Beranames - Beranames Name Service (BNS) Contracts v2 - Beranames

Prepared by:

HALBORN

Last Updated 09/14/2025

Date of Engagement: November 26th, 2024 - December 12th, 2024

Summary

100% of all REPORTED Findings have been addressed

All findings

Critical

High

Medium

Low

Informational

1. Introduction
2. Assessment summary
3. Test approach and methodology
4. Risk methodology
5. Scope
6. Assessment summary & findings overview
7. Findings & Tech Details

7.1 Total price miscalculation due to rounding error
7.2 Incomplete payload validation in whitelist register
7.3 Discount discrepancy in renewal and registration pricing
7.4 Incorrect assignment of reverse record ownership
7.5 Insufficient signature validation
7.6 Bid submission permitted during paused contract state
7.7 Lack of name normalization in input handling
7.8 Potential misconfiguration of reserve price in auction setup
7.9 Potential ineffectiveness in bid increment validation
7.10 Inadequate validation of utf-8 encoding in character length calculation
7.11 Unchecked launch time in registrar
7.12 Missing validation for initial time buffer configuration
7.13 Potential overflow in price conversion due to silent truncation
7.14 Inefficient removal of reserved names from the list
7.15 Inefficient handling of duplicate name reservations
7.16 Unsafe index handling in hexadecimal parsing
7.17 Incomplete length validation in hexadecimal parsing
7.18 Suboptimal gas usage due to post-increment in loops
7.19 Inefficient array allocation in settlement retrieval functions
7.20 Inclusion of uninitialized settlement data in results
7.21 Inclusion of unsettled auctions in settlement results
7.22 Inconsistent handling of uninitialized auction data
7.23 Inconsistent array lengths in data processing
7.24 Inconsistent use of encoding methods for keccak256 hash calculation
7.25 Improper validation of return data
7.26 Validation gaps in delegate approval process
7.27 Missing protection against potential reentrancy attacks
7.28 Registry ownership transfer allows divergence from nft ownership
7.29 Improper handling of odd-length hex strings
7.30 Asymmetry in event emission for eth transfers
7.31 Lack of zero address check
7.32 Potential issue with casting msg.value to uint128 in auction contract
7.33 Missing validation for start and end ids in settlement retrieval
7.34 Lack of range validation in settlement retrieval functions
7.35 Unbounded recursion in hash calculation
7.36 Bounds validation required for safe array access
7.37 Validation required for encrypted data integrity
7.38 Unused functions
7.39 Redundant code
7.40 Potential inconsistent state validation for nft transfers
7.41 Lack of error transparency in delegatecall failures
7.42 Index validation missing when removing reserved names

1. Introduction

Beranames engaged Halborn to conduct a security assessment on their smart contracts beginning on November 26th, 2024 and ending on December 12th, 2024. The security assessment was scoped to smart contracts in the GitHub repository provided to the Halborn team. Commit hashes and further details can be found in the Scope section of this report.

2. Assessment Summary

The team at Halborn assigned a full-time security engineer to assess the security of the smart contracts. The security engineer is a blockchain and smart-contract security expert with advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.

The purpose of this assessment is to:

Ensure that smart contract functions operate as intended.
Identify potential security issues with the smart contracts.

In summary, Halborn identified some improvements to reduce the likelihood and impact of risks, which were mostly addressed by the Beranames team. The main ones were the following:

Modify the price calculation formula to ensure that the total price reflects the actual duration of the domain rental.
Ensure that all fields in the register request struct are included in the payload used for signature validation.
Include the discount in the price calculation during the name renewal.
Ensure that the correct owner is passed when setting reverse record.
Use OpenZeppelin's ECDSA library to handle signature unpacking and validation.
Include the 'whenNotPaused' modifier to ensure that bidding is disabled when the contract is paused.
Normalize all input names by converting them to a consistent format before processing.

3. Test Approach and Methodology

Halborn performed a combination of manual review of the code and automated security testing to balance efficiency, timeliness, practicality, and accuracy in regard to the scope of the smart contract assessment. While manual testing is recommended to uncover flaws in logic, process, and implementation; automated testing techniques help enhance coverage of smart contracts and can quickly identify items that do not follow security best practices. The following phases and associated tools were used throughout the term of the assessment:

Research into the architecture, purpose, and use of the platform.
Smart contract manual code review and walkthrough to identify any logic issue.
Thorough assessment of safety and usage of critical Solidity variables and functions in scope that could lead to arithmetic related vulnerabilities.
Manual testing by custom scripts.
Graphing out functionality and contract logic/connectivity/functions (solgraph).
Static Analysis of security for scoped contract, and imported functions. (Slither).
Local or public testnet deployment (Foundry, Remix IDE).

4. RISK METHODOLOGY

Every vulnerability and issue observed by Halborn is ranked based on two sets of Metrics and a Severity Coefficient. This system is inspired by the industry standard Common Vulnerability Scoring System.

The two Metric sets are: Exploitability and Impact. Exploitability captures the ease and technical means by which vulnerabilities can be exploited and Impact describes the consequences of a successful exploit.

The Severity Coefficients is designed to further refine the accuracy of the ranking with two factors: Reversibility and Scope. These capture the impact of the vulnerability on the environment as well as the number of users and smart contracts affected.

The final score is a value between 0-10 rounded up to 1 decimal place and 10 corresponding to the highest security risk. This provides an objective and accurate rating of the severity of security vulnerabilities in smart contracts.

The system is designed to assist in identifying and prioritizing vulnerabilities based on their level of risk to address the most critical issues in a timely manner.

4.1 EXPLOITABILITY

Attack Origin (AO):

Captures whether the attack requires compromising a specific account.

Attack Cost (AC):

Captures the cost of exploiting the vulnerability incurred by the attacker relative to sending a single transaction on the relevant blockchain. Includes but is not limited to financial and computational cost.

Attack Complexity (AX):

Describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Includes but is not limited to macro situation, available third-party liquidity and regulatory challenges.

Metrics:

EXPLOITABILITY METRIC ( $m_e$ )	METRIC VALUE	NUMERICAL VALUE
Attack Origin (AO)	Arbitrary (AO:A) Specific (AO:S)	1 0.2
Attack Cost (AC)	Low (AC:L) Medium (AC:M) High (AC:H)	1 0.67 0.33
Attack Complexity (AX)	Low (AX:L) Medium (AX:M) High (AX:H)	1 0.67 0.33

Exploitability

E

is calculated using the following formula:

$E = \prod m_e$

4.2 IMPACT

Confidentiality (C):

Measures the impact to the confidentiality of the information resources managed by the contract due to a successfully exploited vulnerability. Confidentiality refers to limiting access to authorized users only.

Integrity (I):

Measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of data stored and/or processed on-chain. Integrity impact directly affecting Deposit or Yield records is excluded.

Availability (A):

Measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. This metric refers to smart contract features and functionality, not state. Availability impact directly affecting Deposit or Yield is excluded.

Deposit (D):

Measures the impact to the deposits made to the contract by either users or owners.

Yield (Y):

Measures the impact to the yield generated by the contract for either users or owners.

Metrics:

IMPACT METRIC ( $m_I$ )	METRIC VALUE	NUMERICAL VALUE
Confidentiality (C)	None (C:N) Low (C:L) Medium (C:M) High (C:H) Critical (C:C)	0 0.25 0.5 0.75 1
Integrity (I)	None (I:N) Low (I:L) Medium (I:M) High (I:H) Critical (I:C)	0 0.25 0.5 0.75 1
Availability (A)	None (A:N) Low (A:L) Medium (A:M) High (A:H) Critical (A:C)	0 0.25 0.5 0.75 1
Deposit (D)	None (D:N) Low (D:L) Medium (D:M) High (D:H) Critical (D:C)	0 0.25 0.5 0.75 1
Yield (Y)	None (Y:N) Low (Y:L) Medium (Y:M) High (Y:H) Critical (Y:C)	0 0.25 0.5 0.75 1

Impact

I

is calculated using the following formula:

$I = max(m_I) + \frac{\sum{m_I} - max(m_I)}{4}$

4.3 SEVERITY COEFFICIENT

Reversibility (R):

Describes the share of the exploited vulnerability effects that can be reversed. For upgradeable contracts, assume the contract private key is available.

Scope (S):

Captures whether a vulnerability in one vulnerable contract impacts resources in other contracts.

Metrics:

SEVERITY COEFFICIENT ( $C$ )	COEFFICIENT VALUE	NUMERICAL VALUE
Reversibility ( $r$ )	None (R:N) Partial (R:P) Full (R:F)	1 0.5 0.25
Scope ( $s$ )	Changed (S:C) Unchanged (S:U)	1.25 1

Severity Coefficient

C

is obtained by the following product:

$C = rs$

The Vulnerability Severity Score

S

is obtained by:

$S = min(10, EIC * 10)$

The score is rounded up to 1 decimal places.

Severity	Score Value Range
Critical	9 - 10
High	7 - 8.9
Medium	4.5 - 6.9
Low	2 - 4.4
Informational	0 - 1.9

5. SCOPE

REPOSITORY

(a) Repository: beranames-contracts-v2

(b) Assessed Commit ID: 80f21df

src/auction/interfaces/IBeraAuctionHouse.sol
src/auction/interfaces/IWETH.sol
src/auction/BeraAuctionHouse.sol

↓ Expand ↓

Out-of-Scope: Third party dependencies and economic attacks.

Out-of-Scope: New features/implementations after the remediation commit IDs.

6. Assessment Summary & Findings Overview

Critical

High

Medium

Low

Informational

Security analysis	Risk level	Remediation Date
Total price miscalculation due to rounding error	Critical	Solved - 12/11/2024
Incomplete payload validation in whitelist register	Critical	Solved - 12/16/2024
Discount discrepancy in renewal and registration pricing	High	Solved - 12/15/2024
Incorrect assignment of reverse record ownership	High	Solved - 12/16/2024
Insufficient signature validation	Medium	Solved - 12/16/2024
Bid submission permitted during paused contract state	Medium	Solved - 12/11/2024
Lack of name normalization in input handling	Medium	Risk Accepted - 12/17/2024
Potential misconfiguration of reserve price in auction setup	Low	Solved - 12/11/2024
Potential ineffectiveness in bid increment validation	Low	Risk Accepted - 12/17/2024
Inadequate validation of UTF-8 encoding in character length calculation	Low	Solved - 01/01/2025
Unchecked launch time in registrar	Low	Solved - 12/11/2024
Missing validation for initial time buffer configuration	Low	Solved - 12/11/2024
Potential overflow in price conversion due to silent truncation	Low	Solved - 12/19/2024
Inefficient removal of reserved names from the list	Low	Solved - 12/15/2024
Inefficient handling of duplicate name reservations	Low	Solved - 12/15/2024
Unsafe index handling in hexadecimal parsing	Low	Solved - 12/26/2024
Incomplete length validation in hexadecimal parsing	Low	Solved - 12/26/2024
Suboptimal gas usage due to post-increment in loops	Informational	Solved - 12/11/2024
Inefficient array allocation in settlement retrieval functions	Informational	Solved - 01/01/2025
Inclusion of uninitialized settlement data in results	Informational	Solved - 12/19/2024
Inclusion of unsettled auctions in settlement results	Informational	Solved - 12/19/2024
Inconsistent handling of uninitialized auction data	Informational	Solved - 12/19/2024
Inconsistent array lengths in data processing	Informational	Solved - 12/26/2024
Inconsistent use of encoding methods for Keccak256 hash calculation	Informational	Solved - 12/11/2024
Improper validation of return data	Informational	Solved - 01/26/2024
Validation gaps in delegate approval process	Informational	Solved - 01/06/2025
Missing protection against potential reentrancy attacks	Informational	Solved - 12/19/2024
Registry ownership transfer allows divergence from NFT ownership	Informational	Solved - 01/07/2025
Improper handling of odd-length hex strings	Informational	Solved - 12/26/2024
Asymmetry in event emission for ETH transfers	Informational	Solved - 12/11/2024
Lack of zero address check	Informational	Solved - 12/26/2024
Potential issue with casting msg.value to uint128 in auction contract	Informational	Solved - 12/11/2024
Missing validation for start and end IDs in settlement retrieval	Informational	Solved - 12/19/2024
Lack of range validation in settlement retrieval functions	Informational	Solved - 12/19/2024
Unbounded recursion in hash calculation	Informational	Solved - 01/01/2025
Bounds validation required for safe array access	Informational	Solved - 12/26/2024
Validation required for encrypted data integrity	Informational	Solved - 12/26/2024
Unused functions	Informational	Solved - 01/07/2025
Redundant code	Informational	Solved - 12/15/2024
Potential inconsistent state validation for NFT transfers	Informational	Solved - 12/11/2024
Lack of error transparency in delegatecall failures	Informational	Solved - 12/26/2024
Index validation missing when removing reserved names	Informational	Solved - 12/15/2024

7. Findings & Tech Details

7.1 Total price miscalculation due to rounding error

Critical

Description

Proof of Concept

BVSS

AO:A/AC:L/AX:L/R:N/S:U/C:N/A:N/I:H/D:H/Y:N (9.4)

Recommendation

Remediation Comment

7.2 Incomplete payload validation in whitelist register

Critical

Description

Proof of Concept

BVSS

AO:A/AC:L/AX:L/R:N/S:U/C:N/A:H/I:H/D:N/Y:N (9.4)

Recommendation

Remediation Comment

7.3 Discount discrepancy in renewal and registration pricing

High

Description

Proof of Concept

BVSS

AO:A/AC:L/AX:L/R:N/S:U/C:N/A:N/I:N/D:H/Y:N (7.5)

Recommendation

Remediation Comment

7.4 Incorrect assignment of reverse record ownership

High

Description

Proof of Concept

BVSS

AO:A/AC:L/AX:L/R:N/S:U/C:N/A:N/I:H/D:N/Y:N (7.5)

Recommendation

Remediation Comment

7.5 Insufficient signature validation

Medium

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:N/I:H/D:H/Y:N (6.3)

Recommendation

Remediation Comment

7.6 Bid submission permitted during paused contract state

Medium

Description

BVSS

AO:A/AC:L/AX:L/R:N/S:U/C:N/A:N/I:M/D:M/Y:N (6.3)

Recommendation

Remediation Comment

7.7 Lack of name normalization in input handling

Medium

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:N/I:H/D:H/Y:N (6.3)

Recommendation

Remediation Comment

7.8 Potential misconfiguration of reserve price in auction setup

Low

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:N/I:M/D:M/Y:N (4.2)

Recommendation

Remediation Comment

7.9 Potential ineffectiveness in bid increment validation

Low

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:N/I:M/D:M/Y:N (4.2)

Recommendation

Remediation Comment

7.10 Inadequate validation of UTF-8 encoding in character length calculation

Low

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:N/I:M/D:M/Y:N (4.2)

Recommendation

Remediation Comment

7.11 Unchecked launch time in registrar

Low

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:N/I:M/D:N/Y:N (3.4)

Recommendation

Remediation Comment

7.12 Missing validation for initial time buffer configuration

Low

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:N/I:M/D:N/Y:N (3.4)

Recommendation

Remediation Comment

7.13 Potential overflow in price conversion due to silent truncation

Low

Description

BVSS

AO:A/AC:M/AX:M/R:N/S:U/C:N/A:N/I:H/D:N/Y:N (3.4)

Recommendation

Remediation Comment

7.14 Inefficient removal of reserved names from the list

Low

Description

BVSS

AO:A/AC:L/AX:L/R:N/S:U/C:N/A:N/I:N/D:L/Y:N (2.5)

Recommendation

Remediation Comment

7.15 Inefficient handling of duplicate name reservations

Low

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:N/I:L/D:L/Y:N (2.1)

Recommendation

Remediation Comment

7.16 Unsafe index handling in hexadecimal parsing

Low

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:L/I:L/D:N/Y:N (2.1)

Recommendation

Remediation Comment

7.17 Incomplete length validation in hexadecimal parsing

Low

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:L/I:L/D:N/Y:N (2.1)

Recommendation

Remediation Comment

7.18 Suboptimal gas usage due to post-increment in loops

Informational

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:N/I:N/D:L/Y:N (1.7)

Recommendation

Remediation Comment

7.19 Inefficient array allocation in settlement retrieval functions

Informational

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:N/I:N/D:L/Y:N (1.7)

Recommendation

Remediation Comment

7.20 Inclusion of uninitialized settlement data in results

Informational

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:N/I:L/D:N/Y:N (1.7)

Recommendation

Remediation Comment

7.21 Inclusion of unsettled auctions in settlement results

Informational

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:N/I:L/D:N/Y:N (1.7)

Recommendation

Remediation Comment

7.22 Inconsistent handling of uninitialized auction data

Informational

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:N/I:L/D:N/Y:N (1.7)

Recommendation

Remediation Comment

7.23 Inconsistent array lengths in data processing

Informational

Description

BVSS

AO:A/AC:L/AX:M/R:N/S:U/C:N/A:L/I:N/D:N/Y:N (1.7)

Recommendation

Remediation Comment

7.24 Inconsistent use of encoding methods for Keccak256 hash calculation

Informational

Description

BVSS

AO:A/AC:L/AX:H/R:N/S:U/C:N/A:N/I:M/D:N/Y:N (1.6)

Recommendation

Remediation Comment

7.25 Improper validation of return data

Informational

Description

BVSS

AO:A/AC:L/AX:H/R:N/S:U/C:N/A:M/I:N/D:N/Y:N (1.6)

Recommendation

Remediation Comment

7.26 Validation gaps in delegate approval process

Informational

Description

BVSS

AO:A/AC:L/AX:H/R:N/S:U/C:N/A:N/I:M/D:N/Y:N (1.6)

Recommendation

Remediation Comment

7.27 Missing protection against potential reentrancy attacks

Informational

Description

BVSS

AO:A/AC:M/AX:H/R:N/S:U/C:N/A:N/I:M/D:N/Y:N (1.1)

Recommendation

Remediation Comment

7.28 Registry ownership transfer allows divergence from NFT ownership

Informational

Description

BVSS

AO:A/AC:L/AX:H/R:P/S:U/C:N/A:N/I:M/D:M/Y:N (1.0)

Recommendation

Remediation Comment

7.29 Improper handling of odd-length hex strings

Informational

Description

BVSS

AO:A/AC:L/AX:H/R:N/S:U/C:N/A:L/I:L/D:N/Y:N (1.0)

Recommendation

Remediation Comment

7.30 Asymmetry in event emission for ETH transfers

Informational

Description

BVSS

AO:A/AC:L/AX:H/R:N/S:U/C:N/A:L/I:N/D:N/Y:N (0.8)

Recommendation

Remediation Comment

7.31 Lack of zero address check

Informational

Description

BVSS

AO:A/AC:L/AX:H/R:N/S:U/C:N/A:N/I:L/D:N/Y:N (0.8)

Recommendation

Remediation Comment

7.32 Potential issue with casting msg.value to uint128 in auction contract

Informational

Description

BVSS

AO:A/AC:H/AX:H/R:N/S:U/C:N/A:N/I:H/D:N/Y:N (0.8)

Recommendation

Remediation Comment

7.33 Missing validation for start and end IDs in settlement retrieval

Informational

Description

BVSS

AO:A/AC:L/AX:H/R:N/S:U/C:N/A:N/I:N/D:L/Y:N (0.8)

Recommendation

Remediation Comment

7.34 Lack of range validation in settlement retrieval functions

Informational

Description

BVSS

AO:A/AC:L/AX:H/R:N/S:U/C:N/A:N/I:N/D:L/Y:N (0.8)

Recommendation

Remediation Comment

7.35 Unbounded recursion in hash calculation

Informational

Description

BVSS

AO:A/AC:L/AX:H/R:N/S:U/C:N/A:L/I:N/D:N/Y:N (0.8)

Recommendation

Remediation Comment

7.36 Bounds validation required for safe array access

Informational

Description

BVSS

AO:A/AC:L/AX:H/R:N/S:U/C:N/A:L/I:N/D:N/Y:N (0.8)

Recommendation

Remediation Comment

7.37 Validation required for encrypted data integrity

Informational

Description

BVSS

AO:A/AC:L/AX:H/R:N/S:U/C:N/A:L/I:N/D:N/Y:N (0.8)

Recommendation

Remediation Comment

7.38 Unused functions

Informational

Description

BVSS

AO:A/AC:H/AX:H/R:N/S:U/C:N/A:L/I:N/D:N/Y:N (0.3)

Recommendation

Remediation Comment

7.39 Redundant code

Informational

Description

BVSS

AO:A/AC:H/AX:H/R:N/S:U/C:N/A:N/I:N/D:L/Y:N (0.3)

Recommendation

Remediation Comment

7.40 Potential inconsistent state validation for NFT transfers

Informational

Description

BVSS

AO:A/AC:H/AX:H/R:N/S:U/C:N/A:N/I:L/D:N/Y:N (0.3)

Recommendation

Remediation Comment

7.41 Lack of error transparency in delegatecall failures

Informational

Description

BVSS

AO:A/AC:H/AX:H/R:N/S:U/C:N/A:N/I:L/D:N/Y:N (0.3)

Recommendation

Remediation Comment

7.42 Index validation missing when removing reserved names

Informational

Description

BVSS

AO:A/AC:L/AX:L/R:N/S:U/C:N/A:N/I:N/D:N/Y:N (0.0)

Recommendation

Remediation Comment

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.

1. Introduction
2. Assessment summary
3. Test approach and methodology
4. Risk methodology
5. Scope
6. Assessment summary & findings overview
7. Findings & Tech Details

7.1 Total price miscalculation due to rounding error
7.2 Incomplete payload validation in whitelist register
7.3 Discount discrepancy in renewal and registration pricing
7.4 Incorrect assignment of reverse record ownership
7.5 Insufficient signature validation
7.6 Bid submission permitted during paused contract state
7.7 Lack of name normalization in input handling
7.8 Potential misconfiguration of reserve price in auction setup
7.9 Potential ineffectiveness in bid increment validation
7.10 Inadequate validation of utf-8 encoding in character length calculation
7.11 Unchecked launch time in registrar
7.12 Missing validation for initial time buffer configuration
7.13 Potential overflow in price conversion due to silent truncation
7.14 Inefficient removal of reserved names from the list
7.15 Inefficient handling of duplicate name reservations
7.16 Unsafe index handling in hexadecimal parsing
7.17 Incomplete length validation in hexadecimal parsing
7.18 Suboptimal gas usage due to post-increment in loops
7.19 Inefficient array allocation in settlement retrieval functions
7.20 Inclusion of uninitialized settlement data in results
7.21 Inclusion of unsettled auctions in settlement results
7.22 Inconsistent handling of uninitialized auction data
7.23 Inconsistent array lengths in data processing
7.24 Inconsistent use of encoding methods for keccak256 hash calculation
7.25 Improper validation of return data
7.26 Validation gaps in delegate approval process
7.27 Missing protection against potential reentrancy attacks
7.28 Registry ownership transfer allows divergence from nft ownership
7.29 Improper handling of odd-length hex strings
7.30 Asymmetry in event emission for eth transfers
7.31 Lack of zero address check
7.32 Potential issue with casting msg.value to uint128 in auction contract
7.33 Missing validation for start and end ids in settlement retrieval
7.34 Lack of range validation in settlement retrieval functions
7.35 Unbounded recursion in hash calculation
7.36 Bounds validation required for safe array access
7.37 Validation required for encrypted data integrity
7.38 Unused functions
7.39 Redundant code
7.40 Potential inconsistent state validation for nft transfers
7.41 Lack of error transparency in delegatecall failures
7.42 Index validation missing when removing reserved names

// Download the full report

Beranames - Beranames Name Service (BNS) Contracts v2

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed