August 2025 Audit fixes (#137)

stevieraykatz · web-flow · commit ba6ab360a619 · 2025-08-14T19:04:57.000-07:00
diff --git a/foundry.toml b/foundry.toml
@@ -2,6 +2,7 @@
 src = "src"
 out = "out"
 libs = ["lib"]
+solc_version = "0.8.26"
 remappings = [
     "@ensdomains/buffer/=lib/buffer", 
     "solady/=lib/solady/src/",
diff --git a/src/L2/resolver/AddrResolver.sol b/src/L2/resolver/AddrResolver.sol
@@ -24,12 +24,21 @@ abstract contract AddrResolver is IAddrResolver, IAddressResolver, ResolverBase
     // keccak256(abi.encode(uint256(keccak256("addr.resolver.storage")) - 1)) & ~bytes32(uint256(0xff));
     bytes32 constant ADDR_RESOLVER_STORAGE = 0x1871a91a9a944f867849820431bb11c2d1625edae573523bceb5b38b8b8a7500;
 
+    /// @notice Ethereum chain id.
+    uint32 constant CHAIN_ID_ETH = 1;
+
     /// @notice Ethereum mainnet network-as-cointype.
     uint256 private constant COIN_TYPE_ETH = 60;
 
+    /// @notice EVM default cointype per ENSIP-19.
+    uint256 constant COIN_TYPE_DEFAULT = 1 << 31; // 0x8000_0000
+
     /// @notice Thrown when an invalid bytes length is detected.
     error InvalidBytesLength();
 
+    /// @notice Thrown when setting an invalid EVM address for a valid EVM cointype.
+    error InvalidEVMAddress(bytes a);
+
     /// @notice Sets the address associated with an ENS node.
     ///
     /// @dev May only be called by the owner of that node in the ENS registry.
@@ -46,9 +55,12 @@ abstract contract AddrResolver is IAddrResolver, IAddressResolver, ResolverBase
     /// @param coinType The coinType for this address.
     /// @param a The network-agnostic bytes of the address.
     function setAddr(bytes32 node, uint256 coinType, bytes memory a) public virtual authorized(node) {
+        if (a.length != 0 && a.length != 20 && isEVMCoinType(coinType)) {
+            revert InvalidEVMAddress(a);
+        }
         emit AddressChanged(node, coinType, a);
         if (coinType == COIN_TYPE_ETH) {
-            emit AddrChanged(node, bytesToAddress(a));
+            emit AddrChanged(node, address(bytes20(a)));
         }
         _getAddrResolverStorage().versionable_addresses[_getResolverBaseStorage().recordVersions[node]][node][coinType]
         = a;
@@ -71,14 +83,20 @@ abstract contract AddrResolver is IAddrResolver, IAddressResolver, ResolverBase
 
     /// @notice Returns the address of the `node` for a specified `coinType`.
     ///
-    /// @dev Complies with ENSIP-9 and ENSIP-11.
+    /// @dev Complies with ENSIP-9, ENSIP-11 and ENSIP-19.
+    ///     Will return `default` address if there is no address set for a specific EVM cointype.
     ///
     /// @param node The ENS node to update.
     /// @param coinType The coinType to fetch.
     ///
-    /// @return The address of the specified `node` for the specified `coinType`.
-    function addr(bytes32 node, uint256 coinType) public view virtual override returns (bytes memory) {
-        return _getAddrResolverStorage().versionable_addresses[_getResolverBaseStorage().recordVersions[node]][node][coinType];
+    /// @return addressBytes The address of the specified `node` for the specified `coinType`.
+    function addr(bytes32 node, uint256 coinType) public view virtual override returns (bytes memory addressBytes) {
+        mapping(uint256 coinType => bytes addr) storage addrs =
+            _getAddrResolverStorage().versionable_addresses[_getResolverBaseStorage().recordVersions[node]][node];
+        addressBytes = addrs[coinType];
+        if (addressBytes.length == 0 && chainFromCoinType(coinType) > 0) {
+            addressBytes = addrs[COIN_TYPE_DEFAULT];
+        }
     }
 
     /// @notice ERC-165 compliance.
@@ -103,6 +121,28 @@ abstract contract AddrResolver is IAddrResolver, IAddressResolver, ResolverBase
         }
     }
 
+    /// @notice Fetch the uint32 coinType from an EVM coinType.
+    ///
+    /// @dev Extract Chain ID from `coinType`.
+    ///
+    /// @param coinType The coin type.
+    ///
+    /// @return The Chain ID or 0 if non-EVM Chain.
+    function chainFromCoinType(uint256 coinType) internal pure returns (uint32) {
+        if (coinType == COIN_TYPE_ETH) return CHAIN_ID_ETH;
+        coinType ^= COIN_TYPE_DEFAULT;
+        return uint32(coinType < COIN_TYPE_DEFAULT ? coinType : 0);
+    }
+
+    /// @notice Determine if `coinType` is for an EVM address.
+    ///
+    /// @param coinType The network as a coinType.
+    ///
+    /// @return `true` if coinType represents an EVM address, else `false`.
+    function isEVMCoinType(uint256 coinType) internal pure returns (bool) {
+        return coinType == COIN_TYPE_DEFAULT || chainFromCoinType(coinType) > 0;
+    }
+
     /// @notice EIP-7201 storage pointer fetch helper.
     function _getAddrResolverStorage() internal pure returns (AddrResolverStorage storage $) {
         assembly {
diff --git a/src/lib/SignatureVerifier.sol b/src/lib/SignatureVerifier.sol
@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-pragma solidity 0.8.23;
+pragma solidity ^0.8.23;
 
 import {ECDSA} from "solady/utils/ECDSA.sol";
 
diff --git a/test/L1Resolver/AdminMethods.t.sol b/test/L1Resolver/AdminMethods.t.sol
@@ -1,5 +1,5 @@
 //SPDX-License-Identifier: MIT
-pragma solidity 0.8.23;
+pragma solidity ^0.8.23;
 
 import {Test, console} from "forge-std/Test.sol";
 import {L1ResolverTestBase} from "./L1ResolverBase.t.sol";
diff --git a/test/L1Resolver/Fallback.t.sol b/test/L1Resolver/Fallback.t.sol
@@ -1,5 +1,5 @@
 //SPDX-License-Identifier: MIT
-pragma solidity 0.8.23;
+pragma solidity ^0.8.23;
 
 import {Test, console} from "forge-std/Test.sol";
 import {L1ResolverTestBase} from "./L1ResolverBase.t.sol";
diff --git a/test/L1Resolver/MakeSignatureHash.t.sol b/test/L1Resolver/MakeSignatureHash.t.sol
@@ -1,5 +1,5 @@
 //SPDX-License-Identifier: MIT
-pragma solidity 0.8.23;
+pragma solidity ^0.8.23;
 
 import {Test, console} from "forge-std/Test.sol";
 import {L1ResolverTestBase} from "./L1ResolverBase.t.sol";
diff --git a/test/L1Resolver/Resolve.t.sol b/test/L1Resolver/Resolve.t.sol
@@ -1,5 +1,5 @@
 //SPDX-License-Identifier: MIT
-pragma solidity 0.8.23;
+pragma solidity ^0.8.23;
 
 import {Test, console} from "forge-std/Test.sol";
 import {L1ResolverTestBase} from "./L1ResolverBase.t.sol";
diff --git a/test/L1Resolver/ResolveWithProof.t.sol b/test/L1Resolver/ResolveWithProof.t.sol
@@ -1,5 +1,5 @@
 //SPDX-License-Identifier: MIT
-pragma solidity 0.8.23;
+pragma solidity ^0.8.23;
 
 import {Test, console} from "forge-std/Test.sol";
 import {L1ResolverTestBase} from "./L1ResolverBase.t.sol";
diff --git a/test/L1Resolver/SupportsInterface.t.sol b/test/L1Resolver/SupportsInterface.t.sol
@@ -1,5 +1,5 @@
 //SPDX-License-Identifier: MIT
-pragma solidity 0.8.23;
+pragma solidity ^0.8.23;
 
 import {Test, console} from "forge-std/Test.sol";
 import {L1ResolverTestBase} from "./L1ResolverBase.t.sol";
diff --git a/test/UpgradeableL2Resolver/SetAddr.t.sol b/test/UpgradeableL2Resolver/SetAddr.t.sol
@@ -9,6 +9,7 @@ contract SetAddr is UpgradeableL2ResolverBase {
     uint256 BTC_COINTYPE = 0;
     uint256 ETH_COINTYPE = 60;
     uint256 BASE_COINTYPE = 2147492101;
+    uint256 COIN_TYPE_DEFAULT = 1 << 31; // 0x8000_0000
 
     function test_reverts_forUnauthorizedUser() public {
         vm.expectRevert(abi.encodeWithSelector(ResolverBase.NotAuthorized.selector, node, notUser));
@@ -19,7 +20,14 @@ contract SetAddr is UpgradeableL2ResolverBase {
     function test_reverts_for_invalidAddress() public {
         vm.prank(user);
         vm.expectRevert();
-        resolver.setAddr(node, 60, "");
+        resolver.setAddr(node, 60, "badadd");
+    }
+
+    function test_reverts_whenInvalidEVMAddress() public {
+        bytes memory badAddr = bytes("1234");
+        vm.expectRevert(abi.encodeWithSelector(AddrResolver.InvalidEVMAddress.selector, badAddr));
+        vm.prank(user);
+        resolver.setAddr(node, BASE_COINTYPE, badAddr);
     }
 
     function test_setsAnETHAddress_byDefault(address a) public {
@@ -36,12 +44,36 @@ contract SetAddr is UpgradeableL2ResolverBase {
         assertEq(bytesToAddress(resolver.addr(node, ETH_COINTYPE)), a);
     }
 
+    function test_letsAUserSetZeroAddress_forEthCointype() public {
+        vm.prank(user);
+        resolver.setAddr(node, address(0));
+        assertEq(resolver.addr(node), address(0));
+    }
+
+    function test_letsAUserSetZeroAddress_forEthCointypeWithExplicitCointype() public {
+        vm.prank(user);
+        resolver.setAddr(node, ETH_COINTYPE, bytes(""));
+        assertEq(resolver.addr(node), address(0));
+    }
+
     function test_setsABaseAddress(address a) public {
         vm.prank(user);
         resolver.setAddr(node, BASE_COINTYPE, addressToBytes(a));
         assertEq(bytesToAddress(resolver.addr(node, BASE_COINTYPE)), a);
     }
 
+    function test_setsADefaultAddress(address a) public {
+        vm.prank(user);
+        resolver.setAddr(node, COIN_TYPE_DEFAULT, addressToBytes(a));
+        assertEq(bytesToAddress(resolver.addr(node, COIN_TYPE_DEFAULT)), a);
+    }
+
+    function test_fetchesDefaultForBaseCointype(address a) public {
+        vm.prank(user);
+        resolver.setAddr(node, COIN_TYPE_DEFAULT, addressToBytes(a));
+        assertEq(bytesToAddress(resolver.addr(node, BASE_COINTYPE)), a);
+    }
+
     function test_setsABtcAddress() public {
         bytes memory satoshi = hex"76a91462e907b15cbf27d5425399ebf6f0fb50ebb88f1888ac";
         vm.prank(user);
diff --git a/test/mocks/MockPublicResolver.sol b/test/mocks/MockPublicResolver.sol
@@ -1,5 +1,5 @@
 //SPDX-License-Identifier: MIT
-pragma solidity 0.8.23;
+pragma solidity ^0.8.23;
 
 import {BASE_ETH_NODE} from "src/util/Constants.sol";
 import {ExtendedResolver} from "ens-contracts/resolvers/profiles/ExtendedResolver.sol";
