getOwnerAddress() function used in DNSClaimChecker.sol is missing important check on the type and class of the records.
Also this getOwnerAddress() function is used in DNSRegistar.sol _claim function to claim a name using the given proofs
Since there are checks missing on type and class of the records, the user can claim a name with invalid proofs
In getOwnerAddress() function returns address and a bool value, the following check is not covering all the required cases
if (iter.name().compareNames(buf.buf) != 0) continue;
Also, we can see the constants are declared but not used in the code
uint16 constant CLASS_INET = 1;
uint16 constant TYPE_TXT = 16;
Since there is no check on type and class of the records this condition will pass and getOwnerAddress() will return an address and a true value
Now this getOwnerAddress() function is used in DNSRegistar.sol _claim function.
_claim() function is used in proveAndClaim() and proveAndClaimWithResolver() functions to claim a name using given proofs.
Manual Code Review
Add required checks similar to resolveCallback() function is OffchainDNSResolver.sol
if (iter.name().compareNames(buf.buf) != 0 || iter.class != CLASS_INET || iter.dnstype != TYPE_TXT) { continue; }
The text was updated successfully, but these errors were encountered:
All reactions