Durable Nonce
A Solana mechanism that replaces a transaction's expiring blockhash with a fixed on-chain nonce, keeping a signed transaction valid indefinitely until it is used.
A durable nonce is a Solana feature that lets a signed transaction stay valid indefinitely, instead of expiring after the normal short window. On a standard Solana transaction, a recent blockhash acts as a freshness stamp and expires after roughly 60–90 seconds. If the transaction is not submitted within that window, it becomes invalid. Durable nonces override that behavior by replacing the expiring blockhash with a fixed on-chain nonce stored in a dedicated nonce account.
Why Durable Nonces Exist
Durable nonces have legitimate uses:
- Offline signing: A transaction can be signed on an air-gapped device and submitted later.
- Scheduled execution: Transactions can be prepared in advance and broadcast at a chosen time.
- Multi-party coordination: Co-signers can collect signatures over a longer period without the transaction expiring.
How They Become a Security Risk
The same property that makes durable nonces useful — decoupling the moment of signing from the moment of execution — also makes them dangerous when combined with social engineering or blind signing.
Because a durable-nonce transaction never expires, an attacker who obtains the required approvals can hold a fully signed, valid transaction dormant and execute it at the most advantageous time. Review at signing time tells you nothing about what will execute later.
This was a central mechanism in the Drift Protocol compromise (April 2026), where pre-signed durable-nonce transactions sat waiting until the attacker had reconfigured the protocol's Security Council and was ready to drain funds.
Defenses
- Never blind-sign durable-nonce transactions; simulate and decode them first.
- Monitor nonce account creation tied to privileged signers.
- Pair durable nonces with timelocks so a separation between signing and execution does not also remove the window to detect and cancel a malicious payload.
Articles Using This Term
Learn more about Durable Nonce in these articles:
Related Terms
Nonce
A random number used once in cryptographic operations, critical for ECDSA signature security and preventing replay attacks.
Blind Signing
The practice of approving blockchain transactions based on UI display without verifying the underlying transaction data.
Multi-signature Wallet
A cryptocurrency wallet requiring multiple private key signatures to authorize transactions, distributing trust.
Private Key
Cryptographic secret that proves ownership and enables spending of cryptocurrency assets on blockchain networks.
Need expert guidance on Durable Nonce?
Our team at Zealynx has deep expertise in blockchain security and DeFi protocols. Whether you need an audit or consultation, we're here to help.
Get a Quote