ENS contest - peritoflores's results

Decentralised naming for wallets, websites, & more.

General Information

Platform: Code4rena

Start Date: 12/07/2022

Pot Size: $75,000 USDC

Total HM: 16

Participants: 100

Period: 7 days

Judge: LSDan

Total Solo HM: 7

Id: 145

League: ETH

ENS

Findings Distribution

Researcher Performance

Rank: 13/100

Findings: 1

Award: $1,138.73

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository ENS

Findings Information

🌟 Selected for report: panprog

Also found by: Aussie_Battlers, brgltd, cryptphi, peritoflores, wastewa

Labels

bug

duplicate

3 (High Risk)

old-submission-method

Awards

1138.7337 USDC - $1,138.73

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2022-07-ens/blob/ff6e59b9415d0ead7daf31c2ed06e86d9061ae22/contracts/wrapper/NameWrapper.sol#L813-L822

Vulnerability details

Impact

Reentrancy attack

Proof of Concept

The function _transferAndBurnFuses is not performing Checks-Effects-Interactions pattern, and updates fuses after NFTs are transfered.
An attacker can reenter because _transfer is performing a _doSafeTransferAcceptanceCheck where it check the receive is able to handle NFTs.

function _transferAndBurnFuses(
        bytes32 node,
        address newOwner,
        uint32 fuses,
        uint64 expiry
    ) internal {
        (address owner, , ) = getData(uint256(node));
        _transfer(owner, newOwner, uint256(node), 1, "");  @audit here is the transfer
        _setFuses(node, newOwner, fuses, expiry);@audut here we set a storage variable
    }

Recommended Mitigation Steps

Set the variables before transferring

[-] transfer(owner, newOwner, uint256(node), 1, "");
[-] _setFuses(node, newOwner, fuses, expiry);

    [+]_ setFuses(node, newOwner, fuses, expiry);

[+] _transfer(owner, newOwner, uint256(node), 1, "");

#0 - sseefried
2022-07-20T00:03:43Z

Duplicate of #124

#1 - jefflau
2022-07-22T07:57:04Z

Duplicate of https://github.com/code-423n4/2022-07-ens-findings/issues/117

#2 - dmvt
2022-08-03T13:16:10Z

Duplicate of #84

ENS contest - peritoflores's results

Decentralised naming for wallets, websites, & more.

General Information

Findings Distribution

Researcher Performance

External Links

[H-01] Reentrancy from `_transferAndBurnFuses` - $1,138.73

Findings Information

Labels

Awards

External Links

Lines of code

Vulnerability details

Impact

Proof of Concept

Recommended Mitigation Steps

#0 - sseefried2022-07-20T00:03:43Z

#1 - jefflau2022-07-22T07:57:04Z

#2 - dmvt2022-08-03T13:16:10Z

#0 - sseefried
2022-07-20T00:03:43Z

#1 - jefflau
2022-07-22T07:57:04Z

#2 - dmvt
2022-08-03T13:16:10Z