The Unstoppable Domains protocol allows the creation and management of domains on the Solana blockchain. These can be top-level domains, and can also have second-level domains. Second-level domains are in the form of non-fungible tokens (NFTs) minted to the users. Only one domain name can be in circulation.
Unstoppable Domains engaged Ackee Blockchain Security to perform a security review of Web3 Domains with a total time donation of 13 engineering days in a period between April 1 and April 10, 2025.
A second, fix review was then performed on April 24 2025.
METHODOLOGY
We began our review by understanding the protocol’s design and architecture. During this initial phase, we gathered all available information, including documentation, web page functionality, and project intentions.
In the second phase, we performed a manual review and wrote fuzz tests side by side. This process helped us better understand the project’s source code while implementing the fuzz tests. During the manual review, we dove deeper into the functionality of the code, simultaneously writing proof-of-concept tests to support our thoughts and test the correctness of instructions.
During this phase we paid special attention whether:
- the program logic is implemented as intended;
- all Program Derived Addresses are correctly derived;
- there are no possible access violations;
- the protocol behaves fairly;
- the Cross-Program Invocation is implemented correctly;
- the Token-2022 Transfer Hook follows the standard;
- the architecture fits together; and
- there are no places where the protocol could be misused.
The final stage consisted of writing invariant checks. For fuzz testing, we used the Trident fuzzing framework. The framework is designed for fuzz testing Solana programs written using the Anchor framework. During fuzzing, we identified the L1 issue, where the refund recipient in some of the instructions lacks writable privileges, resulting in situations where instruction execution becomes problematic.
SCOPE
The first audit was performed on commit ab4cecd and the scope was the following:
- Unstoppable Domains Solana Contract, excluding external dependencies
The fix review was performed on commit 844296e.
FINDINGS
The classification of a security finding is determined by two ratings: impact and likelihood. This two-dimensional classification helps clarify the severity of individual issues. Issues which would be rated as medium severity, but which would be likely discovered only by the team, are typically decreased by the likelihood factor to the Warning or Informational severity ratings.
Our review resulted in 9 findings, ranging from Info to Low severity. The most severe finding L1 reveals the possibility of instruction failure due to improper refund recipient writable privileges. All issues have been either fixed or acknowledged by the client.
The second security review was limited to issues found in the first security review and no other code changes were audited.
Critical severity
No critical severity issues were found.
High severity
No critical severity issues were found.
Medium severity
No critical severity issues were found.
Low severity
L1: Insufficient mutability for refund recipient
Warning severity
W1: Second-level domain can be blocked forever
W2: Possibility of losing ProgramAuthority access
W3: Expiration does not sufficiently limit the second-level domain updates
W4: Record values are not fully overwritten
W5: Insufficient top-level domain validation
Informational severity
I1: Unnecessary space allocation for the Tld account
I2: Unnecessary source code
I3: InitSpace macro can be used instead of literal values
TRUST MODEL
The protocol implements, to some extent, a Role-based Access Control (RBAC) mechanism. The roles are:
program authority– apart from the smart contract upgrade authority, this is a role with the highest privileges (e.g. appointing new minters);minter– a role with the ability to mint new second-level domains, update domain metadata, modify the domain expiration, add and remove record before minting a domain.
User must trust:
program authorityto appoint responsible minters.
CONCLUSION
Ackee Blockchain Security recommends Unstoppable Domains to:
- resolve all identified issues;
- improve validation of the top-level domain; and
- reconsider the architecture behind the second-level domain expiration.
Ackee Blockchain Security’s full Unstoppable Domains audit report can be found here.
We were delighted to audit Unstoppable Domains and look forward to working with them again.
