Routing ISM with the fallback configuration does not show fallback behavior
Description
The behavior of Routing ISM should be well-defined for the case when the corresponding module does not exist in the Routing ISM. In this project, there are two implementations of Routing ISM: domain_routing_ism.cairo and default_fallback_routing_ism.cairo. The former should revert if the corresponding module does not exist, and the latter should fall back into the default ISM of the designated Mailbox.
fn module(self: @ContractState, _origin: u32) -> ContractAddress {
let module = self.modules.read(_origin);
if (module != contract_address_const::<0>()) {
module
} else {
IMailboxDispatcher { contract_address: self.mailboxclient.mailbox() }
.get_default_ism()
}
}
// ...
fn route(self: @ContractState, _message: Message) -> ContractAddress {
self.modules.read(_message.origin)
}
// ...
fn verify(self: @ContractState, _metadata: Bytes, _message: Message) -> bool {
let ism_address = self.route(_message.clone());
let ism_dispatcher = IInterchainSecurityModuleDispatcher {
contract_address: ism_address
};
ism_dispatcher.verify(_metadata, _message)
}
The fallback behavior is implemented in the function module
. However, the route
function, which is used by the verify
function, does not use the module
function but directly fetches the corresponding module. Because Starknet does not allow calls to the zero address, this will revert, implying the failure of message verification.
Impact
This can lead to unexpected failures in message processing, potentially disrupting cross-chain communication for new or unset origin domains.
Recommendations
Consider using the module
function in the route
function in order to improve the consistency of the code.
Remediation
This issue has been acknowledged by Pragma, and a fix was implemented in commit 3db11f7e↗.