Nonce

A durable, on-chain alternative to Solana's normal recent-blockhash system, letting you sign a transaction now and submit it much later without expiration, which is essential for offline signing and multisig workflows.

What is a Nonce Account

A nonce account is a small on-chain account that holds a "durable nonce"–a reusable substitute for the recent blockhash that every normal Solana transaction relies on. Normal transactions rely on a recent blockhash that is good for about 150 slots, or about a minute. A durable nonce lifts this limit, which allows a signed transaction to remain live, and usable for hours, days, or months until it is actually submitted.

It's kind of like a rain check at the store. The sales ad at the store only works until the end of the day–you can't use it in the morning if you missed the window yesterday. A rain check, however, is good until it's used, and the register clerk stamps it so that it can't be used twice. The nonce account is the rain check; moving the nonce is the stamp.

How Durable Nonces Work Technically

To create a nonce account costs about 0.0015 SOL (rent exempt deposit) which is about $0.12 with SOL at $80. This can be recovered when you close the account. The account contains a nonce value and a nonce authority, i.e. the keypair authorized to use/close the account.

When you create a durable-nonce-based transaction, two things must be true: 1) the first instruction in the transaction must be AdvanceNonce, which instructs the blockchain to rotate the nonce value in the account; and 2) the blockhash field in the transaction is the current nonce value and not the recent blockhash. When the transaction executes, the nonce value advances. This means that if someone attempts to resubmit the same transaction bytes, it will be rejected immediately. It's built-in replay protection: one nonce value = one execution, and never again.

There's only one catch. Each nonce account can only hold exactly one transaction at a time. Sign a second transaction for the same account and whichever is processed first, the other is dead. For custodians sending a lot of delayed transactions, this is just a matter of using multiple nonce accounts, but this does lead to additional operational burden.

How Durable Nonces Compare to Ethereum

In Ethereum, each account has a nonce counter and transactions must be processed sequentially. So transaction #47 has to go through before transaction #48. A pre-signed transaction in Ethereum will remain valid forever. While that may seem convenient, consider what happens if you forgot about an old transaction that you signed back then and now your computer is hacked by someone in 10 years who can just cash in that old transaction to their benefit! Similarly in Bitcoin, transactions remain valid once signed.

This was flipped by Solana so that transactions naturally expire after a minute (barring a deliberate opt-in for durability), so old (stale) transactions die rather than waiting forever to potentially trigger at the wrong time. The 1-minute default is also why Solana isn't bogged down with the backlogs Ethereum creates during network congestion. With durable nonces, the long-term validity can be recovered, when requested and funded (0.0015 SOL setup fee).

Why Nonce Accounts Matter

Let's say a DAO wants to spend funds from its treasury using Squads and requires 4 of 7 keyholders to sign. The signers live in 3 time-zones so collecting the full batch of signatures will take roughly 6 hours. Without the nonce, the blockhash embedded in the first signature will expire 59 minutes before the 4th signer logs in and will need to restart. The durable nonce, however, allows the partially-signed transaction to wait until all signatures are ready.

Similarly, exchanges and other large custodians use durable nonces extensively. A custodian whose keys are stored in an air-gapped machine (i.e. no network connectivity) needs to sign the transaction offline, carry it via USB drive to a different machine, and broadcast the signed transaction. The same applies to people who use hardware wallets or are approving a Marinade unstake through a slow multisig process. The timeframe isn't 60 seconds.

The real issue here is tradeoffs. Durable nonces do make things more complex for users: You need to pre-pay for (and monitor) the additional nonce accounts, be sure to send your instructions in the right order, and guard access to the nonce authority who can advance the nonce. Most Phantom users swapping on Jupiter will never use this–it's just plumbing for those situations where signing is a slower process.

So if I sign a durable nonce transaction, can someone re-submit it later? No, it actually prevents re-submitting it rather than enables it. The transaction has to AdvanceNonce, so once it is processed it is no longer valid and the network won't process the same bytes again.

Contents

Writen By

Stay Updated - Follow us on X

Project review threads, dApp insights, announcements, news, and more.