Reject interoperable addresses whith both chain reference and addresses empty (#6331)

Author: Amxx

.changeset/smooth-cows-notice.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`InteroperableAddress`: reject inputs with both chain reference and addresses empty.

contracts/utils/draft-InteroperableAddress.sol

@@ -96,12 +96,10 @@ library InteroperableAddress {
         bytes memory self
     ) internal pure returns (bool success, bytes2 chainType, bytes memory chainReference, bytes memory addr) {
         unchecked {
-            success = true;
             if (self.length < 0x06) return (false, 0x0000, _emptyBytesMemory(), _emptyBytesMemory());
 
             bytes2 version = _readBytes2(self, 0x00);
             if (version != bytes2(0x0001)) return (false, 0x0000, _emptyBytesMemory(), _emptyBytesMemory());
-            chainType = _readBytes2(self, 0x02);
 
             uint8 chainReferenceLength = uint8(self[0x04]);
             if (self.length < 0x06 + chainReferenceLength)
@@ -112,6 +110,10 @@ library InteroperableAddress {
             if (self.length < 0x06 + chainReferenceLength + addrLength)
                 return (false, 0x0000, _emptyBytesMemory(), _emptyBytesMemory());
             addr = self.slice(0x06 + chainReferenceLength, 0x06 + chainReferenceLength + addrLength);
+
+            // At least one of chainReference or addr must be non-empty
+            success = (chainReferenceLength > 0) || (addrLength > 0);
+            chainType = success ? _readBytes2(self, 0x02) : bytes2(0);
         }
     }
 
@@ -122,12 +124,10 @@ library InteroperableAddress {
         bytes calldata self
     ) internal pure returns (bool success, bytes2 chainType, bytes calldata chainReference, bytes calldata addr) {
         unchecked {
-            success = true;
             if (self.length < 0x06) return (false, 0x0000, Calldata.emptyBytes(), Calldata.emptyBytes());
 
             bytes2 version = _readBytes2Calldata(self, 0x00);
             if (version != bytes2(0x0001)) return (false, 0x0000, Calldata.emptyBytes(), Calldata.emptyBytes());
-            chainType = _readBytes2Calldata(self, 0x02);
 
             uint8 chainReferenceLength = uint8(self[0x04]);
             if (self.length < 0x06 + chainReferenceLength)
@@ -138,6 +138,10 @@ library InteroperableAddress {
             if (self.length < 0x06 + chainReferenceLength + addrLength)
                 return (false, 0x0000, Calldata.emptyBytes(), Calldata.emptyBytes());
             addr = self[0x06 + chainReferenceLength:0x06 + chainReferenceLength + addrLength];
+
+            // At least one of chainReference or addr must be non-empty
+            success = (chainReferenceLength > 0) || (addrLength > 0);
+            chainType = success ? _readBytes2Calldata(self, 0x02) : bytes2(0);
         }
     }
 

test/utils/draft-InteroperableAddress.test.js

@@ -116,11 +116,13 @@ describe('ERC7390', function () {
       // version 2 + some data
       'unsupported version': '0x00020000010100',
       // version + ref: missing chainReferenceLength and addressLength
-      'too short (case 1)': '0x00010000',
+      'too short (case 1)': '0x00010042',
       // version + ref + chainReference: missing addressLength
-      'too short (case 2)': '0x000100000101',
+      'too short (case 2)': '0x000100420101',
       // version + ref + chainReference + addressLength + part of the address: missing 2 bytes of the address
-      'too short (case 3)': '0x00010000010114d8da6bf26964af9d7eed9e03e53415d37aa9',
+      'too short (case 3)': '0x00010042010114d8da6bf26964af9d7eed9e03e53415d37aa9',
+      // empty chain reference and address
+      'empty chain reference and address': '0x000100420000',
     })) {
       it(title, async function () {
         await expect(this.mock.$parseV1(binary))