[EP 6.8] [Executable] Revoke root controller role from legacy ENS multisig

nick.eth · April 24, 2025, 7:07am

[6.8] [Executable] Revoke root controller role from legacy ENS multisig

Status	Active
Votes	Tally

Abstract

We have identified that the legacy ENS multisig, which originally controlled ENS before the DAO was created, still has the ‘controller’ role on the ENS root. This means that a majority of multisig keyholders could create or replace any ENS TLD other than .eth. .eth is locked and cannot be modified by the DAO or anyone else.

In order to correct this oversight, this proposal revokes the legacy multisig’s controller role from the root contract.

Specification

Call setController on the ENS Root contract at 0xaB528d626EC275E3faD363fF1393A41F581c5897, passing in the address of the legacy multisig, 0xCF60916b6CB4753f58533808fA610FcbD4098Ec0.

Transactions

Address	Value	Function	Argument	Value
0xaB528d626EC275E3faD363fF1393A41F581c5897	0	setController	address	0xCF60916b6CB4753f58533808fA610FcbD4098Ec0
0xaB528d626EC275E3faD363fF1393A41F581c5897	0	setController	controller	false

nick.eth · April 24, 2025, 7:09am

Apologies for skipping the temp-check phase on this; with this being a security issue (however remote) and the very low risk and contentiousness, I thought it best to post this right away.

lefterisjp · April 24, 2025, 7:34am

Looks okay I guess. Weird this was not noticed earlier. The function matches and should work. Would appreciate a similation from blockful too.

clowes.eth · April 24, 2025, 12:12pm

Seems reasonable.

FYI, You have reused 6.7 in the actual proposal you have submitted: Tally | ENS | [EP6.7] [Executable] Revoke root controller role from legacy ENS multisig

nick.eth · April 24, 2025, 3:09pm

'Yes, apologies - I typoed it onchain.