Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>d3-doma>Threat Model>Function: nameTokenize()
GeneralOverview
Findings
Critical (3)
Medium (1)
Low (6)
Informational (2)
Threat ModelWhat are threat models?DomaForwarder.solDomaRecordProxyFacet.solDomaRecordRegistrarClaimFacet.sol
DomaRecordRegistrarFacet.solFunction: approveTokenization()Function: complianceChangeLockStatus()Function: complianceDetokenize()Function: eoiImport()Function: nameTokenize()Function: registrarDelete()Function: registrarDetokenize()Function: rejectTokenization()Function: renew()Function: update()Function: updateDsKeys()Function: updateNameservers()
ERC7786GatewayReceiver.solERC7786GatewaySource.solMarketplace.solOwnershipToken.solProxyDomaRecord.sol
Audit ResultsAssessment Results

Function: nameTokenize()

This function is called by registrars to tokenize a domain name without going through the tokenization request process.

Inputs

  • sld

    • Control: Fully controlled.

    • Constraints: N/A.

    • Impact: The SLD of the domain that this token is for.

  • tld

    • Control: Fully controlled.

    • Constraints: N/A.

    • Impact: The TLD of the domain that this token is for.

  • eoi

    • Control: Fully controlled.

    • Constraints: N/A.

    • Impact: This determines whether the token is for an EOI domain or not.

  • expiresAt

    • Control: Fully controlled.

    • Constraints: N/A.

    • Impact: This is a Unix timestamp at which the token will expire.

  • permissions

    • Control: Fully controlled.

    • Constraints: N/A.

    • Impact: This signifies any registrar-specific permissions for this ownership token.

  • nameservers

    • Control: Fully controlled.

    • Constraints: N/A.

    • Impact: This is a list of name servers configured for this token.

  • dsKeys

    • Control: Fully controlled.

    • Constraints: N/A.

    • Impact: This is a list of DNSSEC DS keys configured for this token.

  • ownershipTokenOwnerAddress

    • Control: Fully controlled.

    • Constraints: N/A.

    • Impact: This is the address of the new owner of the ownership token on the remote chain.

  • ownershipTokenChainId

    • Control: Fully controlled.

    • Constraints: N/A.

    • Impact: This is the chain ID on which the ownership token will be minted.

  • correlationId

    • Control: Not controlled.

    • Constraints: This is hardcoded by the ProxyDomaRecord contract.

    • Impact: This is a hash of the current block number, the chain ID, and a nonce on the remote chain.

Branches and code coverage (including function calls)

Intended branches

Negative behavior

Zellic © 2025Back to top ↑