😬Risks

Seller Risks

Namecheap Template Change: If Namecheap alters its email template, the existing emails may no longer be valid for proof generation, even if the off-chain payment has already been made. This could prevent the completion of the on-ramping process. If this happens, governance will try to update the smart contract processors to allow the continued functioning of the protocol.
Namecheap DKIM Key Rotation: If Namecheap updates its DKIM key, the existing emails may no longer be valid for proof generation, even if the off-chain payment has already been made. This could prevent the completion of the on-ramping process. If this happens, governance will try to update the Namecheap key on the smart contract to allow the continued functioning of the protocol.
Buyer initiating refund after transfer has been made: Sellers must monitor if buyer has initiated a refund on their bid. Currently, it will take 24 hours before the buyer can withdraw their ETH. During this period, if you as a seller has transferred the domain to the buyer, you should cancel the transfer if the buyer has not accepted. If the buyer has already accepted the domain, then simply generate the proof to unlock the buyers ETH before the 24 hour period has elapsed

Namecheap ID Exposure: Buyers, by making a bid, reveal their Namecheap ID to the seller. For those concerned about privacy, it is recommended to use a wallet that does not hold a large amount of assets.
Governance-Controlled Public Key: The protocol's governance can update the public key associated with Namecheap. If the new key is under their control, they could potentially forge emails and TLS sessions, sign them, produce proofs, and access all ETH deposited in the protocol. Initially, governance will consist of a multisig and will be decentralized in the future.

Last updated 3 months ago

Namecheap Template Change: If Namecheap alters its email template, the existing emails may no longer be valid for proof generation, even if the off-chain payment has already been made. This could prevent the completion of the on-ramping process. If this happens, governance will try to update the smart contract processors to allow the continued functioning of the protocol.
Namecheap DKIM Key Rotation: If Namecheap updates its DKIM key, the existing emails may no longer be valid for proof generation, even if the off-chain payment has already been made. This could prevent the completion of the on-ramping process. If this happens, governance will try to update the Namecheap key on the smart contract to allow the continued functioning of the protocol.
Buyer initiating refund after transfer has been made: Sellers must monitor if buyer has initiated a refund on their bid. Currently, it will take 24 hours before the buyer can withdraw their ETH. During this period, if you as a seller has transferred the domain to the buyer, you should cancel the transfer if the buyer has not accepted. If the buyer has already accepted the domain, then simply generate the proof to unlock the buyers ETH before the 24 hour period has elapsed

Namecheap ID Exposure: Buyers, by making a bid, reveal their Namecheap ID to the seller. For those concerned about privacy, it is recommended to use a wallet that does not hold a large amount of assets.
Governance-Controlled Public Key: The protocol's governance can update the public key associated with Namecheap. If the new key is under their control, they could potentially forge emails and TLS sessions, sign them, produce proofs, and access all ETH deposited in the protocol. Initially, governance will consist of a multisig and will be decentralized in the future.

Last updated 3 months ago