From b24de0088523efc0d8739a22d7836ab3152126d5 Mon Sep 17 00:00:00 2001
From: Rahul Guha <19rahul2003@gmail.com>
Date: Tue, 10 Mar 2026 14:04:19 +0530
Subject: [PATCH 1/2] guard against malformed ENR port values in
 getLocationMultiaddr

---
 packages/enr/src/enr.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/enr/src/enr.ts b/packages/enr/src/enr.ts
index 3a1e216..f1435dc 100644
--- a/packages/enr/src/enr.ts
+++ b/packages/enr/src/enr.ts
@@ -338,7 +338,7 @@ export abstract class BaseENR {
 
     if (isUdp) {
       const protoVal = isIpv6 ? this.kvs.get("udp6") : this.kvs.get("udp");
-      if (!protoVal) {
+      if (!protoVal || protoVal.length < 2) {
         return undefined;
       }
       const protoComponent: Component = {
@@ -350,7 +350,7 @@ export abstract class BaseENR {
     }
     if (isTcp) {
       const protoVal = isIpv6 ? this.kvs.get("tcp6") : this.kvs.get("tcp");
-      if (!protoVal) {
+      if (!protoVal || protoVal.length < 2) {
         return undefined;
       }
       const protoComponent: Component = {
@@ -362,7 +362,7 @@ export abstract class BaseENR {
     }
     if (isQuic) {
       const protoVal = isIpv6 ? this.kvs.get("quic6") : this.kvs.get("quic");
-      if (!protoVal) {
+      if (!protoVal || protoVal.length < 2) {
         return undefined;
       }
       const protoComponent: Component = {

From bb3bc889c110569cd61dbdd11c12667137c27d6b Mon Sep 17 00:00:00 2001
From: Rahul Guha <19rahul2003@gmail.com>
Date: Wed, 11 Mar 2026 14:30:53 +0530
Subject: [PATCH 2/2] add the other checks

---
 packages/enr/src/enr.ts | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/packages/enr/src/enr.ts b/packages/enr/src/enr.ts
index f1435dc..15f4ec1 100644
--- a/packages/enr/src/enr.ts
+++ b/packages/enr/src/enr.ts
@@ -191,6 +191,13 @@ export function getProtocolValue(kvs: ReadonlyMap<ENRKey, ENRValue>, key: string
   return undefined;
 }
 
+function normalizePortBytes(raw: Uint8Array | undefined): Uint8Array | undefined {
+  if (!raw || raw.length === 0 || raw.length > 2) return undefined;
+  if (raw[0] === 0) return undefined; 
+  if (raw.length === 1) return new Uint8Array([0, raw[0]]);
+  return raw;
+}
+
 export function portToBuf(port: number): Uint8Array {
   const buf = new Uint8Array(2);
   buf[0] = port >> 8;
@@ -337,8 +344,8 @@ export abstract class BaseENR {
     };
 
     if (isUdp) {
-      const protoVal = isIpv6 ? this.kvs.get("udp6") : this.kvs.get("udp");
-      if (!protoVal || protoVal.length < 2) {
+      const protoVal = normalizePortBytes(isIpv6 ? this.kvs.get("udp6") : this.kvs.get("udp"));
+      if (!protoVal) {
         return undefined;
       }
       const protoComponent: Component = {
@@ -349,8 +356,8 @@ export abstract class BaseENR {
       return multiaddr([ipComponent, protoComponent]);
     }
     if (isTcp) {
-      const protoVal = isIpv6 ? this.kvs.get("tcp6") : this.kvs.get("tcp");
-      if (!protoVal || protoVal.length < 2) {
+      const protoVal = normalizePortBytes(isIpv6 ? this.kvs.get("tcp6") : this.kvs.get("tcp"));
+      if (!protoVal) {
         return undefined;
       }
       const protoComponent: Component = {
@@ -361,8 +368,8 @@ export abstract class BaseENR {
       return multiaddr([ipComponent, protoComponent]);
     }
     if (isQuic) {
-      const protoVal = isIpv6 ? this.kvs.get("quic6") : this.kvs.get("quic");
-      if (!protoVal || protoVal.length < 2) {
+      const protoVal = normalizePortBytes(isIpv6 ? this.kvs.get("quic6") : this.kvs.get("quic"));
+      if (!protoVal) {
         return undefined;
       }
       const protoComponent: Component = {