nice writeup , thanks for sharing
I have a question : so if the next_check() checks (verify) the cname record every time (when function called) and if it matches "hashnode.network" it will prevent this attack ?
and the cause of this vulnerability is because hashnode only verifies the cname record once , only when it is adding to the db, , am I correct?🤔