About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

ENS Domain Name Character Parsing Bug- 1094

lcfr.ethPosted 3 Years Ago
  • ENS stores domains. Once it's been registered, there is a metadata service that is offchain and written in JS/TS.
  • This is done with the following steps:
    1. Register the name
    2. Emit an event of NameRegistered
    3. The ENS metadata service
    4. The metadata service passes the event info to Subgraph.
  • When the JS/TS is parsing the string, it sees 0x00 has a nullbyte and terminates the string. By registering a name with a nullbyte at the end, it won't be a duplicate but it can be an arbitrary string in subgraph!
  • This is a pretty neat vulnerability! The combining of systems creating terrible and unexpected vulnerabilities.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed