Skip to content

Update Address Validation and Metadata Descriptions in Contracts #143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
RogerPodacter merged 1 commit into from
Nov 12, 2025
Merged

Update Address Validation and Metadata Descriptions in Contracts #143

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion app/models/erc721_ethscriptions_collection_parser.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -508,7 +508,7 @@ def validate_bytes32(value, field_name)
end

def validate_address(value, field_name)
unless value.is_a?(String) && value.match?(/\A0x[0-9a-f]{40}\z/)
unless value.is_a?(String) && value.match?(/\A0x[0-9a-f]{40}\z/i)
Copy link

@cursor cursor bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Inconsistent Case Sensitivity Bypasses Validation

The validate_address method now accepts case-insensitive addresses via the /i regex flag, but the zero address check on line 515 uses a case-sensitive string comparison. This allows uppercase or mixed-case variants of the zero address (like 0x0000000000000000000000000000000000000000 with capital letters) to bypass the zero address validation, even though they represent the same address. The check needs to compare the downcased value or normalize before comparing.

Fix in Cursor Fix in Web

raise ValidationError, "Invalid address for #{field_name}: #{value}"
end

Expand Down
10 changes: 5 additions & 5 deletions contracts/src/NameRegistry.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,7 @@ contract NameRegistry is ERC721EthscriptionsEnumerableUpgradeable, IProtocolHand
bytes memory json = abi.encodePacked(
'{"name":"',
name.escapeJSON(),
'","description":"Dotless word domain"',
'","description":"An Ethscriptions name"',
',"ethscription_id":"',
ethscriptionIdHex,
'","ethscription_number":',
Expand All @@ -207,9 +207,9 @@ contract NameRegistry is ERC721EthscriptionsEnumerableUpgradeable, IProtocolHand
'":"',
mediaUri,
'","attributes":[',
'{"trait_type":"Name","value":"',
name.escapeJSON(),
'"}',
'{"trait_type":"Length","value":',
bytes(name).length.toString(),
',"display_type":"number"}',
']}'
);

Expand All @@ -223,7 +223,7 @@ contract NameRegistry is ERC721EthscriptionsEnumerableUpgradeable, IProtocolHand
'data:application/json;base64,',
Base64.encode(bytes(
'{"name":"Word Domains Registry",'
'"description":"On-chain word domain name system for Ethscriptions. Register unique, dotless domain names as NFTs.",'
'"description":"On-chain name system for Ethscriptions. Allowed characters: a-z, 0-9, and _ (underscore). Max length: 30 characters.",'
'"image":"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTAwIiBoZWlnaHQ9IjUwMCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj48cmVjdCB3aWR0aD0iNTAwIiBoZWlnaHQ9IjUwMCIgZmlsbD0iIzEwMTAxMCIvPjx0ZXh0IHg9IjI1MCIgeT0iMjUwIiBmb250LXNpemU9IjgwIiBmb250LWZhbWlseT0ibW9ub3NwYWNlIiB0ZXh0LWFuY2hvcj0ibWlkZGxlIiBmaWxsPSIjMDBmZjAwIj5bTkFNRVNdPC90ZXh0Pjwvc3ZnPg==",'
'"external_link":"https://ethscriptions.com"}'
))
Expand Down
Loading