From ae17f9a5c6e8ef010207cafff52624361a1aacdd Mon Sep 17 00:00:00 2001 From: Trent Nelson Date: Tue, 14 Jan 2020 11:13:09 -0700 Subject: [PATCH] Book: Drop since-fixed nonce known issue (#7789) automerge (cherry picked from commit 564cd4e09d66ae9f780ead25f86ff15eb1213dc9) --- book/src/offline-signing/durable-nonce.md | 26 ----------------------- 1 file changed, 26 deletions(-) diff --git a/book/src/offline-signing/durable-nonce.md b/book/src/offline-signing/durable-nonce.md index 39852c67315407..370ccd77393548 100644 --- a/book/src/offline-signing/durable-nonce.md +++ b/book/src/offline-signing/durable-nonce.md @@ -5,32 +5,6 @@ short lifetime of a transaction's [`recent_blockhash`](../transaction.md#recent- They are implemented as a Solana Program, the mechanics of which can be read about in the [proposal](../implemented-proposals/durable-tx-nonces.md). -## Known Issues - -### Fee Theft Opportunity - -The durable nonce implementation contains a vulernability which allows for fees -to be stolen by a transaction using the feature under certain conditions. If the -transaction fails with an instruction error, the runtime rolls back the step -that advanced the stored nonce, allowing it to be replayed and fees charged. -This can be repeated until the stored nonce is successfully advanced. - -- Mitigation - -To minimize loss of funds, use a low-balance account to pay fees on a durable -nonce transaction. - -If a transaction using the durable nonce feature fails with an instruction error, -immediately submit a new transaction that advances the nonce and will certainly -succeed. The simplest way to do this is with a single-instruction -`NonceInstruction::Nonce` transaction, which can be sent using the CLI -[`new-nonce`](#advancing-the-stored-nonce-value) command. - -- Issue Tracking - -This issue is being actively addressed, progress can be followed on -[Github](https://github.com/solana-labs/solana/issues/7443). - ## Usage Examples Full usage details for durable nonce CLI commands can be found in the