From 950ec9596c931055c3e0f2212f2733c9ca07739d Mon Sep 17 00:00:00 2001
From: Dan Finlay <dan@danfinlay.com>
Date: Thu, 7 Dec 2017 16:13:38 -0500
Subject: Do not allow nonces larger than the next valid nonce

To avoid situations where a user signs a transaction that will become
surprisingly valid in the future.
---
 app/scripts/controllers/transactions.js | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'app/scripts/controllers')

diff --git a/app/scripts/controllers/transactions.js b/app/scripts/controllers/transactions.js
index bb408d445..6110b9c75 100644
--- a/app/scripts/controllers/transactions.js
+++ b/app/scripts/controllers/transactions.js
@@ -209,6 +209,10 @@ module.exports = class TransactionController extends EventEmitter {
       nonceLock = await this.nonceTracker.getNonceLock(fromAddress)
       // add nonce to txParams
       const nonce = txMeta.nonceSpecified ? txMeta.txParams.nonce : nonceLock.nextNonce
+      if (nonce > nonceLock.nextNonce) {
+        const message = `Specified nonce may not be larger than account's next valid nonce.`
+        throw new Error(message)
+      }
       txMeta.txParams.nonce = ethUtil.addHexPrefix(nonce.toString(16))
       // add nonce debugging information to txMeta
       txMeta.nonceDetails = nonceLock.nonceDetails
-- 
cgit v1.2.3