Malicious takeover of previously owned ENS names #844
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* more context for some errors * check are blocks equal at the reOrg stage * fmt * extrect IsEqual block method * extract IsParent method in block type
…-tech#770)" (kowala-tech#790) This reverts commit 0ce9045.
…ning-on-latest fixed warn on already latest version
* duplicate vote logging * fmt * warn log level for nil-voting * prevent log spamming * discovery topic include chain and network IDs * fmt
…g-err changed message from parsing version filename
* Added tests for ExchangeMgr
* Added docs for the Solidity code * WIP dockerfile * Added solidoc dockerfile * Updated ReadMe and regenerated the docs using the docker tool * Added pipeline for drone to create solidity docs * Updated mkdocs.yml, fixes * Better use of the docker image * Updated solidoc docker implementation * Smart contracts -> Core Contracts * Build node modules before anything else * Regenerated docs; separated assert and build * Moved docs to proper location * Added git debugging * Moved docs to the proper directory * Added diff * Added solidoc 1.0.3 * Fixed typo * Update go_generate
* use currency for p2p discovery * Moved KUSD const to its own package
* Added docs for the Solidity code * WIP dockerfile * Added solidoc dockerfile * Updated ReadMe and regenerated the docs using the docker tool * Added pipeline for drone to create solidity docs * Updated mkdocs.yml, fixes * Better use of the docker image * Updated solidoc docker implementation * Smart contracts -> Core Contracts * Build node modules before anything else * Regenerated docs; separated assert and build * Moved docs to proper location * Added git debugging * Moved docs to the proper directory * Added diff * Added solidoc 1.0.3 * Fixed typo * Update go_generate * Generate solidity docs on push to dev * Don't execute on pushes to feature branches
* refactored not logged in state to smaller parts * simplified if * removed unused channel subscription * removed unecessary check
* Implemented genesis freeze * removed test_genesis
* e2e concurrency experiment * Removed chained WaitFors * Added debugging * Reduced max timeout * Rolled back concurrency * Remove concurrency * Changed timeouts; tagged subset of features * Increased ready timeout * Added node and token features
* Removed Stability contract and all of its references * Removed Stability and Price provier from docs * regenrated contract docs * fixes * Removed unused struct members * Removed loader test because the freeze breaks it
* Added initial html for minting tools * Global governor setting * Minting in web interface * Confirm mints * React for governors list * React control panel * Error handling and user notifications * minimal styling * Table filtering * optional IPC path * build process * Go generate
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Impact
A user who owns an ENS domain can set a "trapdoor", allowing them to transfer ownership to another user, and later regain ownership without the new owner's consent or awareness.
Patches
A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry. The registry is newly deployed at 0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e.
Workarounds
Do not accept transfers of ENS domains from other users on the old registrar.
Check the migration guide in our docs.