Platform: Code4rena
Start Date: 14/04/2023
Pot Size: $90,500 USDC
Total HM: 7
Participants: 59
Period: 14 days
Judge: LSDan
Total Solo HM: 3
Id: 232
League: ETH
Rank: 36/59
Findings: 1
Award: $59.79
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Sathish9098
Also found by: 0x73696d616f, 0xAgro, 0xSmartContract, 0xTheC0der, ABA, ArbitraryExecution, Aymen0909, BRONZEDISC, Bauchibred, Dyear, Eurovickk, IceBear, Jerry0x, Jorgect, Josiah, MalfurionWhitehat, MohammedRizwan, RaymondFam, Recep, Rickard, SAAJ, Shubham, Udsen, auditor0517, brgltd, catellatech, chaduke, codeslide, eierina, favelanky, j4ld1na, lukris02, matrix_0wl, naman1778, pontifex, schrodinger, tnevler, urataps
59.7928 USDC - $59.79
The most concerning address is ens, although no actual change will me made on the real ens address, users will still spend significant amounts of gas. The other addresses will in the worst case scenario only make the transactions revert.
constructor()previousRegistrar = _previousRegistrar;resolver = _resolver;oracle = _dnssec;suffixes = _suffixes;ens = _ens;setPublicSuffixList(...)suffixes = _suffixes;setAlgorithm(...)algorithms[id] = algo;setDigest(...)digests[id] = digest;Do zero address or code checks.
anchors = _anchors;
Would lead to InvalidProofType when trying to prove and claim, wasting gas.
proveAndClaimWithResolver(...)proveAndClaimWithResolver(...)
The argument address resolver and the storage variable address public immutable resolver; have the same name.
Add a prefix _ to the memory resolver as in the rest of the codebase.
owner_only different than the usual camel case in the codebasehttps://github.com/code-423n4/2023-04-ens/blob/main/contracts/dnssec-oracle/Owned.sol#L9
In setAlgorithm(...) and setDigest(...)
now is the name of the deprecated keyword for block.timestampDummyAlgorithm.sol should be under mocks folderThis is the case for mocks under the folder dnsregistrar. DummyAlgorithm
#0 - c4-judge
2023-05-08T15:38:54Z
dmvt marked the issue as grade-b