Skip to content

Commit

Permalink
Merge pull request #53 from starknet-id/fix/user_could_buy_empty_domain
Browse files Browse the repository at this point in the history
fix: user could buy empty domain
  • Loading branch information
Th0rgal authored May 28, 2024
2 parents ae4f0f9 + a764a4d commit 052aabe
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 0 deletions.
2 changes: 2 additions & 0 deletions src/naming/main.cairo
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,7 @@ mod Naming {
let (hashed_domain, now, expiry) = self.assert_purchase_is_possible(id, domain, days);
// we need a u256 to be able to perform safe divisions
let domain_len = self.get_chars_len(domain.into());
assert(domain_len != 0, 'domain can\' be empty');
// find domain cost
let (erc20, price) = IPricingDispatcher {
contract_address: self._pricing_contract.read()
Expand Down Expand Up @@ -306,6 +307,7 @@ mod Naming {
let (hashed_domain, now, expiry) = self.assert_purchase_is_possible(id, domain, days);
// we need a u256 to be able to perform safe divisions
let domain_len = self.get_chars_len(domain.into());
assert(domain_len != 0, 'domain can\' be empty');

// check quote timestamp is still valid
assert(get_block_timestamp() <= max_validity, 'quotation expired');
Expand Down
26 changes: 26 additions & 0 deletions src/tests/naming/test_abuses.cairo
Original file line number Diff line number Diff line change
Expand Up @@ -298,3 +298,29 @@ fn test_use_reset_subdomains() {
naming.transfer_domain(subsubdomain2, 4);
}

#[test]
#[available_gas(2000000000)]
#[should_panic(expected: ('domain can\' be empty', 'ENTRYPOINT_FAILED'))]
fn test_buy_empty_domain() {
// setup
let (eth, pricing, identity, naming) = deploy();
let alpha = contract_address_const::<0x123>();

// we mint the id
set_contract_address(alpha);
identity.mint(1);

set_contract_address(alpha);
let empty_domain: felt252 = 0;

// we check how much a domain costs
let (_, price) = pricing.compute_buy_price(0, 365);

// we allow the naming to take our money
eth.approve(naming.contract_address, price);

// we buy with no resolver, no sponsor, no discount and empty metadata
naming
.buy(1, empty_domain, 365, ContractAddressZeroable::zero(), ContractAddressZeroable::zero(), 0, 0);
}

0 comments on commit 052aabe

Please sign in to comment.