# signature replay attacks succeed when contracts verify signatures without tracking processed message hashes When a contract verifies a signature but does not record which message hashes have been processed, the same signed message can be submitted repeatedly. Three defense mechanisms exist: tracking processed hashes in a mapping, including the contract address in the signed data (preventing cross-contract replay), and including a nonce (preventing same-contract replay). Since [[signature malleability allows replay by computing complementary ECDSA signatures without the private key]], even tracking raw signatures is insufficient — the signed hash itself must be tracked. EIP-712 provides a standardized approach to structured signature data that includes chain ID and contract address. When constructing hashes for signing, since [[abi.encodePacked concatenates types shorter than 32 bytes without padding creating collision risks]], using packed encoding to construct the signed message allows attackers to craft different inputs that produce the same hash. --- Relevant Notes: - [[signature malleability allows replay by computing complementary ECDSA signatures without the private key]] — one mechanism enabling replay - [[ecrecover returns address zero on invalid signatures which matches uninitialized address variables creating false authorization]] — another signature verification failure mode - [[abi.encodePacked concatenates types shorter than 32 bytes without padding creating collision risks]] — packed encoding in signed message construction enables hash collision attacks Topics: - [[vulnerability-patterns]]