Skip to content

faremeter/solana-exact-race-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src
src
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package.json
package.json
 
 
pnpm-lock.yaml
pnpm-lock.yaml
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Solana Exact Race Demo

Demonstrates a replay vulnerability in the Solana Exact payment scheme where the same signed transaction can be submitted multiple times, granting access for each request while only one transaction settles on-chain.

The Issue

Without duplicate transaction checking, a client can:

  1. Request a protected resource and receive 402 with payment requirements
  2. Build and sign a single valid payment transaction
  3. Send the same payment header to multiple parallel requests
  4. Get successful responses for all requests (only paying once)

Setup

pnpm install
cp .env.example .env

Edit .env with your keypair paths and server URL.

Run

Against an existing server:

pnpm demo

Or run a local test server:

pnpm run-server
pnpm demo

The demo fires 10 parallel requests with the same payment. If multiple succeed, the vulnerability is present.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages