getEnsAddress throws IntegerOutOfRangeError for offchain DNS names when coinType is specified

[Dhaiwat10]

Hey! I'm Dhaiwat from the DevRel team at ENS Labs. We're running ENSv2 readiness tests across the ecosystem and found this bug.

Description

getEnsAddress throws an IntegerOutOfRangeError when resolving offchain DNS names (e.g. pokersback.com) with an explicit coinType parameter. Omitting coinType works fine. Onchain names, onchain DNS names, and offchain .eth names are all unaffected.

Reproduction

import { createPublicClient, http } from 'viem'
import { mainnet } from 'viem/chains'

const client = createPublicClient({
  chain: mainnet,
  transport: http(),
})

// ❌ Throws IntegerOutOfRangeError
await client.getEnsAddress({ name: 'pokersback.com', coinType: 60n })

// ✅ Works — same name without coinType
await client.getEnsAddress({ name: 'pokersback.com' })

// ✅ Works — offchain .eth with coinType
await client.getEnsAddress({ name: 'test.offchaindemo.eth', coinType: 60n })

// ✅ Works — onchain DNS with coinType
await client.getEnsAddress({ name: 'ensfairy.xyz', coinType: 60n })

// ✅ Works — onchain .eth with coinType
await client.getEnsAddress({ name: 'vitalik.eth', coinType: 60n })

Affected

Name type	coinType omitted	coinType: 60n
Onchain .eth	✅	✅
Onchain DNS (e.g. ensfairy.xyz)	✅	✅
Offchain .eth (e.g. test.offchaindemo.eth)	✅	✅
Offchain DNS (e.g. pokersback.com)	✅	❌

Error

IntegerOutOfRangeError: Number "475411618940684652382658899876961866559843549903n"
is not in safe integer range (-9007199254740991 to 9007199254740991)

  at hexToNumber (src/utils/encoding/fromHex.ts:218)
  at bytesToNumber (src/utils/encoding/fromBytes.ts:190)
  at decodeBytes (src/utils/abi/decodeAbiParameters.ts:240)
  at decodeFunctionResult (src/utils/abi/decodeFunctionResult.ts:160)
  at getEnsAddress (src/actions/ens/getEnsAddress.ts:170)

Cause

When coinType is provided, getEnsAddress encodes addr(bytes32, uint256) which returns bytes instead of address. For offchain DNS names, the CCIP-Read callback returns data where decodeBytes calls bytesToNumber to read the ABI byte offset, but a large value in the return data overflows Number.MAX_SAFE_INTEGER.

Version

viem@2.47.10

[ndavd]

The offchain DNS resolver for pokersback.com seems to be returning the data encoded as address instead of bytes.

The call is returning:

[
  "0x000000000000000000000000534631bcf33bdb069fb20a93d2fdb9e4d4dd42cf",
  "0xF142B308cF687d4358410a4cB885513b30A42025"
]

When it should be returning:

[
  "0x00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000014534631bcf33bdb069fb20a93d2fdb9e4d4dd42cf000000000000000000000000",
  "0xF142B308cF687d4358410a4cB885513b30A42025"
]

I can submit a patch if @jxom agrees, but I think it's up to the resolver to fix their implementation.

[Dhaiwat10]

oh interesting, let me have a look @ndavd thanks for catching this