Back to Dyear's contests

ENS Contest - Dyear's results

Decentralised naming for web3

General Information

Platform: Code4rena

Start Date: 14/04/2023

Pot Size: $90,500 USDC

Total HM: 7

Participants: 59

Period: 14 days

Judge: LSDan

Total Solo HM: 3

Id: 232

League: ETH

ENS

Findings Distribution

Researcher Performance

Rank: 54/59

Findings: 1

Award: $59.79

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryENS

Findings Information

🌟 Selected for report: Sathish9098

Also found by: 0x73696d616f, 0xAgro, 0xSmartContract, 0xTheC0der, ABA, ArbitraryExecution, Aymen0909, BRONZEDISC, Bauchibred, Dyear, Eurovickk, IceBear, Jerry0x, Jorgect, Josiah, MalfurionWhitehat, MohammedRizwan, RaymondFam, Recep, Rickard, SAAJ, Shubham, Udsen, auditor0517, brgltd, catellatech, chaduke, codeslide, eierina, favelanky, j4ld1na, lukris02, matrix_0wl, naman1778, pontifex, schrodinger, tnevler, urataps

Awards

59.7928 USDC - $59.79

Labels

bug
grade-b
low quality report
QA (Quality Assurance)
edited-by-warden
Q-14

External Links

Link to GitHub issue

Specify the scope of the using library.

https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnssec-oracle/digests/SHA1Digest.sol#L11 https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnssec-oracle/digests/SHA256Digest.sol#L10 https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnssec-oracle/RRUtils.sol#L10

using BytesUtils for bytes;

Like this https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnsregistrar/RecordParser.sol#L7

When RecordParser.sol read a input don't have separator, Using revert instead of return is better because it expresses the meaning more clearly and saves gas

https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnsregistrar/RecordParser.sol#L25

Can define error MisSeparator, If don't have "=" separator, can revert the MisSeparator error.

You can use the way of comparing the return value nextOffset with the length of input to determine whether the Parses is over.


library RecordParser {
    using BytesUtils for bytes;

    error MisSeparator();

    /**
     * @dev Parses a key-value record into a key and value.
     * @param input The input string
     * @param offset The offset to start reading at
     */
    function readKeyValue(bytes memory input, uint256 offset, uint256 len)
        internal
        pure
        returns (bytes memory key, bytes memory value, uint256 nextOffset)
    {
        uint256 separator = input.find(offset, len, "=");
        if (separator == type(uint256).max) {
            // return ("", "", type(uint256).max); //@audit can use revert here
            revert MisSeparator();
        }


        uint256 terminator = input.find(separator, len + offset - separator, " ");
        if (terminator == type(uint256).max) {
            terminator = input.length;
        }

        key = input.substring(offset, separator - offset);
        value = input.substring(separator + 1, terminator - separator - 1);
        nextOffset = terminator + 1;
    }
}

#0 - thereksfour

2023-05-02T04:00:08Z

2 NCs

#1 - c4-pre-sort

2023-05-02T04:00:11Z

thereksfour marked the issue as low quality report

#2 - c4-judge

2023-05-09T10:11:07Z

dmvt marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter