[audit] #21: Add Controllers to ReverseRegistrar #43
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ller record setting
stevieraykatz
changed the title
Merged
Comment on lines
+69
to
+82
| function test_allowsController_toClaimForAddr_forUserAddress() public { | ||
| bytes32 labelHash = Sha3.hexAddress(user); | ||
| bytes32 reverseNode = keccak256(abi.encodePacked(ADDR_REVERSE_NODE, labelHash)); | ||
|
|
||
| vm.expectEmit(address(reverse)); | ||
| emit ReverseRegistrar.ReverseClaimed(user, reverseNode); | ||
| vm.prank(controller); | ||
| bytes32 returnedReverseNode = reverse.claimForAddr(user, user, resolver); | ||
| assertTrue(reverseNode == returnedReverseNode); | ||
| address retOwner = registry.owner(reverseNode); | ||
| assertTrue(retOwner == user); | ||
| address retResolver = registry.resolver(reverseNode); | ||
| assertTrue(retResolver == resolver); | ||
| } |
There was a problem hiding this comment.
it would be also best to add a test for a caller which is non of the valid 4 options.
There was a problem hiding this comment.
We have that above? see test_reverts_ifNotAuthorized
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The RegistrarController needs to be a permissioned caller to the
ReverseRegistraror it will not be able to set reverse records upon registration. Somehow when migrating from the ENS contracts, I missed this pattern. This PR:controllersvia a mappingaddress=>boolonlyOwnersetter method and checks that a permissioned controller passes theauthoriszedcheckFrom Spearbit:
Description
For RegistrarController to be able to call reverseRegistrar using the current implementations, the
msg.sendermust have approvedRegistrarControllerinRegistryso that the following would return true:Recommendation
To avoid having all the users to set the above permission/approval, one can do either of the following:
ReverseRegistrarto be automatically approved for all users inRegistryorReverseRegistrarto be anauthorisedentity for all users in ReverseRegistrar.Second option might be preferred since it limits how much privilege the ReverseRegistrar would have in the whole ecosystem.