Open code423n4 opened 1 year ago
thereksfour marked the issue as primary issue
ERC165 support is required in order to be a valid resolver. Any resolver that doesn't support it is incorrectly implemented.
Arachnid marked the issue as sponsor disputed
This is easy to protect against. Issue stands.
dmvt marked the issue as selected for report
There's no point building a protection for this; either way the result is a failed resolution.
The OZ implementation would guarantee that the else clause gets triggered and the error returned is understandable / sane. In this case, a very simple fix will significantly enhance the composability of the protocol and improve the experience of dev users.
I continue to disagree this is an issue. ERC165 support is a baseline requirement for a resolver; checking it's supported is a pointless waste of gas.
https://github.com/code-423n4/2023-04-ens/blob/83836eff1975fb47dae6b0982afd0b00294165cf/contracts/utils/UniversalResolver.sol#L498-L510 this code shows that at least in other areas, the possibility failure is acknowledged and handled
Lines of code
https://github.com/code-423n4/2023-04-ens/blob/45ea10bacb2a398e14d711fe28d1738271cd7640/contracts/dnsregistrar/OffchainDNSResolver.sol#L104
Vulnerability details
Description
In OffchainDNSResolver,
resolveCallback
parses resource records received off-chain and extracts the DNS resolver address:The contract supports three methods of resolution through the resolver:
query
parameter originating inresolve()
Code is below:
The issue is that a resolver could support option (3), but execution would revert prior to the
query
call. The function usessupportsInterface
in an unsafe way. It should first check that the contract implements ERC165, which will guarantee the call won't revert. Dynamic resolvers are not likely in practice to implement ERC165 as there's no specific signature to support ahead of time.Impact
Resolution with custom DNS resolvers are likely to fail.
Tools Used
Manual audit
Recommended Mitigation Steps
Use the OZ
ERC165Checker.sol
library, which addresses the issue: