-
Notifications
You must be signed in to change notification settings - Fork 513
Add ENS library #288
base: master
Are you sure you want to change the base?
Add ENS library #288
Conversation
Thanks for the contribution! ENS really needs some solidity-based functionality that's easy for people to use. The operations on hashes look good. I have some concerns about the operations on strings, however. An integral part of doing ENS resolution from human-readable names is performing UTS46 normalisation. Without it, it's possible to construct multiple identical looking names that hash to different name hashes. I'm concerned that by introducing a function that does name hashing but not normalisation onchain, we risk encouraging people to use this without normalisation anywhere, opening opportunities for phishing and other attacks based on name normalisation. That's why, so far, we've encouraged people to only deal with name hashes onchain, and do hashing and normalisation offchain instead. |
@Arachnid Yes, that is a problem. Maybe we can add it with a warning message? I think adding a good warning message will be enough, but if you want to remove it we can @Arachnid |
I'd rather not add support at all, unless there are compelling use-cases for namehashing but not normalising on chain. In your application, can you not do the hashing offchain too? |
Ok, I will remove it. Yes we would be able to do hashing offchain, but im also looking forward to support ens on chain too, I think since we can check it agains our verified registry it will be safe. Im going to submit the commit removing the strings methods. |
Should I remove the |
Yes - same problem here, there's no way to ensure that names are normalised, so it'll almost certainly lead to bad bugs.
Can you elaborate? Can't you do this by storing the namehash in the contract instead of the plain text name? |
@Arachnid sure, you can store the namehash, but you can also store a normalised string on the contract storage as constant and get the namehash from there. But I guess this specific usecase is not enough for having the namehash function. |
There's not really any upside to doing that, though - it costs more in storage costs (at least 2 words of storage, instead of one) and in processing (since you have to parse and hash the string each time). |
Add a ENS library to access to ENS Registry information on the smart contract level. It uses the strings library to split the namehash received in string type and calculate the namehash of the ens.
Using the namehash calculated the smart contracts that use this library can get the owner, resolver and ttl of ens directly from the registry.