Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>d3-doma>Low findings>Registrars can pass in expiry dates from the past when renewing domains
GeneralOverview
Findings
Critical (3)
Medium (1)
Low (6)Native tokens can remain stuck in some contracts foreverRegistrars can overwrite domain-name details of other registrarsAdd an integrated test suite for all cross-chain interactionsRegistrars can pass in expiry dates from the past when renewing domainsStale oracle price riskSecondary sales in the Marketplace will revert if the fee is not set correctly
Informational (2)
Threat ModelWhat are threat models?DomaForwarder.solDomaRecordProxyFacet.solDomaRecordRegistrarClaimFacet.solDomaRecordRegistrarFacet.solERC7786GatewayReceiver.solERC7786GatewaySource.solMarketplace.solOwnershipToken.solProxyDomaRecord.sol
Audit ResultsAssessment Results
Category: Coding Mistakes

Registrars can pass in expiry dates from the past when renewing domains

Low Impact
Medium Severity
Low Likelihood

Description

In the DomaRecordRegistrarFacet contract, the renew() function is called by registrars to renew a domain name. It requires the registrar to pass in a new expiresAt timestamp for the domain.

This function is missing a check to ensure that the expiresAt timestamp is not from the past.

Impact

Although the cross-chain call to ProxyDomaRecord::renew() will fail (as that function does validate the expiresAt timestamp), the name.expiresAt field is already updated in the DomaRecordRegistrarFacet::renew() function. This causes an inconsistent cross-chain state between the two contracts.

Since registrars are trusted entities, this issue could only occur by accident, which is why we set the final impact as Low.

Recommendations

Add validation logic for the expiresAt timestamp.

Remediation

This issue has been acknowledged by D3, and a fix was implemented in commit 65a5b48b.

Zellic © 2025Back to top ↑