Nonce Explained in Detail
A nonce is a value that should be accepted only once. Smart contracts use nonces in signed approvals, orders, withdrawals, account abstraction operations, bridge messages, and replay protection.
Nonces can be sequential, keyed, bitmap-based, or message-specific.
Smart contract example
uint256 nonce = nonces[user];
bytes32 digest = hash(user, amount, nonce);
The nonce should be consumed only when the authorization is accepted.
Nonce in Auditing
Nonce bugs often become replay bugs. If the nonce is missing, not consumed, consumed too late, or shared across the wrong scope, attackers may reuse valid approvals.
Auditors check what each nonce protects and when it changes.
Red flags in code
-
Signed data does not include a nonce.
-
A global nonce is used when per-user nonces are needed.
-
Nonce is consumed before validation or after an external call.
-
Canceled nonces can still be used.
-
The same nonce space is reused across chains or contracts.
How to test or review it
-
Replay the same signature, order, or message twice.
-
Test nonce cancellation and invalidation.
-
Check parallel nonce lanes if supported.
-
Mutate user, chain, contract, and action context.
-
Confirm failed operations do not consume nonces unless intentionally designed.