@bananapus/address-registry-v6 0.0.24 → 0.0.26

package/ARCHITECTURE.md

@@ -47,7 +47,7 @@ No economic accounting lives here. The only important state is `deployerOf[addre
 
 - the risk is concentrated in a small amount of address-derivation logic
 - the registry records the derived deployer, not the transaction caller
-- overengineering is more dangerous than minimal, auditable derivation code
+- overengineering is more dangerous than minimal, reviewable derivation code
 
 ## Safe Change Guide
 
@@ -63,10 +63,10 @@ No economic accounting lives here. The only important state is `deployerOf[addre
 - edge-path validation and first-write behavior:
   `test/JBAddressRegistryEdge.t.sol`
 - pre-registration, frontrun, and undeployed-code defenses:
-  `test/audit/CodexFrontRunRegistrationDoS.t.sol`
+  `test/regression/RegressionFrontRunRegistrationDoS.t.sol`
 - provenance abuse and zero-deployer edge cases:
-  `test/audit/CodexUnauthorizedRegistrar.t.sol`
-  `test/audit/ZeroDeployerRegistration.t.sol`
+  `test/regression/RegressionUnauthorizedRegistrar.t.sol`
+  `test/regression/ZeroDeployerRegistration.t.sol`
 
 ## Source Map
 
@@ -74,9 +74,9 @@ No economic accounting lives here. The only important state is `deployerOf[addre
 - `src/interfaces/IJBAddressRegistry.sol`
 - `test/JBAddressRegistry.t.sol`
 - `test/JBAddressRegistryEdge.t.sol`
-- `test/audit/CodexFrontRunRegistrationDoS.t.sol`
-- `test/audit/CodexUnauthorizedRegistrar.t.sol`
-- `test/audit/ZeroDeployerRegistration.t.sol`
+- `test/regression/RegressionFrontRunRegistrationDoS.t.sol`
+- `test/regression/RegressionUnauthorizedRegistrar.t.sol`
+- `test/regression/ZeroDeployerRegistration.t.sol`
 - `test/regression/NonceTruncation.t.sol`
 - `script/Deploy.s.sol`
 - `script/helpers/AddressRegistryDeploymentLib.sol`

package/AUDIT_INSTRUCTIONS.md

@@ -4,7 +4,9 @@ This repo is a small registry, but it sits on a deployer-verification boundary a
 
 ## Audit Objective
 
-Find issues that:
+There is a billion dollars of well-meaning projects' money in the Juicebox Money Engine, growing exponentially. Your job is to hack it before anyone else. Whoever hacks it first saves/steals the money, and you are obsessed with being this winner, while also being a steward of the protocol and wanting it to keep growing safely.
+
+Suggestions of where to look:
 
 - let callers register contracts under the wrong deployer
 - break determinism or uniqueness assumptions around registration

package/README.md

@@ -18,7 +18,7 @@ The registry supports both `create` and `create2` deployments:
 
 Because the address is computed deterministically, registrations do not need access control. Anyone can submit the correct deployment inputs, and the registry records the deployer for the computed address after confirming code already exists there.
 
-Use this repo when deployer provenance matters. Do not confuse it with an allowlist, audit registry, or trust oracle.
+Use this repo when deployer provenance matters. Do not confuse it with an allowlist, review registry, or trust oracle.
 
 If the question is "is this hook safe?" this repo can only tell you who deployed it, not whether the code is good.
 
@@ -43,7 +43,7 @@ Anything beyond that is out of scope.
 1. `src/JBAddressRegistry.sol`
 2. `test/JBAddressRegistry.t.sol`
 3. `test/JBAddressRegistryEdge.t.sol`
-4. `test/audit/CodexFrontRunRegistrationDoS.t.sol`
+4. `test/regression/RegressionFrontRunRegistrationDoS.t.sol`
 
 ## Integration Traps
 
@@ -60,7 +60,7 @@ Anything beyond that is out of scope.
 
 1. `test/JBAddressRegistry.t.sol`
 2. `test/JBAddressRegistryEdge.t.sol`
-3. `test/audit/CodexUnauthorizedRegistrar.t.sol`
+3. `test/regression/RegressionUnauthorizedRegistrar.t.sol`
 
 ## Install
 
@@ -93,7 +93,7 @@ src/
   JBAddressRegistry.sol
   interfaces/
 test/
-  unit, edge, fork, audit, and regression coverage
+  unit, edge, fork, review, and regression coverage
 script/
   Deploy.s.sol
   helpers/
@@ -108,4 +108,4 @@ script/
 ## For AI Agents
 
 - Describe this repo as a provenance registry, not as an allowlist or safety oracle.
-- Read the edge and audit tests before making claims about frontrunning or unauthorized registration.
+- Read the edge and review tests before making claims about frontrunning or unauthorized registration.

package/RISKS.md

@@ -12,7 +12,7 @@ This file covers what `JBAddressRegistry` actually proves: deterministic address
 
 | Priority | Risk | Why it matters | Primary controls |
 |----------|------|----------------|------------------|
-| P1 | Over-trusting registration as safety approval | A registered deployer mapping does not mean the contract is audited, canonical, or safe. | UIs should label registration as provenance evidence only. |
+| P1 | Over-trusting registration as safety approval | A registered deployer mapping does not mean the contract is reviewed, canonical, or safe. | UIs should label registration as provenance evidence only. |
 | P1 | First-writer capture of a valid provenance claim | The registry records the first valid claim for an address and never updates it. | Operational discipline for trusted deployers and curated allowlists for consumers. |
 | P2 | Completeness assumptions | Unregistered contracts can still be legitimate; absence from the registry is not proof of malice. | Treat registry data as additive metadata, not an allowlist. |
 
@@ -27,7 +27,7 @@ This file covers what `JBAddressRegistry` actually proves: deterministic address
 - **First registration wins.** Once `deployerOf[addr]` is set, later registrations revert.
 - **No pre-registration of future deployments.** `registerAddress(...)` requires code to already exist at the computed address.
 - **No removal or correction path.** The registry is intentionally append-only per address.
-- **Registration is provenance, not endorsement.** `deployerOf[hook] = someFactory` says nothing about code safety, upgradeability, audit status, or whether the deployer itself is trustworthy.
+- **Registration is provenance, not endorsement.** `deployerOf[hook] = someFactory` says nothing about code safety, upgradeability, review status, or whether the deployer itself is trustworthy.
 - **Operational lag matters.** If a trusted deployer forgets to register immediately, someone else can publish the first valid claim for that address.
 
 ## 3. Integration Risks

package/STYLE_GUIDE.md

@@ -451,54 +451,9 @@ jobs:
         run: forge fmt --check
 ```
 
-**slither.yml** (repos with `src/` contracts only):
-```yaml
-name: slither
-on:
-    pull_request:
-      branches:
-        - main
-    push:
-      branches:
-        - main
-jobs:
-  analyze:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 25.9.0
-      - name: Install npm dependencies
-        run: npm install --omit=dev
-      - name: Install Foundry
-        uses: foundry-rs/foundry-toolchain@v1
-      - name: Run slither
-        uses: crytic/slither-action@v0.4.1
-        with:
-            slither-config: slither-ci.config.json
-            fail-on: medium
-```
-
-**slither-ci.config.json:**
-```json
-{
-  "detectors_to_exclude": "timestamp,uninitialized-local,naming-convention,solc-version,shadowing-local",
-  "exclude_informational": true,
-  "exclude_low": false,
-  "exclude_medium": false,
-  "exclude_high": false,
-  "disable_color": false,
-  "filter_paths": "(mocks/|test/|node_modules/|lib/)",
-  "legacy_ast": false
-}
-```
+**Static review workflow** (repos with `src/` contracts only):
 
-**Variations:**
-- Deployer-only repos (no `src/`, only `script/`) skip slither entirely — the action's internal `forge build` skips `test/` and `script/` by default, leaving nothing to compile.
-- Use inline `// slither-disable-next-line <detector>` to suppress known false positives rather than adding to `detectors_to_exclude` in the config. The comment must be on the line immediately before the flagged expression.
+Keep repo-local static review automation current with the package's runtime surface. At minimum, CI should run formatting, linting, and build checks with `--deny notes`. Repos that only contain deployment scripts can rely on the shared formatting and lint jobs unless they add runtime contracts.
 
 ### package.json
 

package/foundry.toml

@@ -1,5 +1,6 @@
 [profile.default]
 solc = '0.8.28'
+bytecode_hash = "none"
 evm_version = 'cancun'
 optimizer_runs = 200
 libs = ["node_modules", "lib"]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bananapus/address-registry-v6",
-  "version": "0.0.24",
+  "version": "0.0.26",
   "license": "MIT",
   "repository": {
     "type": "git",

package/references/operations.md

@@ -5,7 +5,7 @@
 - If you edit `create` reconstruction logic, verify nonce-boundary behavior.
 - If you edit `create2` behavior, verify bytecode hashing and salt assumptions.
 - If a user asks whether a contract is "safe," redirect the question to code provenance plus code review, not the registry alone.
-- If you change registration guards, re-read the audit tests before trusting a narrower unit proof.
+- If you change registration guards, re-read the review tests before trusting a narrower unit proof.
 
 ## Common Failure Modes
 

package/references/runtime.md

@@ -16,4 +16,4 @@
 - [`test/JBAddressRegistryEdge.t.sol`](../test/JBAddressRegistryEdge.t.sol) for boundary conditions.
 - [`test/JBAddressRegistry_Fork.t.sol`](../test/JBAddressRegistry_Fork.t.sol) for live assumptions.
 - [`test/regression/NonceTruncation.t.sol`](../test/regression/NonceTruncation.t.sol) for nonce-width and reconstruction regressions.
-- [`test/audit/ZeroDeployerRegistration.t.sol`](../test/audit/ZeroDeployerRegistration.t.sol), [`test/audit/CodexUnauthorizedRegistrar.t.sol`](../test/audit/CodexUnauthorizedRegistrar.t.sol), and [`test/audit/CodexFrontRunRegistrationDoS.t.sol`](../test/audit/CodexFrontRunRegistrationDoS.t.sol) for the abuse cases this repo is expected to resist.
+- [`test/regression/ZeroDeployerRegistration.t.sol`](../test/regression/ZeroDeployerRegistration.t.sol), [`test/regression/RegressionUnauthorizedRegistrar.t.sol`](../test/regression/RegressionUnauthorizedRegistrar.t.sol), and [`test/regression/RegressionFrontRunRegistrationDoS.t.sol`](../test/regression/RegressionFrontRunRegistrationDoS.t.sol) for the abuse cases this repo is expected to resist.

package/script/Deploy.s.sol

@@ -10,7 +10,7 @@ contract Deploy is Script, Sphinx {
     bytes32 constant ADDRESS_REGISTRY_SALT = "_JBAddressRegistryV6_";
 
     function configureSphinx() public override {
-        // TODO: Update to contain JB Emergency Developers
+        // Safe owners and threshold are resolved by the Sphinx project config.
         sphinxConfig.projectName = "nana-address-registry-v6";
         sphinxConfig.mainnets = ["ethereum", "optimism", "base", "arbitrum"];
         sphinxConfig.testnets = ["ethereum_sepolia", "optimism_sepolia", "base_sepolia", "arbitrum_sepolia"];

package/script/helpers/AddressRegistryDeploymentLib.sol

@@ -19,11 +19,10 @@ library AddressRegistryDeploymentLib {
     Vm internal constant vm = Vm(VM_ADDRESS);
 
     function getDeployment(string memory path) internal returns (AddressRegistryDeployment memory deployment) {
-        // get chainId for which we need to get the deployment.
+        // Match the current chain ID to the Sphinx network name used in deployment artifacts.
         uint256 chainId = block.chainid;
 
-        // Deploy to get the constants.
-        // TODO: get constants without deploy.
+        // `SphinxConstants` exposes Sphinx's supported chain ID to network name mapping.
         SphinxConstants sphinxConstants = new SphinxConstants();
         NetworkInfo[] memory networks = sphinxConstants.getNetworkInfoArray();
 

package/src/JBAddressRegistry.sol

@@ -3,14 +3,12 @@ pragma solidity 0.8.28;
 
 import {IJBAddressRegistry} from "./interfaces/IJBAddressRegistry.sol";
 
-/// @notice Frontend clients need a way to verify that a Juicebox contract has a deployer they trust.
-/// `JBAddressRegistry` allows any contract deployed with `create` or `create2` to publicly register its deployer's
-/// address. Whoever deploys
-/// a contract is responsible for registering it.
-/// @dev `JBAddressRegistry` is intended for registering the deployers of Juicebox pay/redeem hooks, but does not
-/// enforce adherence to an interface, and can be used for any `create`/`create2` deployer.
-/// @dev The addresses of the deployed contracts are computed deterministically based on the deployer's address, and a
-/// nonce (for `create`) or `create2` salt and deployment bytecode (for `create2`).
+/// @notice A public registry that records who deployed a given contract. Anyone can register a contract's deployer,
+/// and anyone can look it up — enabling frontend clients and other contracts to verify that a Juicebox hook or
+/// extension was deployed by a trusted source.
+/// @dev Supports both `create` (deployer + nonce) and `create2` (deployer + salt + bytecode) deployments. The
+/// registry computes the expected contract address deterministically and verifies that code exists there before
+/// recording the deployer. Each address can only be registered once.
 contract JBAddressRegistry is IJBAddressRegistry {
     //*********************************************************************//
     // --------------------------- custom errors ------------------------- //
@@ -24,7 +22,8 @@ contract JBAddressRegistry is IJBAddressRegistry {
     error JBAddressRegistry_NonceTooLarge(uint256 nonce);
 
     /// @notice Thrown when attempting to register with `address(0)` as the deployer.
-    error JBAddressRegistry_ZeroDeployer();
+    /// @param deployer The invalid deployer address.
+    error JBAddressRegistry_ZeroDeployer(address deployer);
 
     /// @notice Thrown when attempting to register an address before code exists there.
     /// @param addr The undeployed address being registered.
@@ -34,19 +33,20 @@ contract JBAddressRegistry is IJBAddressRegistry {
     // --------------------- public stored properties -------------------- //
     //*********************************************************************//
 
-    /// @notice Returns the deployer of a given contract which has been registered.
+    /// @notice Look up who deployed a registered contract. Returns `address(0)` if the contract hasn't been
+    /// registered.
     /// @dev Whoever deploys a contract is responsible for registering it.
-    /// @custom:param addr The address of the contract to get the deployer of.
+    /// @custom:param addr The address of the contract to check.
     mapping(address addr => address deployer) public override deployerOf;
 
     //*********************************************************************//
     // ---------------------- external transactions ---------------------- //
     //*********************************************************************//
 
-    /// @notice Register a deployed contract's address.
-    /// @dev The contract must be deployed using `create`.
-    /// @param deployer The address of the contract's deployer.
-    /// @param nonce The nonce used to deploy the contract.
+    /// @notice Register a contract that was deployed with `create` (standard deployment). The registry computes the
+    /// expected address from the deployer and nonce, then verifies code exists there.
+    /// @param deployer The address that deployed the contract.
+    /// @param nonce The deployer's transaction nonce at the time of deployment.
     function registerAddress(address deployer, uint256 nonce) external override {
         // Calculate the address of the contract, assuming it was deployed using `create` with the specified nonce.
         address hook = _addressFrom({origin: deployer, nonce: nonce});
@@ -55,14 +55,14 @@ contract JBAddressRegistry is IJBAddressRegistry {
         _registerAddress({addr: hook, deployer: deployer});
     }
 
-    /// @notice Register a deployed contract's address.
-    /// @dev The contract must be deployed using `create2`.
+    /// @notice Register a contract that was deployed with `create2` (deterministic deployment). The registry computes
+    /// the expected address from the deployer, salt, and bytecode, then verifies code exists there.
     /// @dev The `create2` salt is determined by the deployer's logic. The deployment bytecode can be retrieved offchain
     /// (from the deployment transaction) or onchain (with `abi.encodePacked(type(deployedContract).creationCode,
     /// abi.encode(constructorArguments))`).
-    /// @param deployer The address of the contract's deployer.
-    /// @param salt The `create2` salt used to deploy the contract.
-    /// @param bytecode The contract's deployment bytecode, including the constructor arguments.
+    /// @param deployer The address that deployed the contract.
+    /// @param salt The `create2` salt used during deployment.
+    /// @param bytecode The full deployment bytecode, including constructor arguments.
     function registerAddress(address deployer, bytes32 salt, bytes calldata bytecode) external override {
         // Calculate the address of the contract using the provided `create2` salt and deployment bytecode.
         address hook =
@@ -81,7 +81,7 @@ contract JBAddressRegistry is IJBAddressRegistry {
     /// @param deployer The deployer's address.
     function _registerAddress(address addr, address deployer) internal {
         // The registry only records non-zero deployers.
-        if (deployer == address(0)) revert JBAddressRegistry_ZeroDeployer();
+        if (deployer == address(0)) revert JBAddressRegistry_ZeroDeployer(deployer);
         // The address must already contain runtime code before it can be registered.
         if (addr.code.length == 0) revert JBAddressRegistry_AddressNotDeployed(addr);
         // Each address can only be registered once.

package/src/interfaces/IJBAddressRegistry.sol

@@ -1,27 +1,28 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.0;
 
-/// @notice A registry that maps deployed contract addresses to their deployers.
+/// @notice A registry that maps deployed contract addresses to their deployers, allowing anyone to verify who deployed
+/// a given contract. Primarily used to verify the trustworthiness of Juicebox hooks and extensions.
 interface IJBAddressRegistry {
-    /// @notice Emitted when a contract address is registered.
+    /// @notice Emitted when a contract's deployer is registered.
     /// @param addr The address of the registered contract.
-    /// @param deployer The address of the contract's deployer.
+    /// @param deployer The address that deployed the contract.
     /// @param caller The address that called the register function.
     event AddressRegistered(address indexed addr, address indexed deployer, address caller);
 
-    /// @notice Returns the deployer of a given contract which has been registered.
-    /// @param addr The address of the contract to get the deployer of.
-    /// @return deployer The deployer of the contract.
+    /// @notice Look up who deployed a registered contract.
+    /// @param addr The address of the contract to check.
+    /// @return deployer The address that deployed the contract, or `address(0)` if not registered.
     function deployerOf(address addr) external view returns (address deployer);
 
-    /// @notice Register a contract deployed with `create`.
-    /// @param deployer The address of the contract's deployer.
-    /// @param nonce The nonce used to deploy the contract.
+    /// @notice Register a contract that was deployed with `create` (standard deployment).
+    /// @param deployer The address that deployed the contract.
+    /// @param nonce The deployer's transaction nonce at the time of deployment.
     function registerAddress(address deployer, uint256 nonce) external;
 
-    /// @notice Register a contract deployed with `create2`.
-    /// @param deployer The address of the contract's deployer.
-    /// @param salt The `create2` salt used to deploy the contract.
-    /// @param bytecode The contract's deployment bytecode, including the constructor arguments.
+    /// @notice Register a contract that was deployed with `create2` (deterministic deployment).
+    /// @param deployer The address that deployed the contract.
+    /// @param salt The `create2` salt used during deployment.
+    /// @param bytecode The full deployment bytecode, including constructor arguments.
     function registerAddress(address deployer, bytes32 salt, bytes calldata bytecode) external;
 }

package/test/JBAddressRegistryEdge.t.sol

@@ -239,13 +239,13 @@ contract JBAddressRegistryEdge is Test {
 
     /// @notice Registration with address(0) as deployer reverts with `ZeroDeployer`.
     function test_zeroAddressDeployer_reverts() public {
-        vm.expectRevert(JBAddressRegistry.JBAddressRegistry_ZeroDeployer.selector);
+        vm.expectRevert(abi.encodeWithSelector(JBAddressRegistry.JBAddressRegistry_ZeroDeployer.selector, address(0)));
         registry.registerAddress(address(0), 1);
     }
 
     /// @notice Create2 registration with address(0) as deployer reverts with `ZeroDeployer`.
     function test_zeroAddressDeployer_create2_reverts() public {
-        vm.expectRevert(JBAddressRegistry.JBAddressRegistry_ZeroDeployer.selector);
+        vm.expectRevert(abi.encodeWithSelector(JBAddressRegistry.JBAddressRegistry_ZeroDeployer.selector, address(0)));
         registry.registerAddress(address(0), bytes32(uint256(42)), hex"60006000f3");
     }
 

package/test/{audit → regression}/DeploymentHelperNonceSideEffect.t.sol

@@ -28,7 +28,7 @@ contract DeploymentHelperNonceSideEffectTest is Test {
         vm.etch(registry, hex"6080604052");
 
         string memory json = string.concat('{"address":"', vm.toString(registry), '"}');
-        string memory dir = "test/audit/tmp-nonce/nana-address-registry-v6/anvil/";
+        string memory dir = "test/regression/tmp-nonce/nana-address-registry-v6/anvil/";
         string memory file = string.concat(dir, "JBAddressRegistry.json");
 
         vm.createDir(dir, true);
@@ -36,7 +36,7 @@ contract DeploymentHelperNonceSideEffectTest is Test {
 
         uint64 nonceBefore = vm.getNonce(address(caller));
 
-        caller.getDeployment("test/audit/tmp-nonce/");
+        caller.getDeployment("test/regression/tmp-nonce/");
 
         uint64 nonceAfter = vm.getNonce(address(caller));
 

package/test/{audit → regression}/DeploymentHelperValidation.t.sol

@@ -16,13 +16,14 @@ contract DeploymentLibCaller {
         string memory networkName
     )
         external
+        view
         returns (AddressRegistryDeployment memory)
     {
         return AddressRegistryDeploymentLib.getDeployment({path: path, networkName: networkName});
     }
 }
 
-/// @notice Tests M-40: Deployment helper rejects stale artifacts pointing to non-contract addresses.
+/// @notice Tests Deployment helper rejects stale artifacts pointing to non-contract addresses.
 contract DeploymentHelperValidationTest is Test {
     DeploymentLibCaller internal caller;
 
@@ -35,12 +36,12 @@ contract DeploymentHelperValidationTest is Test {
         address eoa = makeAddr("staleEOA");
         string memory json = string.concat('{"address":"', vm.toString(eoa), '"}');
 
-        string memory dir = "test/audit/tmp-eoa/nana-address-registry-v6/testnet/";
+        string memory dir = "test/regression/tmp-eoa/nana-address-registry-v6/testnet/";
         vm.createDir(dir, true);
         vm.writeFile(string.concat(dir, "JBAddressRegistry.json"), json);
 
         vm.expectRevert("AddressRegistryDeploymentLib: registry has no code");
-        caller.getDeployment({path: "test/audit/tmp-eoa/", networkName: "testnet"});
+        caller.getDeployment({path: "test/regression/tmp-eoa/", networkName: "testnet"});
 
         vm.removeFile(string.concat(dir, "JBAddressRegistry.json"));
     }
@@ -51,11 +52,11 @@ contract DeploymentHelperValidationTest is Test {
         vm.etch(registry, hex"6080604052");
         string memory json = string.concat('{"address":"', vm.toString(registry), '"}');
 
-        string memory dir = "test/audit/tmp-contract/nana-address-registry-v6/testnet/";
+        string memory dir = "test/regression/tmp-contract/nana-address-registry-v6/testnet/";
         vm.createDir(dir, true);
         vm.writeFile(string.concat(dir, "JBAddressRegistry.json"), json);
 
-        caller.getDeployment({path: "test/audit/tmp-contract/", networkName: "testnet"});
+        caller.getDeployment({path: "test/regression/tmp-contract/", networkName: "testnet"});
 
         vm.removeFile(string.concat(dir, "JBAddressRegistry.json"));
     }

package/test/{audit/CodexFrontRunRegistrationDoS.t.sol → regression/RegressionFrontRunRegistrationDoS.t.sol}

@@ -5,7 +5,7 @@ import {Test} from "forge-std/Test.sol";
 
 import {JBAddressRegistry} from "../../src/JBAddressRegistry.sol";
 
-contract CodexFrontRunRegistrationDoSTest is Test {
+contract RegressionFrontRunRegistrationDoSTest is Test {
     JBAddressRegistry internal registry;
     MockPostDeployRegistrar internal deployer;
 

package/test/{audit/CodexUnauthorizedRegistrar.t.sol → regression/RegressionUnauthorizedRegistrar.t.sol}

@@ -5,7 +5,7 @@ import {Test} from "forge-std/Test.sol";
 
 import {JBAddressRegistry} from "../../src/JBAddressRegistry.sol";
 
-contract CodexUnauthorizedRegistrarTest is Test {
+contract RegressionUnauthorizedRegistrarTest is Test {
     JBAddressRegistry internal registry;
     address internal deployer = makeAddr("deployer");
     address internal attacker = makeAddr("attacker");

package/test/{audit → regression}/ZeroDeployerRegistration.t.sol

@@ -16,7 +16,7 @@ contract ZeroDeployerRegistrationTest is Test {
     function test_createRegistrationWithZeroDeployerReverts() external {
         uint256 nonce = 1;
 
-        vm.expectRevert(JBAddressRegistry.JBAddressRegistry_ZeroDeployer.selector);
+        vm.expectRevert(abi.encodeWithSelector(JBAddressRegistry.JBAddressRegistry_ZeroDeployer.selector, address(0)));
         registry.registerAddress(address(0), nonce);
     }
 
@@ -25,7 +25,7 @@ contract ZeroDeployerRegistrationTest is Test {
         bytes32 salt = keccak256("salt");
         bytes memory bytecode = hex"60006000f3";
 
-        vm.expectRevert(JBAddressRegistry.JBAddressRegistry_ZeroDeployer.selector);
+        vm.expectRevert(abi.encodeWithSelector(JBAddressRegistry.JBAddressRegistry_ZeroDeployer.selector, address(0)));
         registry.registerAddress(address(0), salt, bytecode);
     }
 }

package/slither-ci.config.json

@@ -1,10 +0,0 @@
-{
-    "detectors_to_exclude": "timestamp,uninitialized-local,naming-convention,solc-version,shadowing-local",
-    "exclude_informational": true,
-    "exclude_low": false,
-    "exclude_medium": false,
-    "exclude_high": false,
-    "disable_color": false,
-    "filter_paths": "(mocks/|test/|node_modules/|lib/)",
-    "legacy_ast": false
-}