FAQ
Why signatures from EOAs are rejected even if they are valid?
TargetBase is built for smart account–based execution, not direct EOA calls. All protected functions must be executed via a DelegatedAccount that has been pre-approved. This creates an enforcement layer where EOAs cannot bypass authorization logic.
What happens if someone tries to reuse the same signed authorization twice?
They can’t. TargetBase prevents this via dual-layer replay protection:
Nonce Check — must match
nonces[msg.sender]
Authorization Hash Tracking — once a signature hash is used, it’s permanently recorded and rejected on future calls
This means even if an attacker copies calldata across chains, it still won’t execute.
Can I rotate the master key without breaking existing signatures?
Yes. When rotating the master key, all future authorizations must be signed with the new key, but already-executed signatures remain final. Pending signatures signed by the old key become invalid, this is intentional for security. This means that you also need to create a new attestor image which includes the private key of the latest master key.
Last updated