Nonce Kit ์ ์์: lalit
Warn before signing durable-nonce Solana transactions.
ํ์ฅ ๋ฉํ ๋ฐ์ดํฐ
์ ๋ณด
Nonce Kit blocks the wallet popup until you confirm, when a Solana dApp asks you to sign a durable-nonce transaction. Standard transactions pass through unchanged with a small toast notification.
WHY IT MATTERS
A normal Solana transaction expires in about 60 seconds when its recent blockhash rotates. A durable-nonce transaction does not โ its first instruction is SystemProgram.AdvanceNonceAccount, which keeps the same signed bytes valid for days or weeks after you sign.
That flexibility is useful for offline signing and multisig. On a random dApp, it's a footgun:
โข A phishing site can collect your signature today and submit it next week at a worse price.
โข A "harmless" approval can be held until a token unlock or governance vote.
โข Bytes can be replayed against a wallet long after you sign.
WHAT IT DOES
When the dApp calls signTransaction, signAllTransactions, signAndSendTransaction, or sendTransaction with a durable-nonce transaction, Nonce Kit intercepts the call BEFORE the wallet popup opens and shows a hard modal with:
โข The wallet name making the request
โข Fee payer, nonce account, nonce authority
โข Instruction count, signer count, program IDs
You choose Block (the dApp gets a rejection, wallet is never prompted) or Sign anyway (your wallet popup opens normally).
Standard recent-blockhash transactions get a small top-right toast and pass straight through. Nothing slows down for normal use.
WALLETS COVERED
โข Phantom, Solflare, Backpack, Glow (legacy window.solana and named globals)
โข Any Wallet Standard wallet (registers via wallet-standard:register-wallet)
โข Late-injected wallets via MutationObserver
PRIVACY AND PERMISSIONS
โข No data collection. No telemetry. No analytics.
โข No network access. No storage. No background script.
โข Single content script, ~12 KB, zero runtime dependencies.
โข Modal renders in a closed shadow DOM so hostile pages cannot programmatically dismiss it.
โข Fail-closed: if the page tries to remove the modal, or you don't respond within 90 seconds, the transaction is blocked.
LIMITATIONS
โข signMessage (off-chain message signing) is not gated.
โข Wallets that route signing through methods outside the four hooked above will bypass silently โ your wallet's own approval popup is the last line of defense there.
Source: https://github.com/lalitcap23/nonce-kit
WHY IT MATTERS
A normal Solana transaction expires in about 60 seconds when its recent blockhash rotates. A durable-nonce transaction does not โ its first instruction is SystemProgram.AdvanceNonceAccount, which keeps the same signed bytes valid for days or weeks after you sign.
That flexibility is useful for offline signing and multisig. On a random dApp, it's a footgun:
โข A phishing site can collect your signature today and submit it next week at a worse price.
โข A "harmless" approval can be held until a token unlock or governance vote.
โข Bytes can be replayed against a wallet long after you sign.
WHAT IT DOES
When the dApp calls signTransaction, signAllTransactions, signAndSendTransaction, or sendTransaction with a durable-nonce transaction, Nonce Kit intercepts the call BEFORE the wallet popup opens and shows a hard modal with:
โข The wallet name making the request
โข Fee payer, nonce account, nonce authority
โข Instruction count, signer count, program IDs
You choose Block (the dApp gets a rejection, wallet is never prompted) or Sign anyway (your wallet popup opens normally).
Standard recent-blockhash transactions get a small top-right toast and pass straight through. Nothing slows down for normal use.
WALLETS COVERED
โข Phantom, Solflare, Backpack, Glow (legacy window.solana and named globals)
โข Any Wallet Standard wallet (registers via wallet-standard:register-wallet)
โข Late-injected wallets via MutationObserver
PRIVACY AND PERMISSIONS
โข No data collection. No telemetry. No analytics.
โข No network access. No storage. No background script.
โข Single content script, ~12 KB, zero runtime dependencies.
โข Modal renders in a closed shadow DOM so hostile pages cannot programmatically dismiss it.
โข Fail-closed: if the page tries to remove the modal, or you don't respond within 90 seconds, the transaction is blocked.
LIMITATIONS
โข signMessage (off-chain message signing) is not gated.
โข Wallets that route signing through methods outside the four hooked above will bypass silently โ your wallet's own approval popup is the last line of defense there.
Source: https://github.com/lalitcap23/nonce-kit
0๋ช
์ด 0์ ์ผ๋ก ํ๊ฐํจ
๊ถํ ๋ฐ ๋ฐ์ดํฐ
ํ์ ๊ถํ:
- ๋ชจ๋ ์น์ฌ์ดํธ์์ ์ฌ์ฉ์์ ๋ฐ์ดํฐ์ ์ ๊ทผ
๋ฐ์ดํฐ ์์ง:
- ๊ฐ๋ฐ์๊ฐ ์ด ํ์ฅ ๊ธฐ๋ฅ์ ๋ฐ์ดํฐ ์์ง์ด ํ์ํ์ง ์๋ค๊ณ ํฉ๋๋ค.
์ถ๊ฐ ์ ๋ณด
- ๋ถ๊ฐ ๊ธฐ๋ฅ ๋งํฌ
- ๋ฒ์
- 0.1.0
- ํฌ๊ธฐ
- 13.29 KB
- ๋ง์ง๋ง ์ ๋ฐ์ดํธ
- 7์ผ ์ (2026๋ 5์ 24์ผ)
- ๊ด๋ จ ์นดํ ๊ณ ๋ฆฌ
- ๋ผ์ด์ ์ค
- Mozilla Public License 2.0
- ๋ฒ์ ๋ชฉ๋ก
- ๋ชจ์์ง์ ์ถ๊ฐ