Comments (8)
pipermerriam
commented on May 18, 2024
1
section 4 are higher level things that don't necessarily correspond to a specific part of the code, or, that apply to many parts of the code.
Section 5 is a fine grained list of items that correspond to a specific section of code.
Some things may be present in both lists but neither is a super-set of the other.
from ens.
pipermerriam
commented on May 18, 2024
1
Final signed version here.
https://gist.github.com/pipermerriam/cd7a9a3369ae6d163f615117be6e071d
Content is the same as the previously linked gist. Sorry for the delays.
from ens.
cfl0ws
commented on May 18, 2024
From @pipermerriam -
Quick update on the status of the audit.
I'm currently at 7 hours billable.
I've still got a few section of code to go through but here is what I have thus far. Standard caveats apply that this is an early draft. I suspect I should be able to wrap this up by end of day Friday.
https://gist.github.com/pipermerriam/dfa9c541aef80690c29d353bc9301291
from ens.
pipermerriam
commented on May 18, 2024
Here is a draft of the final report.
https://gist.github.com/pipermerriam/6bec14a2d8d8abb904529849c6b03131
from ens.
cfl0ws
commented on May 18, 2024
Final draft -
https://gist.github.com/pipermerriam/6bec14a2d8d8abb904529849c6b03131
from ens.
cfl0ws
commented on May 18, 2024
@alexvandesande and @Arachnid I'd expect to see a 1:1 correspondence between the issues listed in sections 4 & 5. Should I ask @pipermerriam to clarify or do you understand why there's not a 1:1 mapping?
4.2 - Minor Issues
4.3 - Medium Issues
4.3.1 - Deed Factory
4.3.2 - Implement Registrar.trySetSubnodeOwner function.
4.4 - Major Issues
4.5 - Critical Issues
5 - Detailed Findings
5.1 - Minor Issues
5.1.1 - Registrar.returnDeed function will always throw.
5.2 - Medium Issues
5.2.1 - Registrar contract uses the entry.highestBid and entry.deed variables to derive secondary information about the state of the entry.
5.2.2 - Deed.destroyDeed contains a multi-line if statement without braces.
5.2.3 - Registrar.finalizeAuction uses multi-line if statement without braces.
5.2.4 - Registrar.transfer naively calls ens.setSubnodeOwner
from ens.
cfl0ws
commented on May 18, 2024
@alexvandesande I saw your email comment about getting to work on these Monday. Does it make sense to prioritize them, based on whether or not they need to be addressed prior to launch? Or, based on your review, do they all need to be addressed prior to launch?
from ens.
Arachnid
commented on May 18, 2024
@pipermerriam Is the 'final draft' the released report, or do you have more edits you want to make?
from ens.
Related Issues (20)
- Ens domain
- Invalid character for ENS
- What's the possible min and max length of ens names HOT 3
- domain reservation HOT 7
- ENS interface should be available for 0.8.x
- Cannot set domain for ContentHash (DNSLink) HOT 1
- "fromPromise error: Error: invalid address" shows in the console when I try to buy a domain HOT 3
- BIG Issue!! HOT 3
- Report an ENS Zero Width Joiner vulnerability- This could lead to massive scams HOT 1
- Why isn't the BaseRegistrarImplementation included in this repo?
- Fastpayment
- How to deploy ENS on a private chain? HOT 1
- What exactly is the value of "secret" in the commitment hash
- How to apply for the top-level domain name of ens?
- How to register a customed top-level domain name through ens.
- How to register a customed top-level domain name through ens. HOT 1
- Request for support for the Sepolia network on ENS HOT 2
- Module not found: Error: Can't resolve '@ensdomains/ensjs'
- Ens
- How to deploy to new chain? I'm getting errors while building
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ens.