Back to Overview
a penguin wearing sunglasses

StarkNetID auto-renewal explainer

December 21, 2023

StarkNet ID recently launched a subscription feature for users. An auto-renewal contract has been implemented that facilitates the renewal of a user’s domain. This article explains the core functionality of this subscription feature, which we reviewed in our smart contract audit.

TLDR: Are my ETH approved for the contract safe from privileged roles?

Yes. The smart contracts are designed to prevent unauthorized ETH transfers from users’ accounts, despite the granted token allowance.

An admin oversees this Auto-Renewal contract, and a renewer is responsible for triggering the renewals under the user-specified limiting price and allowance.

The most significant potential risk is the admin raising the domain price on the naming contract to the upper limit, the user’s specified limiting price. However, the admin cannot spend more than the limiting price on behalf of the user annually even if there is sufficient allowance.

Technical explainer: what happens when adding a subscription?

To add a subscription, users need to interact with two contracts:

1 – Auto-Renewal Contract: users create a spending flow (enable_renewals()) which specifies a limiting price that the user is willing to pay for the yearly subscription.

2 – StarkGate ETH Contract: users need to authorize (approve()) the Auto-Renewal contract with sufficient ETH allowance to cover the annual subscription cost.

Note that both the limiting price and the allowance restrict the ETH expenditure for the renewal. The renewal will fail under any of the two circumstances:

1 – If the domain cost rises above the limiting price, the following check will fail.

let total_price = domain_price + tax_price;
assert(allowance >= total_price, 'Renewal allowance insufficient');

2 – If the token allowance is exhausted, the call to StarkGate ETH transferFrom() will revert.

// Transfer allowance (including tax), will be canceled if the tx fails
IERC20CamelDispatcher { contract_address: erc20 }
.transferFrom(renewer, contract, total_price);

For instance, for a 10-year subscription, users should allocate at least 10 x (domain_price + tax_price) allowance to the Auto-Renewal contract. After 10 years, insufficient ETH allowance will cause the subscription to lapse.

Moreover, renewal can only occur under these conditions:

1 – Once per year (with one-day margin).

// 364 because we keep adding one day margin to the existing month,
// if we take more than a day to renew, the margin will shrink.
assert(block_timestamp - last_renewed > 86400_u64 * 364_u64, 'Domain already renewed');

2 – If the domain will expire within a month.

// Check domain is set to expire within a month
let expiry: u64 = INamingDispatcher { contract_address: naming }
   .domain_to_data(array![root_domain].span())
  .expiry;
assert(expiry <= block_timestamp + (86400_u64 * 30_u64), 'Domain not set to expire');

Technical explainer: what happens when terminating a subscription?

Users can terminate the subscription at any time through one of two methods:

  1. Auto-Renewal Contract: users can disable a spending flow (disable_renewals()), setting the limiting price to 0.
  2. StarkGate ETH Contract: users can decrease the allowance to the Auto-Renewal contract to 0 or below the renewal cost via another approve (approve()) call to StarkGate ETH.

Either method will interrupt the renewal process, causing subsequent renewal attempts to fail.

About ChainSecurity

ChainSecurity secures smart contracts since 2017. Our clients comprise blue-chip DeFi protocols, promising new Web3 projects, central banks, and large organizations.

Read our published audit reports.

Book a call to discuss auditing prospects.

Further reading

#StarkNet ID audit report

#StarknetID website