Last updated: February 06, 2026

SCWE-133: Missing Replay Nonce per Bridge Lane

Stable Version v1.0

This content is in the version-(v1.0) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Relationships

• CWE-294: Authentication Bypass by Capture-replay
  https://cwe.mitre.org/data/definitions/294.html

Description

Bridge receivers that do not track nonces per source chain/sender allow the same message to be replayed, causing duplicate mints or withdrawals. Forked chains can also replay historical messages if lanes are not isolated.

Remediation

• Maintain monotonically increasing nonces per (sourceChain, sourceSender).
• Reject messages with reused or out-of-order nonces.
• Bind nonces into signed payloads or proofs to prevent tampering.

Examples

Vulnerable

function receive(bytes calldata payload) external {
    _execute(payload); // no nonce tracking
}

Fixed

mapping(uint256 => mapping(address => uint256)) public nonce;

function receive(uint256 srcChain, address src, uint256 n, bytes calldata payload) external {
    require(n == nonce[srcChain][src]++, "replay");
    _execute(payload);
}