Home
QUEUED
Ends Dec 17 at 7:15 PM UTC

[EP 5.27][Executable] Revoke the DAO's ability to upgrade the name wrapper


By
Skip to Votes

Abstract

The Name Wrapper’s upgrade mechanism contains a vulnerability whereby a malicious DAO could use the upgrade mechanism to seize control of wrapped names without the owner’s consent, documented here.

Since the v2 migration plan makes the upgrade mechanism obsolete, we now know the mechanism will never be required. This EP proposes to remove the DAO’s ability to upgrade the name wrapper.

Specification

Admin control over the name wrapper gives the DAO two functions: it can set the upgrade contract, and it can specify the address of the metadata contract. Since we want to remove the former ability while preserving the latter, we propose the following sequence of actions:

  1. Deploy a new metadata contract, identical to the current one but using a proxy. The proxy instance should be owned by the DAO to provide for future metadata upgrades.
  2. Update the name wrapper to reference the new metadata contract instead of the old one.
  3. Revoke admin ownership over the name wrapper.

A new metadata service has been deployed at 0x806f84F3789f51352C1B0aB3fFa192665d283808, and a transparent proxy was deployed in transaction 0xd0aca1f2efb2db5e3d494649004e341decb2e94a1f30e94f301b6626702ee4c8, at address 0xabb76d7e79de010117b147761013f11630a6799f, with the initial implementation set to the above address, and the owner set to wallet.ensdao.eth. The admin contract for this proxy is at 0xeae9309ddb1aadb4cf1ebad5e51aef999833a992.

The executable component of this proposal sets the metadata service address on the name wrapper to the above proxy, then revokes ownership over it.

Votes
Quorum progress: 143.12%
For votes: 1.43M
Against votes: 0
0x5bfc...83900x5bfc...8390voted for
166.74K
0x2b88...7d120x2b88...7d12voted for
129.82K
0x8393...07800x8393...0780voted for
127.26K
0xb8c2...67d50xb8c2...67d5voted for
119.09K
0xe52c...d7260xe52c...d726voted for
115.75K
Thank you to the contributors that identified and proposed this adjustment.
0x9831...67440x9831...6744voted for
112.53K
0x809f...f68e0x809f...f68evoted for
105.95K
0x1d54...63590x1d54...6359voted for
100.39K
0xe391...b4060xe391...b406voted for
80K
0x7ae9...0c0b0x7ae9...0c0bvoted for
67.26K
0xd5d1...cf2c0xd5d1...cf2cvoted for
65.89K
0x5346...42cf0x5346...42cfvoted for
51.09K
0x2d7d...b05e0x2d7d...b05evoted for
46.35K
0x8b33...37420x8b33...3742voted for
25.74K
0x1f3d...05910x1f3d...0591voted for
25.25K
0x035e...17d30x035e...17d3voted for
13.25K
0xf342...33290xf342...3329voted for
12.5K
0x4dc9...865a0x4dc9...865avoted for
12.11K
0xa786...77c60xa786...77c6voted for
11.44K
0x60db...8d770x60db...8d77voted for
10K
0x4aa5...df660x4aa5...df66voted for
8K
0x29a8...de700x29a8...de70voted for
6.15K
0x3335...81e10x3335...81e1voted for
5.79K
0x0291...1b630x0291...1b63voted for
5.4K
0x30c7...c7020x30c7...c702voted for
1.8K
0x179a...92850x179a...9285voted for
1.7K
0x82eb...3dab0x82eb...3dabvoted for
1K
0xac50...c0390xac50...c039voted for
1K
0x8da4...81e40x8da4...81e4voted for
760
0x866b...5eee0x866b...5eeevoted for
569
0x0253...d11a0x0253...d11avoted for
246
0x0579...40480x0579...4048voted for
239
0x168f...74000x168f...7400voted for
131
0x76a6...bbb80x76a6...bbb8voted for
17
0x2748...ac260x2748...ac26voted for
5
0x0151...c3b90x0151...c3b9voted for
2
0x0579...ca090x0579...ca09voted for
2
0x06c4...66a20x06c4...66a2voted for
2
0x2df2...b98a0x2df2...b98avoted for
2
0x3d36...50a80x3d36...50a8voted for
1
0x2f2f...f78a0x2f2f...f78avoted for
1
0x2917...13390x2917...1339voted for
1
0x3fb1...4c8a0x3fb1...4c8avoted for
1
0x69e2...1ddf0x69e2...1ddfvoted for
1
0xb792...89d70xb792...89d7voted for
1
0x23c4...faa70x23c4...faa7voted for
1
0x0057...15c80x0057...15c8voted for
0
0xd8de...ae410xd8de...ae41voted for
0
0x3307...42ca0x3307...42cavoted for
0
0x8764...3bd10x8764...3bd1voted for
0
0xd048...819e0xd048...819evoted for
0
0x62f3...b9840x62f3...b984voted for
0
0xec49...1bc30xec49...1bc3voted for
0
I vote FOR