Pith. sign in

REVIEW

Ethereum Name Service: the Good, the Bad, and the Ugly

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 2104.05185 v1 pith:5SYHG267 submitted 2021-04-12 cs.CR

Ethereum Name Service: the Good, the Bad, and the Ugly

classification cs.CR
keywords nameissuesservicesystemblockchainnamessecuritycommunity
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

DNS has always been criticized for its inherent design flaws, making the system vulnerable to kinds of attacks. Besides, DNS domain names are not fully controlled by the users, which can be easily taken down by the authorities and registrars. Since blockchain has its unique properties like immutability and decentralization, it seems to be promising to build a decentralized name service on blockchain. Ethereum Name Service (ENS), as a novel name service built atop Etheruem, has received great attention from the community. Yet, no existing work has systematically studied this emerging system, especially the security issues and misbehaviors in ENS. To fill the void, we present the first large-scale study of ENS by collecting and analyzing millions of event logs related to ENS. We characterize the ENS system from a number of perspectives. Our findings suggest that ENS is showing gradually popularity during its four years' evolution, mainly due to its distributed and open nature that ENS domain names can be set to any kinds of records, even censored and malicious contents. We have identified several security issues and misbehaviors including traditional DNS security issues and new issues introduced by ENS smart contracts. Attackers are abusing the system with thousands of squatting ENS names, a number of scam blockchain addresses and malicious websites, etc. Our exploration suggests that our community should invest more effort into the detection and mitigation of issues in Blockchain-based Name Services towards building an open and trustworthy name service.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.