ENS · closed proposal

[EP 6.40] [Executable] Update DNSSEC Algorithm 7

0x76a6…bbb8·ended 57y ago·● LOW RISK

Voters

ENS voted

1346175594641575.50B

≈$6327025294815405.00B

Token price

$4.70

AI summary

This proposal aims to correct an oversight from a previous update to the ENS DNSSEC Oracle. It will update algorithm 7 (RSASHA1-NSEC3-SHA1) to use a patched contract that fixes a security vulnerability related to PKCS#1 v1.5 padding validation. This patched contract is already in use for algorithm 5.

Impact

If this proposal passes, a minor security vulnerability in the ENS DNSSEC Oracle will be closed. While no top-level domains (TLDs) currently use algorithm 7, this change ensures consistency and prevents potential future issues. There are no direct financial implications or changes to token economics.

Read full proposal on Tally ↗

Voting results

For1346175514841575.25B (100.0%)

Against0 (0.0%)

Abstain79800000.00B (0.0%)

1346175594641575.50B ENS · ≈$6327025294815405.00B · 74 votersblock 2026-04-15T09:56:11Z

🐳 Whale votes

0 votes > 5% VP

No whale votes on this proposal.

Full proposal

Original markdown · ENS

[EP 6.40] [Executable] Update DNSSEC Algorithm 7

Abstract

This proposal updates DNSSECImpl's algorithm 7 (RSASHA1-NSEC3-SHA1) to point to the same patched RSASHA1Algorithm contract that already serves algorithm 5. This was inadvertently omitted from the previous proposal which patched algorithms 5, 8, and 13.

Motivation

The ENS deploy script ([10_deploy_oracle.ts](https://github.com/ensdomains/ens-contracts/blob/91c966febd7b55494269df830fc6775f040b927b/deploy/dnssec-oracle/10_deploy_oracle.ts#L64-L6…

📚 Similar past proposals

Finding similar proposals…