You can test this entry and submit issues during the testing period of the Blockchain Contest contest.
Entries with serious issues will not be able to win the contest, but even minor issues might be important for overall results.
Info
Testing and Issues
Voting
Comments
Manual DNS resolver
Next scripts available:
- create ext_msg to create new smart contract
- create ext_msg to add dns record (pair <domain name, array [category, address]>)
- create ext_msg to change owner of smart contract
Also next get-methods available: dnsresolve and seqno
Automatic DNS resolver (not fully completed)
Next scripts available:
- create ext_msg to create new smart contract
- create req to some wallet to add dns record (pair <domain name, array [category, address]>)
Also next get-methods available: dnsresolve and expire_at
Next scripts available:
- create ext_msg to create new smart contract
- create ext_msg to add dns record (pair <domain name, array [category, address]>)
- create ext_msg to change owner of smart contract
Also next get-methods available: dnsresolve and seqno
Automatic DNS resolver (not fully completed)
Next scripts available:
- create ext_msg to create new smart contract
- create req to some wallet to add dns record (pair <domain name, array [category, address]>)
Also next get-methods available: dnsresolve and expire_at
You have not added any comments yet...
by rating
Issues
Manual DNS:
+ Almost good baseline implementation.
- There is no way to change previously added domains.
- There is no way to completely delete expired domains.
+ Almost good baseline implementation.
- There is no way to change previously added domains.
- There is no way to completely delete expired domains.
Automatic DNS:
+ Ability to receive donations.
+ Ability to withdraw earnings.
- seqno is not incremented in recv_external, so it is useless.
- No sanity checks for domain names, so anyone can completely block adding new domains to prefix dictionary.
- Updating and extending domain is not charged.
- No garbage collection for expired domains.
- It is not possible to replace non-owned expired domain.
- There is no way to customize domain fees.
- There is no way to customize domain expiration time.
- Owner check doesn't compare workchain_id.
+ Ability to receive donations.
+ Ability to withdraw earnings.
- seqno is not incremented in recv_external, so it is useless.
- No sanity checks for domain names, so anyone can completely block adding new domains to prefix dictionary.
- Updating and extending domain is not charged.
- No garbage collection for expired domains.
- It is not possible to replace non-owned expired domain.
- There is no way to customize domain fees.
- There is no way to customize domain expiration time.
- Owner check doesn't compare workchain_id.
D
Automatic dns: replay protection is broken, seqno is not increases. Init message may be replayed till balance depletion
There is important vulnerability in shared logic: It is possible to register an domain with length of < 8 bits which may cause mayhem: ensure_zero_bits does not touch the slice if it's length is less than 8 bits.
This way it is possible to register, for example, a domain with name 0 (1 bit) and with name 1 (1 bit) which will prevent registration of all other domains.
For manual version this may allow to trash the contract not allowing to register any more domain, but thats at discertion of contract owner.
Much more importantly, for automatic version there is still no check - so it is possible to lock down entire sections of prefixes with malicious intent.
And yes, seqno in automatic is useless, it is always 0: allows init replay attack (mentioned above).
This way it is possible to register, for example, a domain with name 0 (1 bit) and with name 1 (1 bit) which will prevent registration of all other domains.
For manual version this may allow to trash the contract not allowing to register any more domain, but thats at discertion of contract owner.
Much more importantly, for automatic version there is still no check - so it is possible to lock down entire sections of prefixes with malicious intent.
And yes, seqno in automatic is useless, it is always 0: allows init replay attack (mentioned above).
Nobody added any issues yet...