Skip to content

Update EIP-8130: prevent cross-sender payer signature replay#11591

Open
pochenai wants to merge 1 commit intoethereum:masterfrom
pochenai:po-okx/payer_replay_security_issue
Open

Update EIP-8130: prevent cross-sender payer signature replay#11591
pochenai wants to merge 1 commit intoethereum:masterfrom
pochenai:po-okx/payer_replay_security_issue

Conversation

@pochenai
Copy link
Copy Markdown

@pochenai pochenai commented May 2, 2026

The payer signature hash includes a from field, but the spec did not say what to put there in the EOA path where from is empty in the wire format. If from were encoded as empty, two different EOAs with otherwise identical tx data would produce identical payer hashes, letting a second EOA reuse a payer signature meant for the first and drain the payer's gas deposit. Require substituting the recovered sender address into the from position before hashing, and document the threat in Security Considerations.

ATTENTION: ERC-RELATED PULL REQUESTS NOW OCCUR IN ETHEREUM/ERCS

--

When opening a pull request to submit a new EIP, please use the suggested template: https://github.com/ethereum/EIPs/blob/master/eip-template.md

We have a GitHub bot that automatically merges some PRs. It will merge yours immediately if certain criteria are met:

  • The PR edits only existing draft PRs.
  • The build passes.
  • Your GitHub username or email address is listed in the 'author' header of all affected PRs, inside .
  • If matching on email address, the email address is the one publicly listed on your GitHub profile.

@pochenai @claude
Update EIP-8130: prevent cross-sender payer signature replay
7371389 
The payer signature hash includes a `from` field, but the spec did not
say what to put there in the EOA path where `from` is empty in the
wire format. If `from` were encoded as empty, two different EOAs with
otherwise identical tx data would produce identical payer hashes,
letting a second EOA reuse a payer signature meant for the first and
drain the payer's gas deposit. Require substituting the recovered
sender address into the `from` position before hashing, and document
the threat in Security Considerations.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@pochenai pochenai requested a review from eth-bot as a code owner May 2, 2026 09:55
@github-actions github-actions Bot added c-update Modifies an existing proposal s-draft This EIP is a Draft t-core labels May 2, 2026
@eth-bot
Copy link
Copy Markdown
Collaborator

eth-bot commented May 2, 2026
edited
Loading

File EIPS/eip-8130.md

Requires 1 more reviewers from @chunter-cb

@eth-bot eth-bot added the a-review Waiting on author to review label May 2, 2026
@pochenai
Copy link
Copy Markdown
Author

pochenai commented May 2, 2026

It's a critical issue, please review when you are available @chunter-cb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eth-bot eth-bot Awaiting requested review from eth-bot eth-bot is a code owner

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

a-review Waiting on author to review c-update Modifies an existing proposal s-draft This EIP is a Draft t-core

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pochenai @eth-bot