Wrong main_uri append

[zlsecure3]

subject

Wrong main_uri append

description

In the StarNameService module, the main_uri will be spliced in the create_name_script function to complete the casting of SNS NFT. But it mistakenly spliced domain_name to name repeatedly, resulting in the lack of domain_name in the link of main_uri. And the token_mutate_config parameter of SNS is set to be unchangeable. So once the casting of SNS NFT is completed, the wrong main_uri will not be able to be modified.

The main_uri in the airdrop_mint function also has this issue.

The following is the setting of the token_mutate_config parameter in the StarNameService::create_name_script_nft function:

let mutate_setting = vector<bool>[false, false, false, false, false];

recommendation

The following code is recommended for fix.

string::append(&mut main_uri, domain_name);

locations

• code/sources/StarNameService.move#L268
• code/sources/StarNameService.move#L325

severity

Critical

damage

exploitability

category

Logical

---

system_generated: auditor:Kong7ych3 submission_id:1469205089

[zlsecure3]

grading (edit)

---

submission_id:1469205089

---

review_type:GRADING

---

result: TBD-yes,no

---

rating: TBD-123

---

comment: TBD-Rejected,Accepted by Secure3.

---

severity: TBD-Critical,Medium,Low,Informational

---

category:

---

description:

---

[zlsecure3]

client feedback (manual copy)

---

submission_id:1469205089

---

review_type:CLIENT_FEEDBACK

---

result: TBD-yes,no

---

severity: TBD-Critical,Medium,Low,Informational

---

comment:

---

[zlsecure3]

client feedback decision(edit)

---

submission_id:1469205089

---

review_type:CLIENT_FEEDBACK_DECISION

---

result: TBD-yes,no,yes-honored,no-honored

---

severity: TBD-Critical,Medium,Low,Informational

---

comment:

---