QA Report #238
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
1. Use safeTransferFrom instead of transferFrom for ERC721 transfers
OpenZeppelin’s documentation discourages the use of
transferFrom()
, usesafeTransferFrom()
whenever possible.https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#L231
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#L341
2. call() should be used instead of transfer() on an address payable
Sometimes this kind of issue is considered as Medium risk.
The use of the deprecated transfer() function for an address will inevitably make the transaction fail when:
Additionally, using higher than 2300 gas might be mandatory for some multisig wallets.
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L182
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L203
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L210
3. Unbounded loops with external calls
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/ETHRegistrarController.sol#L167
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/ethregistrar/BulkRenewal.sol#L56
4. Wrong Comment
https://github.com/code-423n4/2022-07-ens/blob/main/contracts/wrapper/NameWrapper.sol#L370
PARENT_CANOT_CONTROL
should bePARENT_CANNOT_CONTROL
5. Wrong comparison result when the length is longer than 32
The comparison will be wrong when then
shortest
> 32 because themask
is wrong.For example when the parameters are
01234567890123456789012345678901xaxa
,0
,35
01234567890123456789012345678901xaxb
,0
,35
, the result should be zero because they are same with the first 35 characters. For the 2nd iteration ofL56
, the shortest is greater than 32, and the mask will betype(uint256).max
and it will mask all values and this will result todiff != 0
.shortest-idx
to32
at lineL66
5. Wrong comparison result when the
self
is longer than otherhttps://github.com/code-423n4/2022-07-ens/blob/main/contracts/dnssec-oracle/BytesUtils.sol#L116
When
self.length > offset + other.length
, the result can be true.For example when the parameters are
hello1
,1
,ello
, the result should befalse
becauseello1
is different fromello
.But the result will be
true
with this function because the equals function will compare the string within thelen
.The text was updated successfully, but these errors were encountered: