Replay Attack, also known as playback attack or retransmission attack, is one of the commonly used attack methods by hackers in the computer world. Initially, it referred to the situation where attackers intercepted data in the Internet and then sent it unchanged to the recipient, mainly used in the identity authentication process to disrupt the correctness of authentication. Even if the information is encrypted, attackers can still launch replay attacks to achieve malicious purposes, such as stealing deposits or account information. In blockchain networks, replay attacks also exist, but the definition of replay attacks on the blockchain is different from that of the traditional Internet, and their manifestations also have corresponding differences.

In blockchain technology, a replay attack refers to "a transaction on one chain is often valid on another chain," usually occurring during a hard fork of the blockchain.

Because the two chains of a hard fork have the same address and private key generation algorithm, and the transaction format is also completely the same, a transaction on one chain is likely to be completely valid on the other chain. This means that transactions initiated on one chain may also be confirmed when rebroadcasted on the other chain. This is called a "replay attack."

A typical example of a replay attack is the Ethereum hard fork. When Ethereum underwent a hard fork, it produced two chains, ETH and ETC, with the transaction data structure being completely the same on both chains. Therefore, if a transaction is verified as valid on ETH, it will also be accepted on ETC, and vice versa. However, due to the lack of pre-planning before the fork, many people exploited this vulnerability and continuously conducted ETH deposits and withdrawals on exchanges to obtain additional ETC. This is how the "replay attack" became well-known in the cryptocurrency community. Therefore, before a hard fork, technical teams usually implement replay protection to invalidate transactions that are replayed on the other forked chain.

There are several measures to defend against blockchain replay attacks:

1. Adding Timestamps

Timestamps ensure that each block on the blockchain is sequentially connected, proving when events occurred on the blockchain, and cannot be tampered with. After introducing timestamps, the previous timestamp can be stored, and in the next request, the two timestamps can be compared. If the timestamp of the current request is the same as or less than the previous timestamp, the request is considered outdated or invalid. Under normal circumstances, the timestamp of the second request should be greater than the previous one, not equal to or less than it. Therefore, setting an appropriate time interval can defend against replay attacks. A larger time interval can accommodate network transmission delays, while a smaller one can prevent replay attacks.

2. Adding Random Numbers

Assign a specific random number to specific information, and store this random number on the server. Before verifying user information, the random number is validated. If the submitted random number is different from the one stored on the server, the information is deemed invalid, preventing replay attacks.

However, this method has certain limitations and requires additional storage of used random numbers. If the recording period is long, the storage and query costs are high.

3. Adding Sequence Numbers

When sharing information, both parties add an incrementing integer. If a discontinuous sequence number is received, it is considered a replay threat.

However, nowadays, many forked coins implement replay protection during the fork, and can basically avoid the threat of replay attacks after the fork.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。