Prevent revert in isModuleInstalled for fallback modules on short additionalContext

[GarmashAlex]

This change adds a length check before slicing additionalContext[0:4] in isModuleInstalled for fallback modules. The ERC-7579 IERC7579ModuleConfig.isModuleInstalled requires returning true/false rather than reverting. Previously, providing fewer than 4 bytes caused an out-of-bounds slice and a revert. Now, malformed context returns false, aligning behavior with the spec and avoiding unexpected reverts in external status queries.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 697e61f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

Updated contracts/account/extensions/draft-AccountERC7579.sol to modify isModuleInstalled handling for MODULE_TYPE_FALLBACK. The function now checks that additionalContext length is at least 4; if shorter, it returns false. It extracts the selector as bytes4(additionalContext[0:4]) and compares _fallbacks[selector] to the provided module. This replaces the prior direct access without length validation, preventing reverts on short contexts. Public interfaces and function signatures remain unchanged.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title concisely and accurately describes the primary change, which is preventing a revert in the isModuleInstalled function when additionalContext is shorter than four bytes for fallback modules, making it clear and specific to the main fix.
Description Check	✅ Passed	The pull request description directly explains the added length check in isModuleInstalled for fallback modules and its purpose of returning false instead of reverting when provided context is too short, aligning with the spec and making it clearly related to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5eb047a and 2547fe5.

📒 Files selected for processing (1)

• contracts/account/extensions/draft-AccountERC7579.sol (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: Redirect rules - solidity-contracts
• GitHub Check: Header rules - solidity-contracts
• GitHub Check: Pages changed - solidity-contracts
• GitHub Check: halmos
• GitHub Check: coverage
• GitHub Check: slither
• GitHub Check: tests-foundry
• GitHub Check: tests
• GitHub Check: tests-upgradeable

🔇 Additional comments (1)

contracts/account/extensions/draft-AccountERC7579.sol (1)

152-158: Length guard keeps fallback checks non-reverting

Returning false when additionalContext is shorter than 4 bytes prevents the prior out-of-bounds revert and matches the IERC7579ModuleConfig contract that this function must stay boolean-only. Implementation looks solid.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Amxx]

Thank you @GarmashAlex for this contribution.

Could you add a unit tests for that ?

[Amxx]

Note: we have two options to fix that

1. do not slice, just take the first 4 bytes

return _fallbacks[bytes4(additionalContext)] == module;

-> No length check
-> If the additionalContext is not long enough we get extra stuff (zeros)

2. Check the length

return additionalContext.length > 3 && _fallbacks[bytes4(additionalContext[0:4])] == module;

-> Current approach
-> Slightly more expensive
-> No implicit assumptions