Zero Name Service (ZNS)

Summary

This report outlines the audit of the Zero Name Service (ZNS) protocol by Quantstamp. Zero Name Service offers a decentralized naming system on the Ethereum mainnet that grants human-readable names to entities. ZNS allows users to link their blockchain wallets, smart contracts, or on-chain data to their chosen name. The ZNS protocol allows users to register domains using either staking tokens or direct payment, as determined by the domain owner. The domain's pricing is set by a pricer contract designated by the domain owner. Furthermore, the domain owner can also specify an address resolver to correctly map the subdomain to its associated address. The audit identified a total of 18 findings. The audit highlighted issues such as domain impersonation because of inadequate label validation (ZNS-1) and domain spoofing due to the absence of on-chain label normalization (ZNS-2). Furthermore, the protocol risks fund insolvency due to potential token incompatibility (ZNS-3), and flaws in pricing calculations could lead to unexpected domain costs for users (ZNS-4). We found the test coverage to be extensive and high quality, but we recommend adding a test case for each high and medium issue identified in this report to verify the fixes. Additionally, we advise the client to update all documentation to align with the latest ZNS implementation and to address or consider all the findings provided in this report. **Fix Review**: The client addressed all issues from ZNS-1 to ZNS-18, implementing necessary fixes or providing detailed explanations for acknowledgments. For domain impersonation and spoofing issues (ZNS-1 and ZNS-2), strict label validation was added, limiting characters to a-z, 0-9, and hyphens. The protocol risk of fund insolvency due to potential token incompatibility (ZNS-3) was acknowledged, with explanations and updated user documentation highlighting the associated risks. Additionally, the flaws in pricing calculations (ZNS-4) were corrected. The client also provided test cases for each fix to ensure the effectiveness of the fixes.