Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>d3-doma>Threat Model>Function: detokenize(string calldata tokenId, bool isSynthetic, string calldata claimedBy, string calldata correlationId)
GeneralOverview
Findings
Critical (3)
Medium (1)
Low (6)
Informational (2)
Threat ModelWhat are threat models?DomaForwarder.solDomaRecordProxyFacet.solDomaRecordRegistrarClaimFacet.solDomaRecordRegistrarFacet.solERC7786GatewayReceiver.solERC7786GatewaySource.solMarketplace.solOwnershipToken.sol
ProxyDomaRecord.solFunction: bridge(uint256 tokenId, bool isSynthetic, string calldata targetChainId, string calldata targetOwnerAddress)Function: changeLockStatus(string calldata tokenId, bool isSynthetic, bool isTransferLocked, string calldata correlationId)Function: claimOwnership(uint256 tokenId, bool isSynthetic, ProofOfContactsVoucher calldata proofOfContactsVoucher, bytes calldata signature)Function: detokenize(string calldata tokenId, bool isSynthetic, string calldata claimedBy, string calldata correlationId)Function: detokenizeUnchecked(string calldata tokenId, bool isSynthetic, string calldata correlationId)Function: mintOwnershipTokens(uint256 registrarIanaId, OwnershipTokenInfo[] calldata tokens, string calldata ownerAddress, string calldata correlationId)Function: renew(string calldata tokenId, bool isSynthetic, uint256 expiresAt, string calldata correlationId)Function: requestDetokenization(uint256 tokenId, bool isSynthetic)Function: requestTokenization(TokenizationVoucher calldata voucher, bytes calldata signature)Function: tokenTransfer(uint256 tokenId, address from, address to)
Audit ResultsAssessment Results

Function: detokenize(string calldata tokenId, bool isSynthetic, string calldata claimedBy, string calldata correlationId)

This function detokenizes domain names by verifying ownership, burning tokens, and completing the detokenization process. It can only be called by authorized cross-chain senders from Doma chain. It includes ownership verification before proceeding.

Inputs

  • tokenId

    • Control: Full.

    • Constraints: Converted to uint256 via Strings.parseUint().

    • Impact: Identifies the specific token to detokenize.

  • isSynthetic

    • Control: Not controlled.

    • Constraints: Must be false (synthetic tokens not implemented).

    • Impact: Distinguishes between regular and permissioned tokens.

  • claimedBy

    • Control: Full.

    • Constraints: Converted to address via Strings.parseAddress() and must match token owner.

    • Impact: Expected owner address that must match the current token owner.

  • correlationId

    • Control: Full.

    • Constraints: N/A.

    • Impact: Used for cross-chain operation tracking and correlation.

Branches and code coverage (including function calls)

Intended branches

Negative behavior

Zellic © 2025Back to top ↑