Lucene search
+L

8 matches found

Code423n4
Code423n4
added 2022/12/02 12:0 a.m.15 views

[ZZ-001] PARENT_CANNOT_CONTROL and CANNOT_CREATE_SUBDOMAIN fuses can be bypassed

Severity: High Status: Has been reported to and comfirmed by Jeff ENS team Report Time: 11/28/2022 12:31 AM EST Description The fuse constraints can be violated by a malicious owner of the parent node i.e., the hacker. There are two specific consequences the hacker can cause. Suppose the subnode...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.14 views

NameWrapper: Cannot prevent transfer while upgrade even with CANNOT_TRANSFER fuse regardless of the upgraded NameWrapper's implementation

Lines of code Vulnerability details Impact Upon upgrade to a new NameWrapper contract, owner of the node will be set to the given wrappedOwner. Since the node will be burned before calling the upgraded NameWrapper, the upgraded NameWrapper cannot check the old owner. Therefore, no matter the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.12 views

NameWrapper: one can renew to DoS a Name

Lines of code Vulnerability details Impact Anyone with enough eth can make a name impossible to be used anymore Proof of Concept Below is a snippet of the proof of concept. The whole code can be found in this gist. And how to run test is in the comment in the gist. This proof of concept...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/07/19 12:0 a.m.11 views

[PNM-002] The expiry of the parent node can be smaller than the one of a child node, violating the guarantee policy

Lines of code Vulnerability details Description By design, the child node's expiry can only be extended up to the parent's current one. Adding these restrictions means that the ENS users only have to look at the name itself's fuses and expiry without traversing the hierarchy to understand what...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/19 12:0 a.m.9 views

[PNM-003] The preimage DB (i.e., NameWrapper.names) can be maliciously manipulated/corrupted

Lines of code Vulnerability details Description By design, the NameWrapper.names is used as a preimage DB so that the client can query the domain name by providing the token ID. The name should be correctly stored. To do so, the NameWrapper record the domain's name every time it gets wrapped. And...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/07/19 12:0 a.m.8 views

NameWrapper: parent can bypass PARENT_CANNOT_CONTROL

Lines of code Vulnerability details Impact HIGH - bypassing PARENTCANNOTCONTROL fuse As discussed in the discord, bypassing fuse is considered high, thus it is reported as high impact Conditions for the parent for this exploit: should be able to unwrap: no CANNOTUNWRAP fuse on the parent node...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/07/19 12:0 a.m.12 views

Users can skirt fuses on subnodes

Lines of code Vulnerability details Impact If users are granted subnode ownership through setSubnodeRecord or setSubnodeOwner in NameWrapper.sol, and that node is owned by the NameWrapper contract in the ENS registry and the unwrap fuse is not set, then attackers can reset flags and do whatever...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/18 12:0 a.m.11 views

It is possible to create fake ERC1155 NameWrapper token for subdomain, which is not owned by NameWrapper

Lines of code Vulnerability details Impact Due to re-entrancy possibility in NameWrapper.transferAndBurnFuses called from setSubnodeOwner and setSubnodeRecord, it is possible to do some stuff in onERC1155Received right after transfer but before new owner and new fuses are set. This makes it...

7.1AI score
Exploits0
Rows per page
Query Builder