Incorrect use of msg.sig without checking on the length of message data.
Severity
Medium
Vulnerability Detail
msg.sig does not have any check that the message data contains at least 4 bytes under the hood. Especially, this will fill the missing bytes with null values. So, passing msg.sig as input parameter into getRouterImplementation functions inside of PauseRouter and Router contracts lead to incorrect checks of the input data signature.
Impact
getRouterImplementation function accepts incorrect input parameter, which should store the signature of the function to be called through delegatecall.
vlad
medium
Incorrect usage of
msg.sigSummary
Incorrect use of
msg.sigwithout checking on the length of message data.Severity
Medium
Vulnerability Detail
msg.sigdoes not have any check that the message data contains at least 4 bytes under the hood. Especially, this will fill the missing bytes with null values. So, passingmsg.sigas input parameter intogetRouterImplementationfunctions inside ofPauseRouterandRoutercontracts lead to incorrect checks of the input data signature.Impact
getRouterImplementationfunction accepts incorrect input parameter, which should store the signature of the function to be called throughdelegatecall.Code Snippet
Tool used
Manual Review
Recommendation
Consider adding a special check on the length of message data to enforce that it has at least 4 bytes.