[BUG BOUNTY] UNLIMITED AND FREE RENEWAL YEARS FOR .SOUL & .BASE DOMAINS

[telog14]

Describe the bug
This bug allows any current masa domain holder to renew a domain for an unlimited amount of years without paying any funds besides the gas needed to call the smart contract, for both base(.base) and eth(.soul) domains, directly from the main website.

Steps to reproduce the behavior:
The bug in question is easily replicable by visiting https://app.masa.finance/soulnames and connecting a metamask wallet(most likely this works with any wallet provider) holding a soulname, in this case base domain or .soul eth domain.
After that it's required to enter any domain name a user is holding on that particular network in the domain search bar, increase the number of years to renew(the number of years a user can select is unlimited) and click "Renew your soulname".
Disregard the disclaimer "insufficient funds" and renew the domain for any number of years, by confirming the transaction in metamask.
Immediately a confirmation pop-up will show up confirming the successful extended expiration date without a user having to pay any ETH for renewing the domain, besides gas.
I've tested this bug only with 5+ letters domain on both base and eth networks, the devs should test if this works with less than 5 letters domains, but most likely it will work the same.

Expected behavior
When renewing a 5 letter domain, a user should pay a 0.0008 ETH fee multiplied by each year a user intends to renew, while here anyone can renew a domain for unlimited years.
As metamask outlines, the user sends an amount of ETH which is 0, this amount should be higher of course

Screenshots can be found in the additional context section.

Videos
The wallet used in the 2 videos are 0x397dF6c66ddED5742b3F9E20B46e0834084F8F41 for the first video, in this wallet i hold my .base domains.
Regarding the second video the wallet used is 0x5670297049F46489989D0feaA93A5C3D2d53F3c8 where i hold the governance.soul name on Eth mainnet.
Links to the 2 videos are here https://www.youtube.com/watch?v=JqmXFDJw7Uo
and https://www.youtube.com/watch?v=SCXTNqSqHsg
In the first video i forgot to remove night mode, but the video is still clear.
I can't send the videos in file format here as github won't allow me, so check the youtube links

Device Info

• Device: Desktop PC
• OS: Windows 10 Home. Version 22H2 OS Build 19045.4717
• Browser Google Chrome
• Version 127.0.6533.99 (Build ufficiale) (64 bit)

Additional context

1. Metamask HEX data shows the function in question is the "renew years period", the path is this one i'm quite sure contracts/SoulName.sol , you will want to take a look at that, i'm attaching a screenshot for reference.
   

2. Another minor UI issue i've encountered:
   When renewing a domain and entering that domain name in the search bar, the website always shows the expiration date of that domain as one year from now, said that when renewing the domain multiple times, the years renewed stack up so in the end everything is working as intended here, this is not a critical issue.

3. I've noticed after renewing for 150+ years the ETH price counter goes back to 0 ETH, i'm attaching a photo for this.
   After 100 years the fee for every additional year seems to be way higher, is this intentional?
   This might just be an issue with counter on the website, which is a bit buggy, i'll let you take a look at this yourselves.
   

Is this bug a Critical Vulnerability?
YES
This bug is extremely critical and should be looked into as fast possible, it's on the main website page and replicable by any user, i'm still not sure how the renewal contract went through testing, but there you go!

My contacts are @telog14 on X and telog on Discord and my ENS is telog14.eth pointing to the address 0xA2Fce8470574c5e174c8359809bF596450828FC9 in case of bug bounty reward.
I can pay for the additional years i renewed for free no problem.