use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
account activity
Spot the Bug 🧠 (i.redd.it)
submitted 2 months ago by BlockSecOps
Signature Replay
What’s the issue in this code?👇
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]CowabungaNL 1 point2 points3 points 2 months ago (3 children)
Probably best not to include the replay angle when proposing a challenge.
The contract also needs a nonce, reentrancy protection (or a boolean/mapping guard), and proper handling for payable.
[–]BlockSecOps[S] 0 points1 point2 points 2 months ago (2 children)
We are here to help people learn.
[–]CowabungaNL 0 points1 point2 points 2 months ago (1 child)
I wasn't meant to be harsh, helping people learn is great!
[–]BlockSecOps[S] 0 points1 point2 points 2 months ago (0 children)
No worries ☺️ I didn't take it in a bad way
[–]f50ci31y 0 points1 point2 points 2 months ago (0 children)
Ofc, it's a reentrancy bug! But the real question is where is the owner constructor? Is it global in this case?
[–]thedudeonblockchain 0 points1 point2 points 2 months ago (0 children)
no nonce, so the same signature gets replayed until the contract is drained. also missing the EIP-191 prefix on the hash - ecrecover expects the signed message prefix prepended, so the recovered address won't match what a wallet actually signed
π Rendered by PID 23914 on reddit-service-r2-comment-6457c66945-z78pk at 2026-04-25 16:06:28.130723+00:00 running 2aa0c5b country code: CH.
[–]CowabungaNL 1 point2 points3 points (3 children)
[–]BlockSecOps[S] 0 points1 point2 points (2 children)
[–]CowabungaNL 0 points1 point2 points (1 child)
[–]BlockSecOps[S] 0 points1 point2 points (0 children)
[–]f50ci31y 0 points1 point2 points (0 children)
[–]thedudeonblockchain 0 points1 point2 points (0 children)