We want to let you know that a breaking change to transaction signing that could impact your development team has been deployed. This is a critical update that was actioned with the 6/23/2021 MainNet Spork in order to address a potential security issue. We will share more details in the future and apologize for the sudden roll out, but addressing the security patch and ensuring network safety was our top priority.
This change is currently deployed across all networks.
Who/What This Impacts
- This impacts transaction signing.
- We previously allowed signing the transaction with the same account key multiple times. In particular, we allowed signing the transaction
Payloadand the transaction
Envelopewith the same account key, even though it wasn’t necessary to do this. Signing just the envelope was sufficient.
- This is now changed so that using the same account key for signing more than once will produce an error. In particular, signing both
Envelopewith the same account key will produce an error.
Why This Change Happened
- The change happened to address a security issue, which prompted our team take action quickly
- Generally, there is no action required.
- If you notice your transactions failing with the error “duplicated signature for key” make sure you are not signing with the same account key index more than once or signing the
Envelopeof the transaction with the same account key.
If you have any questions regarding this breaking change, please ask our team in Discord for further assistance.
The Flow Team