Frankie Pham's Blog

Why do we need Nonce with transaction!?

Frankie Pham's photo
Frankie Pham
·

3 min read

I - Definition.

"Nonce" is the total number of sent transactions from an account address or, in the case of accounts with associated code, the number of contract-reactions made by this account.

An Ethereum is composed of the following components:

{
  "nonce" : 'how many confirmed transactions this account has sent previously?',

 "gasPrice" : 'price of gas (in wei) the originator is willing to pay for this transaction',

 "to": 'recipient of this transaction(either smart contract or EOA)',

 "value": 'how much ether this transaction pays',

 "data": 'any binary data payload',

 "v,r,s": 'three components of ECDSA signature of originating account holder'
}

II - Efficiency of Nonce

Order of transactions

When you send a transaction to Ethereum blockchain, it gets sent into a mempool until some miner mines it and includes it in a valid block. Suppose you send out 2 transactions respectively and want them will be mined in sequentially as below: image.png image.png You would not wait after sending "transaction 1" till it gets mined and included in a block. Instead, you would send out both transactions one after the other. Now without nonce, it would be impossible for miners to know your intent of maintaining the order of transactions.

Let's see how "Nonce" helps: image.png image.png if your "transaction 1" has nonce 0 (assuming its a new account) then "transaction 2" will have nonce 1. Now, "transaction 2" won’t be mined unless previous "transaction 1" (with lower nonce) is mined. Hence, maintaining the sequence of transactions.

Prevention of Replay Attacks

Say you want to swap 10 ETH for 2000 DAI in Uniswap. Currently, your account balance is 200 ETH (wow!!). To swap 10 ETH, you signed a transaction sending 10 ETH to the ETH/DAI Uniswap Exchange and broadcasted into the blockchain. In absence of nonce, your above transaction structure would look something like this

{
"gasPrice" : "10000000000",
"to": "0xdaeb8d6348e30677955f8127759a66443a99fe1f,
"value": "10000000000000000000",
"data": "",
"v,r,s": "some bytes of your ECDSA signature"
}

when above transaction is serialised to be sent to blockchain, it is converted (say) following bytes of transaction data

5de0d5a1693d4e45ce0305d42774b5bf73cbd9e14230194c35545e0f01ee45ce0305d42774b5bf73cbd9e0d5a1693d4e45ce0305d427

Then this transaction is sent to blockchain and mined. Once, transaction is mined, you receive your 2000 DAI. This data is visible on blockchain to anyone. So, anyone can copy and paste this transaction data and send to the network, thus executing what is called ‘replay’ attack on your account. Thus draining your ETH reserves. By including the nonce in the transaction data, each transaction data output is unique even if all other variable remains same. So, if someone tries to carry out ‘replay’ attack, miners reject that transaction as ‘duplicate’ transaction (since the nonce has been used before for previous transaction). Hence, this way, nonce helps prevent such replay attacks. Reference:https://medium.com/swlh/ethereum-series-understanding-nonce-3858194b39bf

SolidityEthereumBlockchain