The first auctions for 3–6 character .ETH names started ending yesterday on OpenSea. Though most of these first auctions to end were resolved correctly, we were quickly made aware of some auctions that had been finalized incorrectly. We have temporarily halted finalizing any more auctions until we can be certain the problems have been solved.The problem
In a few cases, names were awarded to the wrong bidders and for an amount lower than the highest bid on that name.
At this point, we’re aware of two issues:
Second, one user discovered an input validation vulnerability that allowed them to place bids on a name that actually issued a different name. Unfortunately, they exploited this to issue themselves defi.eth, wallet.eth, apple.eth, and a number of other names.What we’re doing about it
Regarding the second problem of someone exploiting the input validation vulnerability: Fortunately, we caught this and halted finalization before they could get more than a few (16) names. We’ve identified and patched the issue that made this possible.Can names that were awarded incorrectly be taken back and given to the correct bidder?
Unfortunately not. ENS is designed such that we can’t revoke .ETH names once they have been issued. This is an intentional feature of ENS that ensur...