of sent transactions from an account address or, in the case of accounts with associated code, the number of contract-reactions made by this account.
An Ethereum is composed of the following components:
{
"nonce" : 'how many confirmed transactions this account has sent previously?',
"gasPrice" : 'price of gas (in wei) the originator is willing to pay for this transaction',
"to": 'recipient of this transaction(either smart contract or EOA)',
"value": 'how much ether this transaction pays',
"data": 'any binary data payload',
"v,r,s": 'three components of ECDSA signature of originating account holder'
}
II - Efficiency of Nonce
Order of transactions
When you send a transaction to Ethereum blockchain, it gets sent into a mempool until some miner mines it and includes it in a valid block. Suppose you send out 2 transactions respectively and want them will be mined in sequentially as below: You would not wait after sending "transaction 1" till it gets mined and included in a block. Instead, you would send out both transactions one after the other. Now without nonce, it would be impossible for miners to know your intent of maintaining the order of transactions.
Let's see how "Nonce" helps: if your "transaction 1" has nonce 0 (assuming its a new account) then "transaction 2" will have nonce 1. Now, "transaction 2" won’t be mined unless previous "transaction 1" (with lower nonce) is mined. Hence, maintaining the sequence of transactions.
Prevention of Replay Attacks
Say you want to swap 10 ETH for 2000 DAI in Uniswap. Currently, your account balance is 200 ETH (wow!!). To swap 10 ETH, you signed a transaction sending 10 ETH to the ETH/DAI Uniswap Exchange and broadcasted into the blockchain. In absence of nonce, your above transaction structure would look something like this
{
"gasPrice" : "10000000000",
"to": "0xdaeb8d6348e30677955f8127759a66443a99fe1f,
"value": "10000000000000000000",
"data": "",
"v,r,s": "some bytes of your ECDSA signature"
}
when above transaction is serialised to be sent to blockchain, it is converted (say) following bytes of transaction data
5de0d5a1693d4e45ce0305d42774b5bf73cbd9e14230194c35545e0f01ee45ce0305d42774b5bf73cbd9e0d5a1693d4e45ce0305d427
Then this transaction is sent to blockchain and mined. Once, transaction is mined, you receive your 2000 DAI. This data is visible on blockchain to anyone. So, anyone can copy and paste this transaction data and send to the network, thus executing what is called ‘replay’ attack on your account. Thus draining your ETH reserves. By including the nonce in the transaction data, each transaction data output is unique even if all other variable remains same. So, if someone tries to carry out ‘replay’ attack, miners reject that transaction as ‘duplicate’ transaction (since the nonce has been used before for previous transaction). Hence, this way, nonce helps prevent such replay attacks. Reference:https://medium.com/swlh/ethereum-series-understanding-nonce-3858194b39bf