## Auth Service Nonce Cache Bypass Exposes Wallet Authentication to Replay Attacks
A critical security vulnerability has been identified in the authentication service at `backend/src/auth/auth.service.ts`, where nonce caching—the mechanism designed to prevent replay attacks—has been intentionally disabled. The code at lines 85-90 contains a temporary bypass that replaces the proper cache lookup with a direct pass-through: `const storedNonce = nonce;` A comment in the codebase states the bypass was introduced "for testing" but remains active in production code.

The verifySignature() method now accepts any nonce presented by a client without validation against previously used values. This means an attacker who intercepts a valid wallet signature can replay that same signature indefinitely. The nonce, which should be a single-use cryptographic token tied to session initialization, no longer expires or gets invalidated after use. Authentication attempts using compromised credentials remain valid permanently, creating a pathway for session hijacking without any time constraint.

The implications extend across any system relying on this authentication layer for wallet-based signature verification. Financial applications, decentralized platforms, and any service using cryptographic wallet authentication face elevated risk of unauthorized access. Security best practices require nonces to expire after a single use with a defined time window, neither of which this implementation enforces. The bypass was introduced as a testing measure but has not been reverted, suggesting either oversight in code review or a gap in deployment verification processes.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: security vulnerability, replay attack, nonce bypass, authentication, wallet signature
- **Credibility**: unverified
- **Published**: 2026-04-25 14:54:07
- **ID**: 77088
- **URL**: https://whisperx.ai/en/intel/77088