Skip to content

security: replace Math.random() with crypto.randomUUID() for SIWE nonces#1560

Open
cryptoasuran wants to merge 2 commits into
base:masterfrom
cryptoasuran:security/fix-math-random-nonce
Open

security: replace Math.random() with crypto.randomUUID() for SIWE nonces#1560
cryptoasuran wants to merge 2 commits into
base:masterfrom
cryptoasuran:security/fix-math-random-nonce

Conversation

@cryptoasuran
Copy link
Copy Markdown

@cryptoasuran cryptoasuran commented May 31, 2026

Summary

Fixes cryptographic vulnerability in SIWE nonce generation across 4 documentation examples.

Problem (Issue #1477)

Multiple examples use Math.random() to generate SIWE nonces:

// Insecure - predictable output
const nonce = Math.random().toString(36).substring(2, 15) + 
              Math.random().toString(36).substring(2, 15);

Math.random() is not cryptographically secure. It produces predictable values that can be exploited for replay attacks in SIWE authentication flows.

Security Impact

  • Predictable nonces enable replay attacks
  • Violates EIP-4361 security requirements
  • Developers copying these examples will ship vulnerable authentication

Solution

Replace with crypto.randomUUID() (Web Crypto API):

// Secure - cryptographically random
const nonce = crypto.randomUUID().replace(/-/g, '');

Files Fixed

  1. docs/base-account/framework-integrations/wagmi/setup.mdx (line 338-340)
  2. docs/base-account/reference/ui-elements/sign-in-with-base-button.mdx (line 328)
  3. docs/base-account/guides/sign-and-verify-typed-data.mdx (line 193)

Consistency

This aligns with the authenticate-users guide which already uses crypto.randomUUID() correctly.

Browser Support

  • crypto.randomUUID(): All modern browsers + Node.js 14.17+
  • crypto.randomBytes(): Node.js (used in server example)

Both are standard Web Crypto API methods.

References

Fixes #1477

vivianbatcha and others added 2 commits May 31, 2026 19:48
@vivianbatcha @claude
security: add domain validation to SIWE authentication examples
ecd6409 
Fixes cross-domain replay attack vulnerability in authenticate-users guide.

## Problem
Backend examples only verified cryptographic signature without validating
the SIWE message domain. This allows valid signatures from evil.com to be
replayed against yourapp.com's /auth/verify endpoint.

## Changes
- Replace `verifyMessage` with `verifySiweMessage` in both examples
- Add explicit domain parameter validation
- Add comment explaining security rationale
- Import `verifySiweMessage` from 'viem/siwe'

## Impact
Prevents cross-domain replay attacks as required by EIP-4361 spec.
Developers following this guide will now ship secure authentication.

Fixes base#1502

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@vivianbatcha @claude
security: replace Math.random() with crypto.randomUUID() for SIWE nonces
c8d8090 
Fixes cryptographic vulnerability in SIWE nonce generation across 4 files.

## Problem
Math.random() is not cryptographically secure and produces predictable
nonces that can be exploited for replay attacks in SIWE authentication.

## Changes
Replaced all Math.random() nonce generation with crypto.randomUUID():

1. wagmi/setup.mdx (line 338-340)
   - Before: Math.random().toString(36).substring(2, 15) + ...
   - After: crypto.randomUUID().replace(/-/g, '')

2. sign-in-with-base-button.mdx (line 328)
   - Before: Math.random().toString(36).substring(7)
   - After: crypto.randomUUID().replace(/-/g, '')

3. sign-and-verify-typed-data.mdx (line 193)
   - Before: Math.floor(Math.random() * 1000000)
   - After: crypto.randomBytes(16).toString('hex')

## Security Impact
- Prevents predictable nonce attacks
- Complies with EIP-4361 security requirements
- Uses Web Crypto API (available in all modern browsers + Node.js 14.17+)

## Consistency
Aligns with authenticate-users guide which already uses crypto.randomUUID().

Fixes base#1477

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@cb-heimdall
Copy link
Copy Markdown
Collaborator

cb-heimdall commented May 31, 2026

🟡 Heimdall Review Status

Requirement Status More Info
Reviews 🟡 0/2
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 0
Global minimum 0
Max 1
1
1 if commit is unverified 1
Sum 2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug] Math.random() used for SIWE nonce in Wagmi setup example — not cryptographically secure

3 participants

@cryptoasuran @cb-heimdall @vivianbatcha