Back to pontifex's contests

ENS Contest - pontifex's results

Decentralised naming for web3

General Information

Platform: Code4rena

Start Date: 14/04/2023

Pot Size: $90,500 USDC

Total HM: 7

Participants: 59

Period: 14 days

Judge: LSDan

Total Solo HM: 3

Id: 232

League: ETH

ENS

Findings Distribution

Researcher Performance

Rank: 51/59

Findings: 1

Award: $59.79

QA:
grade-b

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryENS

Findings Information

🌟 Selected for report: Sathish9098

Also found by: 0x73696d616f, 0xAgro, 0xSmartContract, 0xTheC0der, ABA, ArbitraryExecution, Aymen0909, BRONZEDISC, Bauchibred, Dyear, Eurovickk, IceBear, Jerry0x, Jorgect, Josiah, MalfurionWhitehat, MohammedRizwan, RaymondFam, Recep, Rickard, SAAJ, Shubham, Udsen, auditor0517, brgltd, catellatech, chaduke, codeslide, eierina, favelanky, j4ld1na, lukris02, matrix_0wl, naman1778, pontifex, schrodinger, tnevler, urataps

Awards

59.7928 USDC - $59.79

Labels

bug
grade-b
low quality report
QA (Quality Assurance)
Q-05

External Links

Link to GitHub issue

N-1 Declare variables in one line with assignment

There is no necessity to declare variables separately from destructuring assignment when calling another function that returns multiple values. Declare them in one line with assignments similar to other places of the protocol. There are four instances:

35:            bool found;
36:            address addr;
37:            (addr, found) = parseRR(data, iter.rdataOffset, iter.nextOffset);

https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnsregistrar/DNSClaimChecker.sol#L35-L37

55:            bool found;
56:            address addr;
57:            (addr, found) = parseString(rdata, idx, len);

https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnsregistrar/DNSClaimChecker.sol#L55-L57

39:        bool ok;
40:        bytes memory result;
41:        (ok, result) = RSAVerify.rsarecover(modulus, exponent, sig);

https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnssec-oracle/algorithms/RSASHA1Algorithm.sol#L39-L41

38:        bool ok;
39:        bytes memory result;
40:        (ok, result) = RSAVerify.rsarecover(modulus, exponent, sig);

https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnssec-oracle/algorithms/RSASHA256Algorithm.sol#L38-L40

N-2 constant should be defined rather than using magic number

Use readable constant instead of a numeric value with a comment. There are two instances:

72:        if (str.readUint32(idx) != 0x613d3078) return (address(0x0), false); // 0x613d3078 == 'a=0x'

https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnsregistrar/DNSClaimChecker.sol#L72

294:        if (dnskey.protocol != 3) {

https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnssec-oracle/DNSSECImpl.sol#L294

#0 - thereksfour

2023-05-02T03:35:58Z

2 NCs

#1 - c4-pre-sort

2023-05-02T03:36:02Z

thereksfour marked the issue as low quality report

#2 - c4-judge

2023-05-09T10:40:41Z

dmvt marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter