Releases: lexansoft/etherid.org
Fixed contract problems
- Jun 19, 2016 the "Unchecked-Send" Bug was discovered in the EtherID contract. I immediately put a warning message on the front page asking people not to register new domains until the problem is solved.
The bug was quite severe and it is what theDAO contract also suffers. You can read more about the problem here: http://hackingdistributed.com/2016/06/16/scanning-live-ethereum-contracts-for-bugs/ - At the moment when the bug was discovered, the EtherID DB had 32301 domains registered.
- The Ethereum blockchain is immutable by its nature, so there is no way you can update a contract. The only thing you can do is to create a new fixed contract and copy the DB into the new contract.
- Fixing the contract. The actual fixing the contract was quite simple. The contracts has to check the return code after every call of the send() function. If the function returns 0 that means the funds were not transferred and the operation should be canceled.
- Fixing, another minor bug. Some time ago another minor bug was discovered. The contract allowed creating domain with 0 name. It was not a big problem, but it created some trouble for enumerating the domains, since the 0 domain signals the end of the linked list. Because of this bug, the enumerating process had to distinguish between the registered 0 domain and the 0 domain at the end of the list. Since I update the contract anyway, I also put the code to preven registering 0 domain in the future.
- I register the new fixed EtherID contract. The new address of the contract is 0xd588b586d61c826a0e87919b3d1a239206d58bf2. I also verified the contract code on the etherscan.io: https://etherscan.io/address/0xd588b586d61c826a0e87919b3d1a239206d58bf2#code
- Then I had to move all the data into the new contract. In the new contract I added this code:
//****************************************************************************
//*** SPECIAL CODE FOR TRANSFERING FIRST 32301 DOMAINS INTO THE NEW CONTRACT
if( msg.sender == contract_owner && n_domains < 32301 && transfer != 0 ) {
d.owner = transfer; // immediately transfer the ownership to the old owner
d.transfer = 0;
}
//****************************************************************************
The meaning of this code is simple. The owner of the contract can register a domain and directly transfer it to some other ethereum address. Please note, that it is only possible for the first 32301 records. As soon as all of those domains are transfered, the owner of the contract loses this ability and does not have any special control on the EtherID records.
I created a script transferfirst32301domains.html to load the domain records. the script is simple, it calls the contract in a cycle, registers all the domains from the list, and immediately transfers the ownership to the old owner.
Some notes:
Only the domain records are transferred into the new contract. The owners of the domains should re-register all the ID's in their domains.
The NPM module etherid-js was updated to the new contract. Please update it to version 2.0.0
The transferring of the data was quite costly ;( The one contract call costs about 0.003 ETH, but when you multiply it by 32K you get about 100 ETH. ;(
The EtherID project is important for many people. I do believe we need to have a lightweight name registrar where anyone can store some parameters. I also like to see that the EtherID project is used as a point of reference. We are all learning this new technology and I am glad that EtherID project helps others to understand better how Ethereum works. I hope this contract fixing will also be some learning experience for us all.
If you feel to support this project, please donate to the contract owner address: 0x1a88c052fc7a8401e00b2f76f96ac62a19427731 Any help would be appreciated.
Thank you.