Is frontrunning an issue when submitting secrets to the Ethereum network?

Post original

I am trying to set up a system wherein a user scans a QR code & that allows them to register an ENS address. My scheme is for the contract to have a distribution address, and, using that address' credentials, I sign a nonce & encode both the nonce & signature into a URL that becomes the QR code. At that URL, the site collects a subname for the user, then submits that name, the nonce, & the signature to a smart contract. The contract extracts the address from the signature, and, if it matches the distribution address, it checks a map to see if the nonce has been seen already. If it has, the transaction reverts, otherwise, an ENS name is registered for the given subname and the nonce is added to the redeemed list. My understanding of a frontrunning attack on this system is someone watches the mempool for one of my transactions, and, when one appears, it submits the nonce & signature in a transaction of its own with more ETH so it gets run before mine. ¿Is that correct? ¿What can be done to mitigate the issue? One obvious solution is to have a server check the address and initiate registering the ENS name, so the signature is never published to the mempool. This requires a trusted server though & I'd just as soon not have one. ¿For bonus points, what's the best way for me to handle paying for the users' transactions? I was reading there's something better than PayMasters in the new account abstraction stuff, but a search isn't turning it up.   submitted by   /u/tomorrow_n_tomorrow [link]   [comments]