Info

Download ZIP (13.9 KB)

Testing and Issues

You can test this entry and submit issues during the testing period of the Blockchain Contest contest.

Entries with serious issues will not be able to win the contest, but even minor issues might be important for overall results.

Voting

33

Comments

Manual DNS resolver
Next scripts available:
- create ext_msg to create new smart contract
- create ext_msg to add dns record (pair <domain name, array [category, address]>)
- create ext_msg to change owner of smart contract
Also next get-methods available: dnsresolve and seqno

Automatic DNS resolver (not fully completed)
Next scripts available:
- create ext_msg to create new smart contract
- create req to some wallet to add dns record (pair <domain name, array [category, address]>)
Also next get-methods available: dnsresolve and expire_at
You have not added any comments yet...
by rating

Issues

Clever Turkey Nov 4, 2019 at 19:25
Manual DNS:
+ Almost good baseline implementation.
- There is no way to change previously added domains.
- There is no way to completely delete expired domains.
10
Clever Turkey Nov 4, 2019 at 19:25
Automatic DNS:
+ Ability to receive donations.
+ Ability to withdraw earnings.
- seqno is not incremented in recv_external, so it is useless.
- No sanity checks for domain names, so anyone can completely block adding new domains to prefix dictionary.
- Updating and extending domain is not charged.
- No garbage collection for expired domains.
- It is not possible to replace non-owned expired domain.
- There is no way to customize domain fees.
- There is no way to customize domain expiration time.
- Owner check doesn't compare workchain_id.
10
D
Deleted Account Oct 19, 2019 at 07:43
Automatic dns: replay protection is broken, seqno is not increases. Init message may be replayed till balance depletion
Dreamy Chicken Oct 22, 2019 at 04:10
Yeah, silly copy-paste mistake and no tests in this case.
There is important vulnerability in shared logic: It is possible to register an domain with length of < 8 bits which may cause mayhem: ensure_zero_bits does not touch the slice if it's length is less than 8 bits.
This way it is possible to register, for example, a domain with name 0 (1 bit) and with name 1 (1 bit) which will prevent registration of all other domains.
For manual version this may allow to trash the contract not allowing to register any more domain, but thats at discertion of contract owner.
Much more importantly, for automatic version there is still no check - so it is possible to lock down entire sections of prefixes with malicious intent.
And yes, seqno in automatic is useless, it is always 0: allows init replay attack (mentioned above).
Dreamy Chicken Oct 22, 2019 at 04:19
Agree in general. But in case of manual dns this check should be done in fift-scripts (off-chain) - why would owner of smc harm himself (besides there's explicit domain name length in bits in ext_msg).
Btw shared ensure_zero_terminated doesn't involved in domain registration, only in get-methods.
Nobody added any issues yet...