Facundo Lerena

**Name of the Vulnerable Software and Affected Versions** ink! versions 4.0.0 through 4.2.1 **Description** The return value when using delegate call mechanics, either through `CallBuilder::delegate` or `ink env::invoke contract delegate`, is decoded incorrectly. This issue is related to the mechanics around decoding a call's return buffer, which was changed as part of pull request 1450. No previous versions are affected since this feature was only released in ink! 4.0.0. An analysis of on-chain deployments of ink! contracts on several chains found no contracts affected by the issue. **Recommendations** For ink! versions 4.0.0 through 4.2.1, upgrade to version 4.2.1 to receive a patch.