fix: Return ERC-1271 failure value instead of reverting for short signatures

[kai-agent]

Summary

This PR addresses a security vulnerability discovered during automated security analysis:

[LOW] isValidSignature reverts instead of returning failure value for short signatures

• The isValidSignature function attempts to extract a validator address from signature[0:20] without first checking if the signature has at least 20 bytes
• When a signature between 1-19 bytes is provided, this causes an out-of-bounds array access that reverts the transaction
• According to ERC-1271, the function should return 0x1626ba7e for valid signatures or 0xffffffff for invalid signatures - it should never revert on invalid input

Impact:

• Protocols integrating with Nexus accounts may fail unexpectedly when handling malformed signatures
• Could cause DoS in systems that don't expect isValidSignature to revert
• Violates ERC-1271 specification

Fix: Added a length check before accessing signature[0:20]. If the signature is shorter than 20 bytes, the function now returns 0xffffffff (ERC-1271 failure value) instead of reverting.

Test plan

• Added unit tests verifying the fix correctly returns 0xffffffff for signatures < 20 bytes
• Added fuzz test for signature lengths 1-19 bytes
• Verified normal signature validation still works for valid-length signatures
• All existing ERC-1271 tests pass (14 tests total)

Prepared by Kai Agent