Ethereum
$264.44 -2.89%
ETH · 20w

Bug Discovered in ENS Auctions, Finalizations Temporarily Halted

The first auctions for 3–6 character .ETH names started ending yesterday on OpenSea. Though most of these first auctions to end were resolved correctly, we were quickly made aware of some auctions that had been finalized incorrectly. We have temporarily halted finalizing any more auctions until we can be certain the problems have been solved.

The problem

In a few cases, names were awarded to the wrong bidders and for an amount lower than the highest bid on that name.

At this point, we’re aware of two issues:

First, some bidders were given incorrect information on how to bid using the JavaScript SDK. This resulted in the submission of invalid bids, with the wrong “target” field. As a result, those bids weren’t considered when deciding the auction winner.

Second, one user discovered an input validation vulnerability that allowed them to place bids on a name that actually issued a different name. Unfortunately, they exploited this to issue themselves defi.eth, wallet.eth, apple.eth, and a number of other names.

What we’re doing about it

Regarding the first problem of the incorrect information on how to use the JavaScript SDK: OpenSea has identified the problem and will be emailing bidders with instructions on how to resubmit their bids with valid information. Any auctions that haven’t been finalized yet and were affected by this will be extended; we may extend all auctions for simplicity (this information will be forthcoming soon).

Regarding the second problem of someone exploiting the input validation vulnerability: Fortunately, we caught this and halted finalization before they could get more than a few (16) names. We’ve identified and patched the issue that made this possible.

Can names that were awarded incorrectly be taken back and given to the correct bidder?

Unfortunately not. ENS is designed such that we can’t revoke .ETH names once they have been issued. This is an intentional feature of ENS that ensur...

Continue on medium.com
Recent news
ETH -2.89% · twitter.com · 2h

Zerion is now fully integrated with 0xProject API

Zerion is now sourcing all DEX liquidity through one API. Shoutout to 0x API's newest integrator, @zerion_io! 🙌Swap tokens at the best prices, and join the growing number of projects building on 0x a...
ETH -2.89% · defirate.com · 3h

Ren Protocol ETHDenver Interview

Tune into our interview with Michael Burgess - head of operations at Ren Protocol as we dive into the project's DeFi use-cases, roadmap and more!
ETH -2.89% · medium.com · 4h

Mintable

Read writing from Zach of Mintable.app — Manage your ERC-721s on Medium. Ethereum lover and Dapp Developer for Mintable.app. Every day, Zach of Mintable.app — Manage your ERC-721s and thousands of oth...