Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>d3-doma>Threat Model>Function: claimOwnership(uint256 tokenId, bool isSynthetic, ProofOfContactsVoucher calldata proofOfContactsVoucher, bytes calldata signature)
GeneralOverview
Findings
Critical (3)
Medium (1)
Low (6)
Informational (2)
Threat ModelWhat are threat models?DomaForwarder.solDomaRecordProxyFacet.solDomaRecordRegistrarClaimFacet.solDomaRecordRegistrarFacet.solERC7786GatewayReceiver.solERC7786GatewaySource.solMarketplace.solOwnershipToken.sol
ProxyDomaRecord.solFunction: bridge(uint256 tokenId, bool isSynthetic, string calldata targetChainId, string calldata targetOwnerAddress)Function: changeLockStatus(string calldata tokenId, bool isSynthetic, bool isTransferLocked, string calldata correlationId)Function: claimOwnership(uint256 tokenId, bool isSynthetic, ProofOfContactsVoucher calldata proofOfContactsVoucher, bytes calldata signature)Function: detokenize(string calldata tokenId, bool isSynthetic, string calldata claimedBy, string calldata correlationId)Function: detokenizeUnchecked(string calldata tokenId, bool isSynthetic, string calldata correlationId)Function: mintOwnershipTokens(uint256 registrarIanaId, OwnershipTokenInfo[] calldata tokens, string calldata ownerAddress, string calldata correlationId)Function: renew(string calldata tokenId, bool isSynthetic, uint256 expiresAt, string calldata correlationId)Function: requestDetokenization(uint256 tokenId, bool isSynthetic)Function: requestTokenization(TokenizationVoucher calldata voucher, bytes calldata signature)Function: tokenTransfer(uint256 tokenId, address from, address to)
Audit ResultsAssessment Results

Function: claimOwnership(uint256 tokenId, bool isSynthetic, ProofOfContactsVoucher calldata proofOfContactsVoucher, bytes calldata signature)

This function claims domain ownership using ownership tokens and proof-of-contacts verification. It validates voucher signatures from registrars or Doma, verifies token ownership, collects fees, and initiates cross-chain ownership claim via _relayMessage to Doma chain.

Inputs

  • tokenId

    • Control: Full.

    • Constraints: Token ownership verified via _verifyTokenOwnership() and registrar validation for registrar vouchers.

    • Impact: Identifies the ownership token being used to claim domain ownership.

  • isSynthetic

    • Control: Not controlled.

    • Constraints: Must be false (synthetic tokens not implemented).

    • Impact: Distinguishes between regular and permissioned tokens.

  • proofOfContactsVoucher

    • Control: Full.

    • Constraints: Expiration date checked via _verifyNotExpiredVoucher() and nonce verified via _verifyAndUpdateNonce().

    • Impact: Contains registrant handle, proof source, nonce, and expiration for contact verification.

  • signature

    • Control: Full.

    • Constraints: Verified via _verifyRegistrarSignature() or _verifyDomaSignature() depending on proof source.

    • Impact: Ensures voucher authenticity from authorized signers.

Branches and code coverage (including function calls)

Intended branches

Negative behavior

Zellic © 2025Back to top ↑