Open zlsecure3 opened 1 year ago
zlsecure3
commented
1 year ago submission_id:1469204695
review_type:GRADING
result: TBD-yes,no
rating: TBD-123
comment: TBD-Rejected,Accepted by Secure3.
severity: TBD-Critical,Medium,Low,Informational
category:
description:
zlsecure3
commented
1 year ago submission_id:1469204695
review_type:CLIENT_FEEDBACK
result: TBD-yes,no
severity: TBD-Critical,Medium,Low,Informational
comment:
zlsecure3
commented
1 year ago submission_id:1469204695
review_type:CLIENT_FEEDBACK_DECISION
result: TBD-yes,no,yes-honored,no-honored
severity: TBD-Critical,Medium,Low,Informational
comment:
subject
Risk of registered domain being front-run
description
In the StarNameService module, users can register a domain name through the create_name_script function. But in Aptos, verifiers can also sort the transactions submitted by users (refer to the transaction life cycle in Aptos official documentation). Therefore, when a user registers for SNS, other users or nodes can pre-empt it to register and sell this SNS at a higher price.
recommendation
It is recommended to refer to the registration logic in ENS. Users need to commitment hash first to determine that they need to register a domain name, and then check whether the registrant is consistent with the commitment hash during the registration process to avoid this risk.
Ref: https://docs.ens.domains/contract-api-reference/.eth-permanent-registrar/controller
locations
severity
Medium
damage
exploitability
category
Race condition
system_generated: auditor:Kong7ych3 submission_id:1469204695