Conversation
Enforces that calldata starting at the specified startIndex matches exactly one of the values specified
- specified values must now be of equal size, with the startIndex | length encoded in the first 32 bytes - uses direct bytes comparison, rather than keccak hash
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 60dddc6. Configure here.
| bytes memory terms_ = abi.encodePacked(bytes32(metadataWord_)); | ||
| vm.expectRevert("AllowedCalldataAnyOfEnforcer:no-allowed-values"); | ||
| allowedCalldataAnyOfEnforcer.getTermsInfo(terms_); | ||
| } |
There was a problem hiding this comment.
Test expects wrong revert from unreachable check
Medium Severity
test_getTermsInfoFailsForEmptyCandidatesTail will fail. It constructs 32-byte terms via abi.encodePacked(bytes32(...)) and expects revert "AllowedCalldataAnyOfEnforcer:no-allowed-values". However, the contract's getTermsInfo checks _terms.length > 32 first (line 64), which fails for exactly 32 bytes, reverting with "AllowedCalldataAnyOfEnforcer:invalid-terms-size" instead. The concatenatedValuesLength_ != 0 check on line 72 is unreachable dead code since _terms.length > 32 already guarantees concatenatedValuesLength_ >= 1.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 60dddc6. Configure here.
1 participant
What?
Enforces that calldata starting at the specified
startIndexmatches exactly one of the values specifiedWhy?
This allows for more flexibility than the AllowedCalldataEnforcer, by specifying that the value starting at
startIndexis one of a number of different values.For instance, the EIP-7715 "Payment to" rule can enforce that the
toargument passed totransfer(address,uint256)is one of a number of specified addresses.The
startIndexis specified as the first 32 bytes, for consistency with theAllowedCalldataEnforcer, while ABI encoding was chosen for thevaluesargument, to allow for different length values.If one of the entries in the
valuesarray were of zero length, the caveat would effectly allow any operation, so the enforcer requires that all entries are at least 1 byte in length.Note
Medium Risk
Adds a new caveat enforcer that affects delegation execution authorization; incorrect term encoding or offset/length assumptions could allow unintended call data to pass or cause unexpected reverts.
Overview
Adds
AllowedCalldataAnyOfEnforcer, a new caveat enforcer that restricts single, default-mode executions by requiring a fixed-length calldata slice atstartIndexto match any one of multiple allowed candidate byte sequences encoded in_terms.Includes a comprehensive Foundry test suite covering candidate matching, term decoding/validation failures (size, zero length, padding), mode restrictions, and an end-to-end ERC20
transferintegration case.Reviewed by Cursor Bugbot for commit 60dddc6. Bugbot is set up for automated code reviews on this repo. Configure here.