@bananapus/address-registry-v6 0.0.8 → 0.0.10

package/AUDIT_INSTRUCTIONS.md

@@ -0,0 +1,122 @@
+# Audit Instructions -- nana-address-registry-v6
+
+You are auditing a permissionless address registry for Juicebox V6. The contract stores a mapping from deployed contract addresses to their deployers, computed deterministically from `create` or `create2` parameters. It has no owner, no access control, no constructor arguments, and no external dependencies. Read [RISKS.md](./RISKS.md) first -- it documents all known risks and trust assumptions. Then come back here.
+
+## Scope
+
+**In scope -- all Solidity in `src/`:**
+```
+src/JBAddressRegistry.sol              # Registry implementation (~127 lines)
+src/interfaces/IJBAddressRegistry.sol  # Interface (~27 lines)
+```
+
+**Out of scope:** Test files, deployment scripts, forge-std.
+
+## Architecture
+
+### JBAddressRegistry
+
+A standalone, stateless-logic contract with a single storage mapping:
+
+```
+mapping(address addr => address deployer) public deployerOf;
+```
+
+Two public `registerAddress` overloads accept deployer parameters, compute the deterministic address, and store the mapping. No validation is performed beyond address computation and a nonce range check.
+
+### Registration (create)
+
+`registerAddress(address deployer, uint256 nonce)`:
+1. Calls `_addressFrom(deployer, nonce)` to compute the `create` address via RLP encoding
+2. Stores `deployerOf[computedAddress] = deployer`
+3. Emits `AddressRegistered(computedAddress, deployer, msg.sender)`
+
+### Registration (create2)
+
+`registerAddress(address deployer, bytes32 salt, bytes calldata bytecode)`:
+1. Computes `address(uint160(uint256(keccak256(abi.encodePacked(bytes1(0xff), deployer, salt, keccak256(bytecode))))))`
+2. Stores `deployerOf[computedAddress] = deployer`
+3. Emits `AddressRegistered(computedAddress, deployer, msg.sender)`
+
+### RLP Encoding (_addressFrom)
+
+The internal `_addressFrom(address origin, uint256 nonce)` function implements RLP encoding of `[origin, nonce]` for `create` address computation. It handles 10 nonce ranges covering `0` through `type(uint64).max`:
+
+| Nonce Range | RLP Prefix Byte | Nonce Length Prefix |
+|-------------|----------------|---------------------|
+| `0` | `0xd6` | `0x80` (empty byte) |
+| `1 - 0x7f` | `0xd6` | (none, raw byte) |
+| `0x80 - 0xff` | `0xd7` | `0x81` |
+| `0x100 - 0xffff` | `0xd8` | `0x82` |
+| `0x10000 - 0xffffff` | `0xd9` | `0x83` |
+| `0x1000000 - 0xffffffff` | `0xda` | `0x84` |
+| `0x100000000 - 0xffffffffff` | `0xdb` | `0x85` |
+| `0x10000000000 - 0xffffffffffff` | `0xdc` | `0x86` |
+| `0x1000000000000 - 0xffffffffffffff` | `0xdd` | `0x87` |
+| `0x100000000000000 - 0xffffffffffffffff` | `0xde` | `0x88` |
+
+The final address is extracted from `keccak256(rlp_data)` via inline assembly: `mstore(0, hash); addr := mload(0)`.
+
+Nonces above `type(uint64).max` revert with `JBAddressRegistry_NonceTooLarge`.
+
+## Priority Audit Areas
+
+### 1. RLP Encoding Correctness (Highest Priority)
+
+The `_addressFrom` function is the only non-trivial logic in the contract. Verify:
+
+- **Every nonce range boundary is correct.** The if/else chain must produce correct RLP for every boundary value: `0`, `1`, `0x7f`, `0x80`, `0xff`, `0x100`, `0xffff`, `0x10000`, etc., up to `type(uint64).max`. An off-by-one at any boundary would silently produce wrong addresses.
+- **RLP prefix bytes are correct.** The first byte (`0xd6`-`0xde`) encodes the total length of the list. Verify each prefix matches the actual encoded data length (20-byte address + nonce encoding + overhead).
+- **Nonce encoding is correct.** For nonce `0`, the RLP encoding is `0x80` (empty byte string), not `0x00`. For nonces `1-0x7f`, the nonce IS the RLP encoding (single byte). For `0x80+`, a length prefix is prepended.
+- **Assembly address extraction.** The final `mstore(0, hash); addr := mload(0)` extracts the low 160 bits of the keccak256 hash. Verify this is equivalent to `address(uint160(uint256(hash)))`.
+- **Comparison with reference implementations.** Cross-check against the Ethereum Yellow Paper, OpenZeppelin's `Create2` library, and the linked StackExchange reference (https://ethereum.stackexchange.com/a/87840/68134).
+
+### 2. create2 Address Computation
+
+The `create2` overload uses `abi.encodePacked(bytes1(0xff), deployer, salt, keccak256(bytecode))`. Verify:
+- This matches the EIP-1014 specification exactly.
+- The `bytes calldata bytecode` parameter is hashed correctly (constructor arguments must be included by the caller; the contract does not append them).
+- No length ambiguity in the packed encoding (each component has fixed size: 1 + 20 + 32 + 32 = 85 bytes).
+
+### 3. Overwrite Behavior
+
+`_registerAddress` unconditionally overwrites `deployerOf[addr]`. Verify:
+- A re-registration with the same parameters produces the same result (idempotent).
+- A re-registration with different parameters that happen to compute the same address (collision) would overwrite. Since address collisions require a keccak256 collision, this is cryptographically infeasible -- but confirm there is no cheaper attack vector.
+- The `caller` field in the `AddressRegistered` event correctly reflects `msg.sender`, not the `deployer` parameter.
+
+### 4. Gas and DoS
+
+The contract has no loops, no arrays, and no unbounded storage growth beyond the mapping. Verify:
+- `registerAddress` has bounded gas cost regardless of inputs.
+- The `bytecode` parameter in the `create2` overload is hashed in memory. For very large bytecode, this could consume significant memory gas but cannot cause an OOG in the registry itself (the caller pays).
+
+## Invariants to Verify
+
+1. **Determinism**: For any `(deployer, nonce)` pair, `_addressFrom` always returns the same address, and that address matches what the EVM would produce for a `create` deployment from `deployer` at `nonce`.
+2. **create2 correctness**: For any `(deployer, salt, bytecode)` triple, the computed address matches what the EVM would produce for a `create2` deployment.
+3. **No side effects**: `registerAddress` only modifies `deployerOf[computedAddress]` and emits one event. No other state is touched.
+4. **Nonce boundary completeness**: Every valid nonce (0 through `type(uint64).max`) produces a correct RLP encoding. No nonce in this range falls through without being encoded.
+
+## Testing Setup
+
+```bash
+cd nana-address-registry-v6
+npm install
+forge build
+forge test
+
+# Run edge case tests
+forge test --match-contract JBAddressRegistryEdge -vvv
+
+# Run nonce truncation regression test
+forge test --match-path test/regression/NonceTruncation.t.sol -vvv
+
+# Run fork tests
+forge test --match-contract Fork -vvv
+
+# Write a PoC
+forge test --match-path test/audit/ExploitPoC.t.sol -vvv
+```
+
+Go break it.

package/CHANGE_LOG.md

@@ -0,0 +1,88 @@
+# nana-address-registry-v6 Changelog (v5 → v6)
+
+This document describes all changes between `nana-address-registry` (v5) and `nana-address-registry-v6` (v6).
+
+---
+
+## 1. Breaking Changes
+
+- **Solidity version bump**: `0.8.23` → `0.8.26`. Contracts compiled against v5 ABIs will still be compatible (no ABI-level breaking changes), but the compiler version requirement has changed.
+- **Nonce range extended from `uint32` to `uint64`**: In v5, the `_addressFrom` function silently produced incorrect addresses for nonces at or above `2^32`. In v6, nonces up to `uint64.max` are correctly RLP-encoded, and nonces above `uint64.max` revert with `JBAddressRegistry_NonceTooLarge`. Any off-chain tooling that assumed the `uint32` ceiling must be updated.
+
+## 2. New Features
+
+- **Extended nonce support (uint40 through uint64)**: Four new RLP encoding branches handle nonces in the ranges `uint40`, `uint48`, `uint56`, and `uint64`, covering any realistic Ethereum account nonce.
+
+## 3. Event Changes
+
+None. The `AddressRegistered` event signature is identical between v5 and v6:
+
+```solidity
+event AddressRegistered(address indexed addr, address indexed deployer, address caller);
+```
+
+## 4. Error Changes
+
+| Error | v5 | v6 |
+|---|---|---|
+| `JBAddressRegistry_NonceTooLarge(uint256 nonce)` | Does not exist | **Added** — reverts when `nonce > type(uint64).max` |
+
+In v5, passing a nonce larger than `uint32` fell through to the `else` branch, which cast the nonce to `uint32`, silently truncating it and producing an incorrect address. v6 replaces this silent truncation with an explicit revert.
+
+## 5. Implementation Changes (Non-Interface)
+
+### `_addressFrom` — RLP nonce encoding
+
+| Aspect | v5 | v6 |
+|---|---|---|
+| Maximum supported nonce | `uint32` (implicit, no guard) | `uint64` (explicit revert above) |
+| Nonce > `uint32` behavior | Silent truncation to `uint32` — incorrect address computed | Correctly encodes `uint40`–`uint64`; reverts above `uint64` |
+| RLP branches | 6 (`0x00`, `≤0x7f`, `≤0xff`, `≤0xffff`, `≤0xffffff`, `else→uint32`) | 10 (`0x00`, `≤0x7f`, `≤0xff`, `≤0xffff`, `≤0xffffff`, `≤0xffffffff`, `≤0xffffffffff`, `≤0xffffffffffff`, `≤0xffffffffffffff`, `else→uint64`) |
+| Lint annotations | None | `forge-lint: disable-next-line(unsafe-typecast)` on each narrowing cast; `forge-lint: disable-next-line(asm-keccak256)` on inline assembly `keccak256` |
+
+### Internal function call style
+
+All internal function calls now use **named arguments** for clarity:
+
+```solidity
+// v5
+address hook = _addressFrom(deployer, nonce);
+_registerAddress(hook, deployer);
+
+// v6
+address hook = _addressFrom({origin: deployer, nonce: nonce});
+_registerAddress({addr: hook, deployer: deployer});
+```
+
+### Section header naming
+
+| v5 | v6 |
+|---|---|
+| `// ---------------------- internal transactions ---------------------- //` | `// -------------------------- internal views ------------------------- //` (for `_addressFrom`) |
+| (none) | `// ------------------------ internal functions ----------------------- //` (new section for `_registerAddress`) |
+| (none) | `// --------------------------- custom errors ------------------------- //` (new section) |
+
+### NatDoc comment improvements
+
+- **Contract-level**: Fixed typo `reponsible` → `responsible`; reformatted line wrapping.
+- **`_addressFrom`**: Replaced informal note (`"this won't work for nonces > 2**32. If you reach that nonce please: 1) ping us, because wow 2) use another deployer"`) with a precise description (`"RLP encoding of [origin, nonce]. Supports nonces up to uint64 max"`). Attribution changed from `"Taken from"` to `"Adapted from"`.
+
+### Interface NatDoc
+
+The v6 interface (`IJBAddressRegistry`) adds full NatDoc documentation that was absent in v5:
+
+- `@notice` on the interface itself.
+- `@notice`, `@param`, and `@return` tags on `AddressRegistered`, `deployerOf`, and both `registerAddress` overloads.
+
+No function signatures, parameter types, or return types changed.
+
+## 6. Migration Table
+
+| v5 | v6 | Action Required |
+|---|---|---|
+| `IJBAddressRegistry` | `IJBAddressRegistry` | **None** — ABI-identical. Update import path only. |
+| `JBAddressRegistry` | `JBAddressRegistry` | **None** — ABI-compatible. Deploy new instance compiled with Solidity 0.8.26. |
+| `registerAddress(address, uint256)` | `registerAddress(address, uint256)` | **None** — signature unchanged. Nonces > `uint32` now work correctly; nonces > `uint64` now revert instead of silently producing wrong addresses. |
+| `registerAddress(address, bytes32, bytes)` | `registerAddress(address, bytes32, bytes)` | **None** — signature unchanged. |
+| `deployerOf(address)` | `deployerOf(address)` | **None** — signature unchanged. |
+| (no error) | `JBAddressRegistry_NonceTooLarge(uint256)` | **New** — callers passing nonces > `uint64.max` must handle this revert. |

package/README.md

@@ -60,7 +60,7 @@ Deployers can be exploited or act maliciously. Clients should still communicate
 
 ### Limitations
 
-- The `_addressFrom` function for `create` addresses uses RLP encoding that only supports nonces up to `2^32` (4,294,967,295). Higher nonces are silently truncated via `uint32` cast, producing incorrect addresses. In practice, this limit is unreachable.
+- The `_addressFrom` function for `create` addresses uses RLP encoding that only supports nonces up to `uint64` max (18,446,744,073,709,551,615). Higher nonces revert with `JBAddressRegistry_NonceTooLarge`. In practice, this limit is unreachable.
 - No overwrite protection: registering the same computed address again overwrites the previous deployer. This is safe because only the correct deployer + parameters produce a given address -- a second call with the same inputs just re-registers the same deployer.
 - Registration is permissionless -- anyone can call `registerAddress`, not just the deployer. Security relies entirely on deterministic address computation.
 

package/RISKS.md

@@ -1,20 +1,18 @@
-# nana-address-registry-v6 — Risks
+# RISKS.md -- nana-address-registry-v6
 
-## Trust Assumptions
+## 1. Trust Assumptions
 
-1. **Self-Registration** — Anyone can register any address. The registry does NOT verify that the caller actually deployed the contract. It only verifies that the computed address matches the provided parameters.
-2. **Address Computation** — Relies on correct RLP encoding (create) and keccak256 (create2) for address derivation. Standard Ethereum address computation.
-3. **Frontend Trust** — Frontends must maintain their own list of trusted deployers. The registry only provides the mapping, not a trust judgment.
+- **Self-registration.** Anyone can register any address. The registry does NOT verify that the caller actually deployed the contract. It only verifies that the computed address matches the provided deployer/nonce or deployer/salt/bytecode parameters.
+- **Frontend trust.** Frontends must maintain their own list of trusted deployers. The registry provides the mapping, not a trust judgment.
 
-## Known Risks
+## 2. Known Risks
 
-| Risk | Description | Mitigation |
-|------|-------------|------------|
-| False registration | Anyone can call registerAddress — the computed address must match, but the "deployer" parameter is not verified as the actual deployer | Address computation ensures the deployer/nonce pair produced the address |
-| Overwrite | A second registration for the same address overwrites the first | By design; last writer wins |
-| No unregister | Once registered, a deployer mapping cannot be removed | Intentional; provides permanent provenance |
-| Nonce range | Supports nonces up to uint64 max | Covers any realistic Ethereum nonce |
+- **False registration.** Anyone can call `registerAddress` with arbitrary deployer/nonce values, registering a computed address with a deployer that did not actually deploy it. Consumers must verify the deployer is trusted, not just that a mapping exists.
+- **Overwrite of existing entries.** There is no check preventing re-registration. A second call with different parameters that computes the same address will overwrite the previous `deployerOf` entry.
+- **No removal mechanism.** Once registered, an entry cannot be removed, only overwritten.
+- **RLP encoding correctness.** The `_addressFrom` function manually implements RLP encoding for nonces up to uint64. Well-tested pattern; nonce capped at uint64 max with explicit revert.
 
-## Privileged Roles
+## 3. Invariants to Verify
 
-None — the contract is fully permissionless. Anyone can register, anyone can query.
+- `deployerOf[addr]` always corresponds to a valid deployer/nonce pair that produces `addr` (if registered via `registerAddress`).
+- `create2` registrations: `deployerOf[addr]` corresponds to a valid deployer/salt/bytecodeHash that produces `addr`.

package/STYLE_GUIDE.md

@@ -197,7 +197,7 @@ interface IJBExample is IJBBase {
 | Public/external function | `camelCase` | `cashOutTokensOf` |
 | Internal/private function | `_camelCase` | `_processFee` |
 | Internal storage | `_camelCase` | `_accountingContextForTokenOf` |
-| Function parameter | `camelCase` | `projectId`, `cashOutCount` |
+| Function parameter | `camelCase` (no underscores) | `projectId`, `cashOutCount` |
 
 ## NatSpec
 
@@ -253,9 +253,12 @@ uint256 public constant MAX_RESERVED_PERCENT = 10_000;
 
 ## Function Calls
 
-Use named parameters for readability when calling functions with 3+ arguments:
+Use named arguments for all function calls with 2 or more arguments — in both `src/` and `script/`:
 
 ```solidity
+// Good — named arguments
+token.mint({account: beneficiary, amount: count});
+_transferOwnership({newOwner: address(0), projectId: 0});
 PERMISSIONS.hasPermission({
     operator: sender,
     account: account,
@@ -264,8 +267,18 @@ PERMISSIONS.hasPermission({
     includeRoot: true,
     includeWildcardProjectId: true
 });
+
+// Bad — positional arguments with 2+ args
+token.mint(beneficiary, count);
+_transferOwnership(address(0), 0);
 ```
 
+Single-argument calls use positional style: `_burn(amount)`.
+
+This also applies to constructor calls, struct literals, and inherited/library calls (e.g., OZ `_mint`, `_safeMint`, `safeTransfer`, `allowance`, `Clones.cloneDeterministic`).
+
+Named argument keys must use **camelCase** — never underscores. If a function's parameter names use underscores, rename them to camelCase first.
+
 ## Multiline Signatures
 
 ```solidity
@@ -553,6 +566,7 @@ CI checks formatting via `forge fmt --check`.
 
 CI runs `forge build --sizes` to catch contracts approaching the 24KB limit. When the repo's default `optimizer_runs` differs from what you want for size checking, use `FOUNDRY_PROFILE=ci_sizes forge build --sizes` with a `[profile.ci_sizes]` section in `foundry.toml`.
 
+
 ## Repo-Specific Deviations
 
 None. This repo follows the standard configuration exactly.

package/USER_JOURNEYS.md

@@ -0,0 +1,144 @@
+# User Journeys -- nana-address-registry-v6
+
+Concrete end-to-end flows through the address registry. Each journey traces the exact function calls, state changes, and external interactions.
+
+## Journey 1: Register a Contract Deployed via create
+
+**Actor:** Anyone (the deployer, the deployed contract itself, or a third party).
+**Goal:** Record the deployer of a contract that was deployed using the `create` opcode (standard deployment).
+
+### Precondition
+
+A contract exists on-chain at the address that `create` would produce from `(deployer, nonce)`. The caller knows the deployer's address and the nonce used during deployment.
+
+### Steps
+
+1. **Caller invokes `registerAddress(address deployer, uint256 nonce)`**
+
+   - The `nonce` must be `<= type(uint64).max` or the call reverts with `JBAddressRegistry_NonceTooLarge(nonce)`
+   - The contract calls `_addressFrom(deployer, nonce)` internally
+
+2. **`_addressFrom` computes the create address via RLP encoding**
+
+   - Selects the correct RLP encoding branch based on the nonce range (10 branches: `0`, `1-0x7f`, `0x80-0xff`, ..., up to `uint64` max)
+   - Builds the RLP-encoded byte sequence: `[list_prefix, 0x94, deployer_20_bytes, nonce_encoding]`
+   - Hashes the sequence with `keccak256`
+   - Extracts the low 160 bits as the computed address via inline assembly
+
+3. **`_registerAddress` stores the mapping and emits the event**
+
+   - Sets `deployerOf[computedAddress] = deployer`
+   - Emits `AddressRegistered(addr: computedAddress, deployer: deployer, caller: msg.sender)`
+
+### Result
+
+`deployerOf[computedAddress]` now returns `deployer`. Anyone querying the registry for that address can verify who deployed it.
+
+### What to verify
+
+- The computed address matches the actual on-chain contract address for the given `(deployer, nonce)` pair.
+- If the caller provides incorrect parameters (wrong nonce, wrong deployer), a mapping is still created -- but for a different (likely nonexistent) address. The registry does not verify that code exists at the computed address.
+- Calling `registerAddress` again with the same parameters is idempotent (same result, no revert).
+- The `caller` in the event is `msg.sender`, which may differ from `deployer`.
+
+---
+
+## Journey 2: Register a Contract Deployed via create2
+
+**Actor:** Anyone (the deployer, the deployed contract itself, or a third party).
+**Goal:** Record the deployer of a contract that was deployed using the `create2` opcode (deterministic deployment).
+
+### Precondition
+
+A contract exists on-chain at the address that `create2` would produce from `(deployer, salt, bytecode)`. The caller knows the deployer's address, the salt, and the full creation bytecode (including constructor arguments).
+
+### Steps
+
+1. **Caller invokes `registerAddress(address deployer, bytes32 salt, bytes calldata bytecode)`**
+
+   - No parameter validation beyond the address computation itself
+   - `bytecode` must include ABI-encoded constructor arguments appended to the creation code
+
+2. **The contract computes the create2 address inline**
+
+   - `address(uint160(uint256(keccak256(abi.encodePacked(bytes1(0xff), deployer, salt, keccak256(bytecode))))))`
+   - This matches the EIP-1014 specification
+
+3. **`_registerAddress` stores the mapping and emits the event**
+
+   - Sets `deployerOf[computedAddress] = deployer`
+   - Emits `AddressRegistered(addr: computedAddress, deployer: deployer, caller: msg.sender)`
+
+### Result
+
+`deployerOf[computedAddress]` now returns `deployer`. Frontends and other contracts can look up the deployer of any `create2`-deployed contract.
+
+### What to verify
+
+- The `bytecode` parameter must be the full creation bytecode, not the deployed (runtime) bytecode. Omitting constructor arguments produces a different hash and therefore a different address.
+- For large bytecode payloads, `keccak256(bytecode)` is computed in memory. The gas cost scales with bytecode size, but the registry itself has no gas limit issues -- the caller pays.
+- The salt is deployer-specific. Different deployers with the same salt and bytecode produce different addresses (because the deployer address is part of the hash input).
+
+---
+
+## Journey 3: Frontend Verifies a Hook's Deployer
+
+**Actor:** Frontend application or off-chain service.
+**Goal:** Determine whether a Juicebox hook was deployed by a trusted factory.
+
+### Precondition
+
+The hook contract has been registered in the registry (via Journey 1 or 2). The frontend maintains a list of trusted deployer addresses.
+
+### Steps
+
+1. **Frontend reads `deployerOf(hookAddress)`**
+
+   - This is a simple public mapping getter -- a `staticcall` with no state changes
+   - Returns `address(0)` if the hook has never been registered
+
+2. **Frontend evaluates the result**
+
+   - If `deployer == address(0)`: the hook is unregistered. The frontend should treat it as untrusted.
+   - If `deployer` is in the trusted deployer set: the hook was deployed by a known, audited factory. The frontend can display it with confidence.
+   - If `deployer` is a non-zero address not in the trusted set: the hook is registered but was deployed by an unknown deployer. The frontend should flag it as unverified.
+
+### Result
+
+The frontend can make a trust decision about the hook without needing to trace the deployment transaction on-chain.
+
+### What to verify
+
+- `deployerOf` returns `address(0)` for any address that has never been registered. There is no way to distinguish "never registered" from "registered with `deployer = address(0)`", though the latter requires deliberately passing `address(0)` as the deployer.
+- The registry provides no guarantee that code exists at the registered address. A deployer could register an address for a contract that has been self-destructed or was never deployed.
+- The registry provides no guarantee that the registered deployer is the *actual* deployer. It only guarantees that the deterministic computation of `(deployer, nonce)` or `(deployer, salt, bytecode)` produces that address. Since the EVM's address derivation is deterministic, this is equivalent -- but the registry itself does not verify the deployment transaction.
+
+---
+
+## Journey 4: Overwrite a Previous Registration
+
+**Actor:** Anyone.
+**Goal:** Re-register an address with the same or different parameters.
+
+### Precondition
+
+`deployerOf[addr]` already has a non-zero value from a previous registration.
+
+### Steps
+
+1. **Caller invokes either `registerAddress` overload with parameters that compute to `addr`**
+
+2. **`_registerAddress` overwrites the existing value**
+
+   - `deployerOf[addr] = deployer` (unconditional write, no check for existing value)
+   - Emits a new `AddressRegistered` event
+
+### Result
+
+The previous deployer mapping is overwritten. The event log contains both the old and new registrations.
+
+### What to verify
+
+- Overwriting is safe because the same address can only be computed from the same `(deployer, nonce)` or `(deployer, salt, bytecode)` parameters (assuming no keccak256 collision). Re-registering with the same parameters produces the same result.
+- There is no way to "unregister" an address. Setting `deployerOf[addr] = address(0)` would require computing a `(deployer, nonce)` pair that produces `addr` with `deployer = address(0)`, which is theoretically possible but practically useless.
+- The event log preserves the full history of registrations. Off-chain indexers can detect overwrites by tracking multiple `AddressRegistered` events for the same `addr`.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bananapus/address-registry-v6",
-  "version": "0.0.8",
+  "version": "0.0.10",
   "license": "MIT",
   "repository": {
     "type": "git",

package/script/Deploy.s.sol

@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.26;
 
-import "@sphinx-labs/contracts/contracts/foundry/SphinxPlugin.sol";
-import {Script, stdJson, VmSafe} from "forge-std/Script.sol";
+import {Sphinx} from "@sphinx-labs/contracts/contracts/foundry/SphinxPlugin.sol";
+import {Script} from "forge-std/Script.sol";
 
-import "src/JBAddressRegistry.sol";
+import {JBAddressRegistry} from "src/JBAddressRegistry.sol";
 
 contract Deploy is Script, Sphinx {
     bytes32 constant ADDRESS_REGISTRY_SALT = "_JBAddressRegistryV6_";
@@ -18,7 +18,9 @@ contract Deploy is Script, Sphinx {
 
     function run() public sphinx {
         // Only deploy if this bytecode is not already deployed.
-        if (!_isDeployed(ADDRESS_REGISTRY_SALT, type(JBAddressRegistry).creationCode, "")) {
+        if (!_isDeployed({
+                salt: ADDRESS_REGISTRY_SALT, creationCode: type(JBAddressRegistry).creationCode, arguments: ""
+            })) {
             new JBAddressRegistry{salt: ADDRESS_REGISTRY_SALT}();
         }
     }

package/script/helpers/AddressRegistryDeploymentLib.sol

@@ -13,7 +13,9 @@ struct AddressRegistryDeployment {
 
 library AddressRegistryDeploymentLib {
     // Cheat code address, 0x7109709ECfa91a80626fF3989D68f67F5b1DD12D.
+    // forge-lint: disable-next-line(screaming-snake-case-const)
     address internal constant VM_ADDRESS = address(uint160(uint256(keccak256("hevm cheat code"))));
+    // forge-lint: disable-next-line(screaming-snake-case-const)
     Vm internal constant vm = Vm(VM_ADDRESS);
 
     function getDeployment(string memory path) internal returns (AddressRegistryDeployment memory deployment) {
@@ -27,7 +29,7 @@ library AddressRegistryDeploymentLib {
 
         for (uint256 _i; _i < networks.length; _i++) {
             if (networks[_i].chainId == chainId) {
-                return getDeployment(path, networks[_i].name);
+                return getDeployment({path: path, networkName: networks[_i].name});
             }
         }
 
@@ -36,14 +38,20 @@ library AddressRegistryDeploymentLib {
 
     function getDeployment(
         string memory path,
-        string memory network_name
+        string memory networkName
     )
         internal
         view
         returns (AddressRegistryDeployment memory deployment)
     {
-        deployment.registry =
-            IJBAddressRegistry(_getDeploymentAddress(path, "nana-address-registry", network_name, "JBAddressRegistry"));
+        deployment.registry = IJBAddressRegistry(
+            _getDeploymentAddress({
+                path: path,
+                projectName: "nana-address-registry-v6",
+                networkName: networkName,
+                contractName: "JBAddressRegistry"
+            })
+        );
     }
 
     /// @notice Get the address of a contract that was deployed by the Deploy script.
@@ -53,8 +61,8 @@ library AddressRegistryDeploymentLib {
     /// @return The address of the contract.
     function _getDeploymentAddress(
         string memory path,
-        string memory project_name,
-        string memory network_name,
+        string memory projectName,
+        string memory networkName,
         string memory contractName
     )
         internal
@@ -62,7 +70,8 @@ library AddressRegistryDeploymentLib {
         returns (address)
     {
         string memory deploymentJson =
-            vm.readFile(string.concat(path, project_name, "/", network_name, "/", contractName, ".json"));
-        return stdJson.readAddress(deploymentJson, ".address");
+        // forge-lint: disable-next-line(unsafe-cheatcode)
+        vm.readFile(string.concat(path, projectName, "/", networkName, "/", contractName, ".json"));
+        return stdJson.readAddress({json: deploymentJson, key: ".address"});
     }
 }

package/src/JBAddressRegistry.sol

@@ -104,6 +104,7 @@ contract JBAddressRegistry is IJBAddressRegistry {
             // forge-lint: disable-next-line(unsafe-typecast)
             data = abi.encodePacked(bytes1(0xde), bytes1(0x94), origin, bytes1(0x88), uint64(nonce));
         }
+        // forge-lint: disable-next-line(asm-keccak256)
         bytes32 hash = keccak256(data);
         assembly {
             mstore(0, hash)

package/test/JBAddressRegistry.t.sol

@@ -1,8 +1,8 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.26;
 
-import "forge-std/Test.sol";
-import "../src/JBAddressRegistry.sol";
+import {Test} from "forge-std/Test.sol";
+import {JBAddressRegistry} from "../src/JBAddressRegistry.sol";
 
 contract JBAddressRegistryTest is Test {
     event AddressRegistered(address indexed addr, address indexed deployer, address caller);

package/test/JBAddressRegistry_Fork.t.sol

@@ -1,8 +1,8 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.26;
 
-import "forge-std/Test.sol";
-import "../src/JBAddressRegistry.sol";
+import {Test} from "forge-std/Test.sol";
+import {JBAddressRegistry} from "../src/JBAddressRegistry.sol";
 
 contract JBAddressRegistryTest_Fork is Test {
     address owner = makeAddr("_owner");