It’s a very clever finding, but hard to exploit in my opinion. For those who didn’t read or understand the technical text, it’s an overflow attack on the renewal, meaning that if you renew for someone else’s name for a near infinite amount of time (2^256 seconds) then its expiration date can be moved to the past. Overflows are a common attack and the code has a guard against it, but the exploiter discovered that the check fails to safeguard it if the duration is precisely “infinite minus 90 days” which is honestly quite a funny concept, meaning the attacker can move the registration back for 90 days.
BUT the attack isn’t exploitable right now, because registering that would also require a near infinite amount of ether. So it requires a second level of attack in which someone must either find a vulnerability in the registrar that would allow someone to register names for free, or the attacker would need to create a social attack by somehow being able to approve a new backdoored registrar.
I would suggest the following course of action:
-
Awareness: now that we’re aware of this, any update to the registrar, or any proposed mechanism that would allow names to be renewed for free should have extra scrutiny.
-
Grace Period: we should treat the 90 days grace period like the hidden volume of extra gas you have on your car, once it says your fuel is depleted. You should never allow someone to reach that point, but if they do they’ll be happy it exists. There are many reasons not to treat the grace period as a “freebie” registration duration and this one is one more
-
Pack it on the next system upgrade. .eth controller can’t be upgraded but there are other pieces that can. I don’t see any reason to make a system upgrade for this issue, but we should simply have it ready for whenever we have enough features to merit a new contract upgrade. Maybe we’ll have other gas saving techniques that will outweigh the extra expense that this new owner model will have. The other mitigations should be enough.
This is of course just my opinion, which I am willing to change.