Nonce Kit Autor: lalit
Warn before signing durable-nonce Solana transactions.
Metapodaci proširenja
Informacije o ovom proširenju
Nonce Kit blocks the wallet popup until you confirm, when a Solana dApp asks you to sign a durable-nonce transaction. Standard transactions pass through unchanged with a small toast notification.
WHY IT MATTERS
A normal Solana transaction expires in about 60 seconds when its recent blockhash rotates. A durable-nonce transaction does not — its first instruction is SystemProgram.AdvanceNonceAccount, which keeps the same signed bytes valid for days or weeks after you sign.
That flexibility is useful for offline signing and multisig. On a random dApp, it's a footgun:
• A phishing site can collect your signature today and submit it next week at a worse price.
• A "harmless" approval can be held until a token unlock or governance vote.
• Bytes can be replayed against a wallet long after you sign.
WHAT IT DOES
When the dApp calls signTransaction, signAllTransactions, signAndSendTransaction, or sendTransaction with a durable-nonce transaction, Nonce Kit intercepts the call BEFORE the wallet popup opens and shows a hard modal with:
• The wallet name making the request
• Fee payer, nonce account, nonce authority
• Instruction count, signer count, program IDs
You choose Block (the dApp gets a rejection, wallet is never prompted) or Sign anyway (your wallet popup opens normally).
Standard recent-blockhash transactions get a small top-right toast and pass straight through. Nothing slows down for normal use.
WALLETS COVERED
• Phantom, Solflare, Backpack, Glow (legacy window.solana and named globals)
• Any Wallet Standard wallet (registers via wallet-standard:register-wallet)
• Late-injected wallets via MutationObserver
PRIVACY AND PERMISSIONS
• No data collection. No telemetry. No analytics.
• No network access. No storage. No background script.
• Single content script, ~12 KB, zero runtime dependencies.
• Modal renders in a closed shadow DOM so hostile pages cannot programmatically dismiss it.
• Fail-closed: if the page tries to remove the modal, or you don't respond within 90 seconds, the transaction is blocked.
LIMITATIONS
• signMessage (off-chain message signing) is not gated.
• Wallets that route signing through methods outside the four hooked above will bypass silently — your wallet's own approval popup is the last line of defense there.
Source: https://github.com/lalitcap23/nonce-kit
WHY IT MATTERS
A normal Solana transaction expires in about 60 seconds when its recent blockhash rotates. A durable-nonce transaction does not — its first instruction is SystemProgram.AdvanceNonceAccount, which keeps the same signed bytes valid for days or weeks after you sign.
That flexibility is useful for offline signing and multisig. On a random dApp, it's a footgun:
• A phishing site can collect your signature today and submit it next week at a worse price.
• A "harmless" approval can be held until a token unlock or governance vote.
• Bytes can be replayed against a wallet long after you sign.
WHAT IT DOES
When the dApp calls signTransaction, signAllTransactions, signAndSendTransaction, or sendTransaction with a durable-nonce transaction, Nonce Kit intercepts the call BEFORE the wallet popup opens and shows a hard modal with:
• The wallet name making the request
• Fee payer, nonce account, nonce authority
• Instruction count, signer count, program IDs
You choose Block (the dApp gets a rejection, wallet is never prompted) or Sign anyway (your wallet popup opens normally).
Standard recent-blockhash transactions get a small top-right toast and pass straight through. Nothing slows down for normal use.
WALLETS COVERED
• Phantom, Solflare, Backpack, Glow (legacy window.solana and named globals)
• Any Wallet Standard wallet (registers via wallet-standard:register-wallet)
• Late-injected wallets via MutationObserver
PRIVACY AND PERMISSIONS
• No data collection. No telemetry. No analytics.
• No network access. No storage. No background script.
• Single content script, ~12 KB, zero runtime dependencies.
• Modal renders in a closed shadow DOM so hostile pages cannot programmatically dismiss it.
• Fail-closed: if the page tries to remove the modal, or you don't respond within 90 seconds, the transaction is blocked.
LIMITATIONS
• signMessage (off-chain message signing) is not gated.
• Wallets that route signing through methods outside the four hooked above will bypass silently — your wallet's own approval popup is the last line of defense there.
Source: https://github.com/lalitcap23/nonce-kit
Ocjena 0 od 0 recenzenta
Dozvole i podaci
Potrebne dozvole:
- Pristup tvojim podacima za sve web stranice
Prikupljanje podataka:
- Programer kaže da ovo proširenje ne zahtijeva prikupljanje podataka.
Daljnje informacije
- Poveznice dodatka
- Verzija
- 0.1.0
- Veličina
- 13,29 KB
- Zadnje aktualiziranje
- prije 5 dana (24. svi. 2026)
- Povezane kategorije
- Licenca
- Mozilla javna licenca 2.0
- Povijest verzija
- Dodaj u zbirku