[BE-W3A-103] Web3 Signature Security and Auditing - Step 103

[soomtochukwu]

Implement Replay Attack Mitigations using One-Time Nonces

• Category: Backend: Web3 Auth & Stellar Signatures
• Task ID: BE-W3A-103

Description

This issue is dedicated to the technical design, implementation, and rigorous auditing of 'Implement Replay Attack Mitigations using One-Time Nonces' inside the Lance marketplace ecosystem, specifically focusing on the Backend: Web3 Auth & Stellar Signatures component. You must implement strict input sanitization, validate data structure boundaries, and prevent common exploit vectors such as replay attacks, front-running, or address poisoning. Make sure to integrate standard cryptographic safety wrappers and enforce rigid auth gating rules. Ensure that your implementation strictly adheres to the project's architectural guidelines, features self-documenting code with comprehensive inline annotations, and provides solid verification proofs. Any modifications to state variables must undergo strict validation before commits.

Requirements

• Implement signature validation and session routing inside backend/src/routes/auth.rs for Implement Replay Attack Mitigations using One-Time Nonces.
• Decode and validate Stellar public addresses securely, checking checksum bytes using dynamic decoders.
• Integrate Redis client helpers or secure cookies parameters inside the Axum route state.
• Write comprehensive test mockups to verify signature validations and challenge timelines.

Acceptance Criteria

• Login succeeds with Freighter wallet signatures that conform to SEP-53 standard.
• Incorrect signatures or expired challenges are rejected with a strict 401 Unauthorized status.
• Redis blacklist lookups execute within 1ms and effectively block revoked sessions.

[manasehstephen131-ops]

@manasehstephen131-ops has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

hello maintainer please i would like to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @manasehstephen131-ops to this issue.

[Johnpii1]

@Johnpii1 has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hello Sir,

I recently came across your project and I’m very interested in contributing to the team.

I have experience working with React to build responsive and user-friendly interfaces, and I also have a solid understanding of smart contracts and blockchain fundamentals. I enjoy writing clean, scalable code and focusing on improving overall user experience.

I’m a fast learner, highly motivated, and available to get started immediately. I would appreciate the opportunity to contribute and would be glad to discuss the next steps.

Thank you for your time and consideration. I look forward to hearing from you.

Best regards,
Johnpaul

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Johnpii1 to this issue.

[drips-wave]

Congratulations, @Johnpii1! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @Johnpii1: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[drips-wave]

This issue has been completed by @Johnpii1 as part of the Stellar Wave Program's 5th Wave 🥳

😎 @Johnpii1: You earned 200 Points for completing this issue! After the current Wave ends, you'll be eligible for a percentage of the Wave's reward pool based on the percentage of total points you've earned. Learn more here. You can also Leave a review to share your experience working on this issue.

🧑‍💻 Repo maintainers: How'd the contributor do? Leave a review to share your experience working with them.