We want to let you know that a breaking change to transaction signing that could impact your development team has been deployed. This is a critical update that was actioned with the 6/23/2021 MainNet Spork in order to address a potential security issue. We will share more details in the future and apologize for the sudden roll out, but addressing the security patch and ensuring network safety was our top priority.
This change is currently deployed across all networks.
Who/What This Impacts
- This impacts transaction signing.
- We previously allowed signing the transaction with the same account key multiple times. In particular, we allowed signing the transaction
Payload
and the transactionEnvelope
with the same account key, even though it wasn’t necessary to do this. Signing just the envelope was sufficient. - This is now changed so that using the same account key for signing more than once will produce an error. In particular, signing both
Payload
andEnvelope
with the same account key will produce an error.
Why This Change Happened
- The change happened to address a security issue, which prompted our team take action quickly
Action Required
- Generally, there is no action required.
- If you notice your transactions failing with the error “duplicated signature for key” make sure you are not signing with the same account key index more than once or signing the
Payload
and theEnvelope
of the transaction with the same account key.
If you have any questions regarding this breaking change, please ask our team in Discord for further assistance.
Thank you,
The Flow Team