Ethereum Series — Understanding Nonce

Manan Patel
Aug 6, 2019 · 4 min read
(source — beppegrillo.it)

The nonce is one of the most important and least understood component of an ethereum transaction.

As defined by Ethereum Yellow Paper, nonce is -

A scalar value equal to the number of transactions sent from this address or, in the case of accounts with associated code, the number of contract-creations made by this account.

As per the definition, nonce is a property of transaction originating address. It is not stored on the ethereum blockchain, but rather calculated by counting the number of transactions sent from an address.

An ethereum transaction is composed of following components —

{
"nonce" : 'how many confirmed transactions this account has sent previously?',

Disclaimer — This is an abstract version of ethereum transaction structure. In reality, it is not composed in JSON like structure, rather is serialized using Recursive Length Prefix (RLP) encoding scheme. Also, field labels are not part of actual serialized transaction, but shown here for clarity.

Problems that nonce helps solving

Order of transactions

Ethereum is a decentralised network of nodes. When you send a transaction to the ethereum blockchain using a wallet provider like Infura or Metamask, it gets sent into the mempool until some miner mines it and includes it in a valid block. Suppose you want to send 2 transactions transferring 10 and 14 ETH respectively and want them to be mined sequentially. You would not wait after sending one transaction till it gets mined and included in a block. Instead, you would send out both transactions one after the other.

Now without nonce, it would be impossible for miners to know your intent of maintaining the order of transactions. However with nonce, if your first transaction (10 ETH) has nonce 0 (assuming its a new account) then 14 ETH transaction will have nonce 1. Now, transaction with 14 ETH won’t be mined unless previous transaction of 10 ETH (with lower nonce) is mined. Hence, maintaining the sequence of transactions.

Prevention of Replay Attacks

Say you want to swap 10 ETH for 2000 DAI in Uniswap. Currently, your account balance is 200 ETH (wow!!). To swap 10 ETH, you signed a transaction sending 10 ETH to the ETH/DAI Uniswap Exchange and broadcasted into the blockchain.

In absence of nonce, your above transaction structure would look something like this

{

when above transaction is serialised to be sent to blockchain, it is converted (say) following bytes of transaction data

25de0d5a1693d4e45ce0305d42774b5bf73cbd9e14230194c35545e0f01ee45ce0305d42774b5bf73cbd9e0d5a1693d4e45ce0305d427

Then this transaction is sent to blockchain and mined. Once, transaction is mined, you receive your 2000 DAI. This data is visible on blockchain to anyone. So, anyone can copy and paste this transaction data and send to the network, thus executing what is called ‘replay’ attack on your account. Thus draining your ETH reserves.

By including the nonce in the transaction data, each transaction data output is unique even if all other variable remains same. So, if someone tries to carry out ‘replay’ attack, miners reject that transaction as ‘duplicate’ transaction (since the nonce has been used before for previous transaction). Hence, this way, nonce helps prevent such replay attacks.

Trouble with nonces

Using multiple wallet sources concurrently for the same account

Practically, nonce is the count of all confirmed transactions from an EOA (externally-owned account) on the ethereum blockchain. Since, nonce is not stored on blockchain but rather calculated dynamically by counting total confirmed transactions for an account, (ideally) your chosen wallet app takes care of nonce management for you. And this works almost perfect as long as that wallet app is the single source of your account’s interface to the blockchain. As soon as you start using other wallets to use with the same account, things gets complicated, since all wallets have their own state of nonces for that account.

Tracking nonces

Consider another scenario where you are tasked with airdropping ERC20 tokens to 1000 survey participants. Doing it manually using Metamask or other wallets is not feasible and inconvenient.

Ideally, you would write some script or develop some application to do that. Thus, you would need to maintain your own nonce tracker (piece of code that sequentially and incrementally generates next nonce for a given account for a new transaction) or use some third party nonce tracking library like that provided by Metamask (see below).

Gaps in nonces

If there are gaps in nonces, all next transactions sits in the mempool waiting for the gap to be filled. (e.g.) if total transaction confirmation count for account X is 8 (nonce = 8), and transaction with nonce 10 from account X is broadcasted to network, it will sit in mempool till another transaction from account X with nonce 9 is broadcasted and mined. Thus, filling the gap.

In conclusion, nonce is very powerful component that provides lots of benefits and helps maintain proper functioning of Ethereum network. As an ethereum Dapp developer it is important to understand and acknowledge its importance to create great user experiences and avoid troubles discussed above.

The Startup

Get smarter at building your thing. Join The Startup’s +724K followers.

Manan Patel

Written by

Passionate Technologist. I write about startups, blockchains, AI and productivity.

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +724K followers.

Manan Patel

Written by

Passionate Technologist. I write about startups, blockchains, AI and productivity.

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +724K followers.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store