The contract generates a transaction ID (txid) by hashing both the transfer parameters and the signature. Since ECDSA signatures are malleable, an attacker can create a different valid signature for the same message. This allows the same transfer to be executed multiple times with different signatures, bypassing the signatureUsed check. As a result, an attacker can drain the sender's balance by replaying the same transfer with a modified signature.
Use the transfer hash (without the signature) as the transaction ID. Track used transfers by this hash to prevent replay attacks. Ensure the nonce is unique per user and properly validated to enforce one-time use of each signed transfer.
Line 21 – 30
