Unable to decrypt: Error: Duplicate message index, possible replay attack:

[giomfo]

After a long period where the server was not reachable, I got a large number of "Unable to decrypt: Error: Duplicate message index, possible replay attack:" errors in a discussion where I'm able to decrypt some messages...

I observed the same on my iPhone (I will rage shake too)

[caev]

After sending a message and having it apparently ack'd by the server (turned bright white), a few minutes later I got in riot.im/app three errors in the scroll as if they were messages, "** Unable to decrypt: Error: Duplicate message index, possible replay attack: {sender_key}/{session_id}|11 **"

16:16 original message
16:17 first error
16:18 second error
16:20 third and last error

The string {sender_key}|{session_id}|11 in the error quoted above has been edited for privacy in the bug. The {sender_key} and {session_id} match the encryped view source of the 16:16 message.

expectation is that when connection is spotty (I am not sure that it was) or the server is crashing or rolling out, the client-to-server protocol should automatically suppress duplicates. Also when the text I have sent turns bright white the message should be durable on the server if that is not already so.

[uhoreg]

The root cause of this is matrix-org/synapse#3365

It may be possible that we could just hide these messages since we know they're duplicates, but once the root cause is fixed, then this error should only occur if an attacker were trying to do something nefarious, and so it might be worthwhile to see it in that situation.

[kittykat]

I'm going to close this issue for now as the root cause has been resolved. Please file a new issue for any ongoing problems.