Description

The behavior of Routing ISM should be well-defined for the case when the corresponding module does not exist in the Routing ISM. In this project, there are two implementations of Routing ISM: domain_routing_ism.cairo and default_fallback_routing_ism.cairo. The former should revert if the corresponding module does not exist, and the latter should fall back into the default ISM of the designated Mailbox.

fn module(self: @ContractState, _origin: u32) -> ContractAddress {
    let module = self.modules.read(_origin);
    if (module != contract_address_const::<0>()) {
        module
    } else {
        IMailboxDispatcher { contract_address: self.mailboxclient.mailbox() }
            .get_default_ism()
    }
}

// ...

fn route(self: @ContractState, _message: Message) -> ContractAddress {
    self.modules.read(_message.origin)
}

// ...

fn verify(self: @ContractState, _metadata: Bytes, _message: Message) -> bool {
    let ism_address = self.route(_message.clone());
    let ism_dispatcher = IInterchainSecurityModuleDispatcher {
        contract_address: ism_address
    };
    ism_dispatcher.verify(_metadata, _message)
}

The fallback behavior is implemented in the function module. However, the route function, which is used by the verify function, does not use the module function but directly fetches the corresponding module. Because Starknet does not allow calls to the zero address, this will revert, implying the failure of message verification.

Impact

This can lead to unexpected failures in message processing, potentially disrupting cross-chain communication for new or unset origin domains.

Recommendations

Consider using the module function in the route function in order to improve the consistency of the code.

Remediation

This issue has been acknowledged by Pragma, and a fix was implemented in commit 3db11f7e↗.