@bananapus/core-v6 0.0.42 → 0.0.43

package/CHANGELOG.md

@@ -19,7 +19,7 @@ This file describes the verified change from `nana-core-v5` to the current `nana
 - Token metadata is more editable than in v5. The controller now exposes a dedicated token-metadata update path.
 - Approval-hook handling is safer. The v6 codebase and tests are built around preventing a bad approval hook from freezing project behavior.
 - Fee accounting is tighter than in v5, especially around fee-free surplus behavior and cross-flow bookkeeping.
-- The repo carries much broader test coverage than the v5 tree, including dedicated audit, invariant, fork, and formal-style suites.
+- The repo carries much broader test coverage than the v5 tree, including dedicated review, invariant, fork, and formal-style suites.
 - The implementation baseline moved from the v5 `0.8.23` world to `0.8.28`.
 
 ## Verified deltas

package/README.md

@@ -89,7 +89,7 @@ When a flow is unclear, read the contract that owns the state before the contrac
 2. `test/TestTerminalPreviewParity.sol`
 3. `test/invariants/TerminalStoreInvariant.t.sol`
 4. `test/invariants/RulesetsInvariant.t.sol`
-5. `test/audit/CrossTerminalSurplusSpoof.t.sol`
+5. `test/regression/CrossTerminalSurplusSpoof.t.sol`
 
 ## Install
 
@@ -123,7 +123,7 @@ This repo contains the main core deployments and periphery deployment helpers. M
 src/
   core contracts, periphery helpers, interfaces, libraries, enums, structs, and abstract bases
 test/
-  unit, integration, fork, invariant, audit, formal, and regression coverage
+  unit, integration, fork, invariant, review, formal, and regression coverage
 script/
   Deploy.s.sol
   DeployPeriphery.s.sol
@@ -135,7 +135,7 @@ script/
 - Hooks can materially change payment and cash-out behavior.
 - Permissions are flexible, which makes broad or wildcard grants risky.
 - Multi-terminal and multi-token accounting is powerful, but it is easy to misuse if an integration assumes a single-terminal model.
-- Fee, surplus, and reclaim logic stay high-priority audit areas.
+- Fee, surplus, and reclaim logic stay high-priority review areas.
 
 The easiest way to misread V6 is to treat core like a simple crowdfunding terminal. It is closer to a configurable accounting and settlement layer.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bananapus/core-v6",
-  "version": "0.0.42",
+  "version": "0.0.43",
   "license": "MIT",
   "repository": {
     "type": "git",

package/references/types-errors-events.md

@@ -182,7 +182,6 @@ Errors an agent is most likely to encounter. All are custom errors (revert with
 | `JBSplits_TotalPercentExceeds100` | `JBSplits` | Split percentages sum exceeds `SPLITS_TOTAL_PERCENT`. |
 | `JBPrices_PriceFeedAlreadyExists` | `JBPrices` | Feed already set for that currency pair (immutable). |
 | `JBPrices_PriceFeedNotFound` | `JBPrices` | No feed found for the requested currency pair. |
-| `JBPermissions_CantSetRootPermissionForWildcardProject` | `JBPermissions` | Tried to grant ROOT with `projectId = 0` (wildcard). |
 | `JBRulesets_InvalidWeight` | `JBRulesets` | Weight exceeds `uint112.max`. |
 | `JBRulesets_InvalidWeightCutPercent` | `JBRulesets` | `weightCutPercent` exceeds `MAX_WEIGHT_CUT_PERCENT`. |
 | `JBFundAccessLimits_InvalidPayoutLimitCurrencyOrdering` | `JBFundAccessLimits` | Payout limit currencies not in strictly increasing order. |

package/src/JBChainlinkV3PriceFeed.sol

@@ -17,7 +17,7 @@ contract JBChainlinkV3PriceFeed is IJBPriceFeed {
     // --------------------------- custom errors ------------------------- //
     //*********************************************************************//
 
-    error JBChainlinkV3PriceFeed_IncompleteRound();
+    error JBChainlinkV3PriceFeed_IncompleteRound(uint80 roundId, uint80 answeredInRound, uint256 updatedAt);
     error JBChainlinkV3PriceFeed_NegativePrice(int256 price);
     error JBChainlinkV3PriceFeed_StalePrice(uint256 timestamp, uint256 threshold, uint256 updatedAt);
 
@@ -51,20 +51,28 @@ contract JBChainlinkV3PriceFeed is IJBPriceFeed {
     /// @return The current unit price from the feed, as a fixed point number with the specified number of decimals.
     function currentUnitPrice(uint256 decimals) public view virtual override returns (uint256) {
         // Get the latest round information from the feed.
-        // slither-disable-next-line unused-return
         (uint80 roundId, int256 price,, uint256 updatedAt, uint80 answeredInRound) = FEED.latestRoundData();
 
         // Make sure the round is finished (check before stale price to avoid false stale on incomplete rounds).
-        // slither-disable-next-line incorrect-equality
-        if (updatedAt == 0) revert JBChainlinkV3PriceFeed_IncompleteRound();
+        if (updatedAt == 0) {
+            revert JBChainlinkV3PriceFeed_IncompleteRound({
+                roundId: roundId, answeredInRound: answeredInRound, updatedAt: updatedAt
+            });
+        }
 
         // Make sure the answer was provided in the current round.
-        if (answeredInRound < roundId) revert JBChainlinkV3PriceFeed_IncompleteRound();
+        if (answeredInRound < roundId) {
+            revert JBChainlinkV3PriceFeed_IncompleteRound({
+                roundId: roundId, answeredInRound: answeredInRound, updatedAt: updatedAt
+            });
+        }
 
         // Make sure the price's update threshold is met.
         // forge-lint: disable-next-line(block-timestamp)
         if (block.timestamp > THRESHOLD + updatedAt) {
-            revert JBChainlinkV3PriceFeed_StalePrice(block.timestamp, THRESHOLD, updatedAt);
+            revert JBChainlinkV3PriceFeed_StalePrice({
+                timestamp: block.timestamp, threshold: THRESHOLD, updatedAt: updatedAt
+            });
         }
 
         // Make sure the price is positive.

package/src/JBChainlinkV3SequencerPriceFeed.sol

@@ -14,7 +14,7 @@ contract JBChainlinkV3SequencerPriceFeed is JBChainlinkV3PriceFeed {
     // --------------------------- custom errors ------------------------- //
     //*********************************************************************//
 
-    error JBChainlinkV3SequencerPriceFeed_InvalidRound();
+    error JBChainlinkV3SequencerPriceFeed_InvalidRound(uint256 startedAt);
     error JBChainlinkV3SequencerPriceFeed_SequencerDownOrRestarting(
         uint256 timestamp, uint256 gracePeriodTime, uint256 startedAt
     );
@@ -58,18 +58,17 @@ contract JBChainlinkV3SequencerPriceFeed is JBChainlinkV3PriceFeed {
     /// @return The current unit price from the feed, as a fixed point number with the specified number of decimals.
     function currentUnitPrice(uint256 decimals) public view override returns (uint256) {
         // Fetch sequencer status.
-        // slither-disable-next-line unused-return
         (, int256 answer, uint256 startedAt,,) = SEQUENCER_FEED.latestRoundData();
 
         // Check if round is valid to prevent an edge-case where Arbitrum uptime contract is not init.
-        if (startedAt == 0) revert JBChainlinkV3SequencerPriceFeed_InvalidRound();
+        if (startedAt == 0) revert JBChainlinkV3SequencerPriceFeed_InvalidRound({startedAt: startedAt});
 
         // Revert if sequencer has too recently restarted or is currently down.
         // forge-lint: disable-next-line(block-timestamp)
         if (block.timestamp <= GRACE_PERIOD_TIME + startedAt || answer != 0) {
-            revert JBChainlinkV3SequencerPriceFeed_SequencerDownOrRestarting(
-                block.timestamp, GRACE_PERIOD_TIME, startedAt
-            );
+            revert JBChainlinkV3SequencerPriceFeed_SequencerDownOrRestarting({
+                timestamp: block.timestamp, gracePeriodTime: GRACE_PERIOD_TIME, startedAt: startedAt
+            });
         }
 
         return super.currentUnitPrice(decimals);

package/src/JBController.sol

@@ -60,19 +60,19 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
     //*********************************************************************//
 
     error JBController_AddingPriceFeedNotAllowed(uint256 projectId);
-    error JBController_CreditTransfersPaused();
+    error JBController_CreditTransfersPaused(uint256 projectId, uint256 rulesetId);
     error JBController_InvalidCashOutTaxRate(uint256 rate, uint256 limit);
     error JBController_InvalidReservedPercent(uint256 percent, uint256 limit);
     error JBController_MintNotAllowedAndNotTerminalOrHook(address caller);
-    error JBController_NoReservedTokens();
+    error JBController_NoReservedTokens(uint256 projectId);
     error JBController_OnlyDirectory(address sender, IJBDirectory directory);
     error JBController_PendingReservedTokens(uint256 pendingReservedTokenBalance);
     error JBController_RulesetsAlreadyLaunched(uint256 projectId);
-    error JBController_RulesetsArrayEmpty();
+    error JBController_RulesetsArrayEmpty(uint256 projectId, uint256 rulesetConfigurationCount);
     error JBController_RulesetSetTokenNotAllowed(uint256 projectId);
-    error JBController_TerminalTokensNotTransferred();
-    error JBController_ZeroTokensToBurn();
-    error JBController_ZeroTokensToMint();
+    error JBController_TerminalTokensNotTransferred(address terminal, address token, uint256 allowance);
+    error JBController_ZeroTokensToBurn(uint256 projectId, address holder);
+    error JBController_ZeroTokensToMint(uint256 projectId, address beneficiary);
 
     //*********************************************************************//
     // --------------- public immutable stored properties ---------------- //
@@ -163,7 +163,6 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
         RULESETS = rulesets;
         SPLITS = splits;
         TOKENS = tokens;
-        // slither-disable-next-line missing-zero-check
         OMNICHAIN_RULESET_OPERATOR = omnichainRulesetOperator;
     }
 
@@ -235,7 +234,6 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
             from.supportsInterface(type(IJBController).interfaceId)
                 && IJBController(address(from)).pendingReservedTokenBalanceOf(projectId) > 0
         ) {
-            // slither-disable-next-line unused-return
             IJBController(address(from)).sendReservedTokensToSplitsOf(projectId);
         }
     }
@@ -261,11 +259,11 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
             account: holder,
             projectId: projectId,
             permissionId: JBPermissionIds.BURN_TOKENS,
-            alsoGrantAccessIf: _isTerminalOf(projectId, _msgSender())
+            alsoGrantAccessIf: _isTerminalOf({projectId: projectId, terminal: _msgSender()})
         });
 
         // There must be tokens to burn.
-        if (tokenCount == 0) revert JBController_ZeroTokensToBurn();
+        if (tokenCount == 0) revert JBController_ZeroTokensToBurn({projectId: projectId, holder: holder});
 
         emit BurnTokens({
             holder: holder, projectId: projectId, tokenCount: tokenCount, memo: memo, caller: _msgSender()
@@ -359,7 +357,6 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
         // Approve the tokens being paid.
         IERC20(address(token)).forceApprove({spender: address(terminal), value: splitTokenCount});
 
-        // slither-disable-next-line unused-return
         terminal.pay({
             projectId: projectId,
             token: address(token),
@@ -371,8 +368,11 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
         });
 
         // Make sure that the terminal received the tokens.
-        if (IERC20(address(token)).allowance({owner: address(this), spender: address(terminal)}) != 0) {
-            revert JBController_TerminalTokensNotTransferred();
+        uint256 allowance = IERC20(address(token)).allowance({owner: address(this), spender: address(terminal)});
+        if (allowance != 0) {
+            revert JBController_TerminalTokensNotTransferred({
+                terminal: address(terminal), token: address(token), allowance: allowance
+            });
         }
     }
 
@@ -400,7 +400,6 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
         returns (uint256 projectId)
     {
         // Mint the project ERC-721 into the owner's wallet.
-        // slither-disable-next-line reentrancy-benign
         projectId = PROJECTS.createFor(owner);
 
         // If provided, set the project's metadata URI.
@@ -415,7 +414,6 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
         _configureTerminals({projectId: projectId, terminalConfigurations: terminalConfigurations});
 
         // Queue the rulesets.
-        // slither-disable-next-line reentrancy-events
         uint256 rulesetId = _queueRulesets({projectId: projectId, rulesetConfigurations: rulesetConfigurations});
 
         emit LaunchProject({
@@ -445,7 +443,11 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
         returns (uint256 rulesetId)
     {
         // Make sure there are rulesets being queued.
-        if (rulesetConfigurations.length == 0) revert JBController_RulesetsArrayEmpty();
+        if (rulesetConfigurations.length == 0) {
+            revert JBController_RulesetsArrayEmpty({
+                projectId: projectId, rulesetConfigurationCount: rulesetConfigurations.length
+            });
+        }
 
         // Keep a reference to the sender.
         address sender = _msgSender();
@@ -477,7 +479,7 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
 
         // If the project has already had rulesets, use `queueRulesetsOf(...)` instead.
         if (RULESETS.latestRulesetIdOf(projectId) > 0) {
-            revert JBController_RulesetsAlreadyLaunched(projectId);
+            revert JBController_RulesetsAlreadyLaunched({projectId: projectId});
         }
 
         // If provided, set the project's metadata URI.
@@ -492,7 +494,6 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
         _configureTerminals({projectId: projectId, terminalConfigurations: terminalConfigurations});
 
         // Queue the first ruleset.
-        // slither-disable-next-line reentrancy-events
         rulesetId = _queueRulesets({projectId: projectId, rulesetConfigurations: rulesetConfigurations});
 
         emit LaunchRulesets({
@@ -539,7 +540,7 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
         returns (uint256 beneficiaryTokenCount)
     {
         // There should be tokens to mint.
-        if (tokenCount == 0) revert JBController_ZeroTokensToMint();
+        if (tokenCount == 0) revert JBController_ZeroTokensToMint({projectId: projectId, beneficiary: beneficiary});
 
         // Keep a reference to the reserved percent.
         uint256 reservedPercent;
@@ -549,11 +550,11 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
 
         // Cache common values used in both permission checks.
         address sender = _msgSender();
-        bool senderIsTerminal = _isTerminalOf(projectId, sender);
+        bool senderIsTerminal = _isTerminalOf({projectId: projectId, terminal: sender});
         bool senderIsTerminalOrDataHook = senderIsTerminal || sender == ruleset.dataHook();
         // Only query the data hook if the sender isn't already a terminal or the data hook itself.
-        bool senderHasDataHookMintPermission =
-            !senderIsTerminalOrDataHook && _hasDataHookMintPermissionFor(projectId, ruleset, sender);
+        bool senderHasDataHookMintPermission = !senderIsTerminalOrDataHook
+            && _hasDataHookMintPermissionFor({projectId: projectId, ruleset: ruleset, addr: sender});
 
         // Minting is restricted to: the project's owner, addresses with permission to `MINT_TOKENS`, the project's
         // terminals, and the project's data hook.
@@ -570,7 +571,7 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
             ruleset.id != 0 && !ruleset.allowOwnerMinting() && !senderIsTerminalOrDataHook
                 && !senderHasDataHookMintPermission
         ) {
-            revert JBController_MintNotAllowedAndNotTerminalOrHook(sender);
+            revert JBController_MintNotAllowedAndNotTerminalOrHook({caller: sender});
         }
 
         // Determine the reserved percent to use.
@@ -581,7 +582,6 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
 
         if (beneficiaryTokenCount != 0) {
             // Mint the tokens.
-            // slither-disable-next-line reentrancy-benign,reentrancy-events,unused-return
             TOKENS.mintFor({holder: beneficiary, projectId: projectId, count: beneficiaryTokenCount});
         }
 
@@ -618,7 +618,11 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
         returns (uint256 rulesetId)
     {
         // Make sure there are rulesets being queued.
-        if (rulesetConfigurations.length == 0) revert JBController_RulesetsArrayEmpty();
+        if (rulesetConfigurations.length == 0) {
+            revert JBController_RulesetsArrayEmpty({
+                projectId: projectId, rulesetConfigurationCount: rulesetConfigurations.length
+            });
+        }
 
         // Enforce permissions.
         _requirePermissionAllowingOverrideFrom({
@@ -629,7 +633,6 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
         });
 
         // Queue the rulesets.
-        // slither-disable-next-line reentrancy-events
         rulesetId = _queueRulesets({projectId: projectId, rulesetConfigurations: rulesetConfigurations});
 
         emit QueueRulesets({rulesetId: rulesetId, projectId: projectId, memo: memo, caller: _msgSender()});
@@ -748,7 +751,9 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
         JBRuleset memory ruleset = _currentRulesetOf(projectId);
 
         // Credit transfers must not be paused.
-        if (ruleset.pauseCreditTransfers()) revert JBController_CreditTransfersPaused();
+        if (ruleset.pauseCreditTransfers()) {
+            revert JBController_CreditTransfersPaused({projectId: projectId, rulesetId: ruleset.id});
+        }
 
         TOKENS.transferCreditsFrom({holder: holder, projectId: projectId, recipient: recipient, count: creditCount});
     }
@@ -939,7 +944,6 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
             JBTerminalConfig memory terminalConfig = terminalConfigurations[i];
 
             // Add the accounting contexts for the specified tokens.
-            // slither-disable-next-line calls-loop
             terminalConfig.terminal
                 .addAccountingContextsFor({
                     projectId: projectId, accountingContexts: terminalConfig.accountingContextsToAccept
@@ -975,20 +979,19 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
 
             // Make sure its reserved percent is valid.
             if (rulesetConfig.metadata.reservedPercent > JBConstants.MAX_RESERVED_PERCENT) {
-                revert JBController_InvalidReservedPercent(
-                    rulesetConfig.metadata.reservedPercent, JBConstants.MAX_RESERVED_PERCENT
-                );
+                revert JBController_InvalidReservedPercent({
+                    percent: rulesetConfig.metadata.reservedPercent, limit: JBConstants.MAX_RESERVED_PERCENT
+                });
             }
 
             // Make sure its cash out tax rate is valid.
             if (rulesetConfig.metadata.cashOutTaxRate > JBConstants.MAX_CASH_OUT_TAX_RATE) {
-                revert JBController_InvalidCashOutTaxRate(
-                    rulesetConfig.metadata.cashOutTaxRate, JBConstants.MAX_CASH_OUT_TAX_RATE
-                );
+                revert JBController_InvalidCashOutTaxRate({
+                    rate: rulesetConfig.metadata.cashOutTaxRate, limit: JBConstants.MAX_CASH_OUT_TAX_RATE
+                });
             }
 
             // Queue its ruleset.
-            // slither-disable-next-line calls-loop
             JBRuleset memory ruleset = RULESETS.queueFor({
                 projectId: projectId,
                 duration: rulesetConfig.duration,
@@ -1000,13 +1003,11 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
             });
 
             // Set its split groups.
-            // slither-disable-next-line calls-loop
             SPLITS.setSplitGroupsOf({
                 projectId: projectId, rulesetId: ruleset.id, splitGroups: rulesetConfig.splitGroups
             });
 
             // Set its fund access limits.
-            // slither-disable-next-line calls-loop
             FUND_ACCESS_LIMITS.setFundAccessLimitsFor({
                 projectId: projectId, rulesetId: ruleset.id, fundAccessLimitGroups: rulesetConfig.fundAccessLimitGroups
             });
@@ -1069,13 +1070,19 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
 
                 // If the split has a hook, call its `processSplitWith` function.
                 if (split.hook != IJBSplitHook(address(0))) {
-                    // Send the tokens to the split hook.
-                    // slither-disable-next-line reentrancy-events
-                    _sendTokens({
-                        projectId: projectId, tokenCount: splitTokenCount, recipient: address(split.hook), token: token
-                    });
+                    if (token != IJBToken(address(0))) {
+                        // ERC-20: grant the hook an allowance and let it pull tokens via transferFrom.
+                        IERC20(address(token)).forceApprove({spender: address(split.hook), value: splitTokenCount});
+                    } else {
+                        // Credits: send directly — there is no allowance mechanism for credits.
+                        TOKENS.transferCreditsFrom({
+                            holder: address(this),
+                            projectId: projectId,
+                            recipient: address(split.hook),
+                            count: splitTokenCount
+                        });
+                    }
 
-                    // slither-disable-next-line calls-loop,reentrancy-events
                     try split.hook
                         .processSplitWith(
                             JBSplitHookContext({
@@ -1088,9 +1095,18 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
                             })
                         ) {}
                     catch (bytes memory reason) {
-                        // If the hook reverts, the tokens already transferred to it stay with the hook.
                         emit SplitHookReverted({projectId: projectId, hook: address(split.hook), reason: reason});
                     }
+
+                    // For ERC-20 tokens, burn any tokens the hook did not consume.
+                    if (token != IJBToken(address(0))) {
+                        uint256 remaining =
+                            IERC20(address(token)).allowance({owner: address(this), spender: address(split.hook)});
+                        if (remaining > 0) {
+                            IERC20(address(token)).forceApprove({spender: address(split.hook), value: 0});
+                            TOKENS.burnFrom({holder: address(this), projectId: projectId, count: remaining});
+                        }
+                    }
                     // If the split has a project ID, try to pay the project. If that fails, pay the beneficiary.
                 } else {
                     // Pay the project using the split's beneficiary if one was provided. Otherwise, use the message
@@ -1099,7 +1115,6 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
 
                     if (split.projectId != 0) {
                         // Get a reference to the receiving project's primary payment terminal for the token.
-                        // slither-disable-next-line calls-loop
                         IJBTerminal terminal = token == IJBToken(address(0))
                             ? IJBTerminal(address(0))
                             : DIRECTORY.primaryTerminalOf({projectId: split.projectId, token: address(token)});
@@ -1108,17 +1123,14 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
                         // which accepts the token, send the tokens to the beneficiary.
                         if (address(token) == address(0) || address(terminal) == address(0)) {
                             // Mint the tokens to the beneficiary.
-                            // slither-disable-next-line reentrancy-events
                             _sendTokens({
                                 projectId: projectId, tokenCount: splitTokenCount, recipient: beneficiary, token: token
                             });
                         } else {
                             // Use the `projectId` in the pay metadata.
-                            // slither-disable-next-line reentrancy-events
                             bytes memory metadata = bytes(abi.encodePacked(projectId));
 
                             // Try to fulfill the payment.
-                            // slither-disable-next-line calls-loop
                             try this.executePayReservedTokenToTerminal({
                                 projectId: split.projectId,
                                 terminal: terminal,
@@ -1142,7 +1154,6 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
                         }
                     } else if (beneficiary == address(0xdead)) {
                         // If the split has no project ID, and the beneficiary is 0xdead, burn.
-                        // slither-disable-next-line calls-loop
                         TOKENS.burnFrom({holder: address(this), projectId: projectId, count: splitTokenCount});
                     } else {
                         // If the split has no project Id, send to beneficiary.
@@ -1180,7 +1191,7 @@ contract JBController is JBPermissioned, ERC2771Context, IJBController, IJBMigra
         tokenCount = pendingReservedTokenBalanceOf[projectId];
 
         // Revert if there are no pending reserved tokens
-        if (tokenCount == 0) revert JBController_NoReservedTokens();
+        if (tokenCount == 0) revert JBController_NoReservedTokens({projectId: projectId});
 
         // Get the ruleset to read the reserved percent from.
         JBRuleset memory ruleset = _currentRulesetOf(projectId);

package/src/JBDirectory.sol

@@ -121,7 +121,7 @@ contract JBDirectory is JBPermissioned, Ownable, IJBDirectory {
 
         // If setting the controller is not allowed, revert.
         if (!allowSetController) {
-            revert JBDirectory_SetControllerNotAllowed(projectId);
+            revert JBDirectory_SetControllerNotAllowed({projectId: projectId});
         }
 
         // Prepare the new controller to receive the project.
@@ -140,10 +140,8 @@ contract JBDirectory is JBPermissioned, Ownable, IJBDirectory {
         }
 
         // Set the new controller after migration completes.
-        // slither-disable-next-line reentrancy-no-eth
         controllerOf[projectId] = controller;
 
-        // slither-disable-next-line reentrancy-events
         emit SetController({projectId: projectId, controller: controller, caller: msg.sender});
 
         // Notify the new controller that migration is complete and it is now the active controller.
@@ -185,7 +183,7 @@ contract JBDirectory is JBPermissioned, Ownable, IJBDirectory {
 
         // If the terminal doesn't accept the token, revert.
         if (terminal.accountingContextForTokenOf({projectId: projectId, token: token}).token == address(0)) {
-            revert JBDirectory_TokenNotAccepted(projectId, token, terminal);
+            revert JBDirectory_TokenNotAccepted({projectId: projectId, token: token, terminal: terminal});
         }
 
         // If the terminal is not already in the project's terminal list, require ADD_TERMINALS permission.
@@ -229,7 +227,7 @@ contract JBDirectory is JBPermissioned, Ownable, IJBDirectory {
 
         // If the caller is not the project's controller, the project's ruleset must allow setting terminals.
         if (msg.sender != address(controller) && !allowSetTerminals) {
-            revert JBDirectory_SetTerminalsNotAllowed(projectId);
+            revert JBDirectory_SetTerminalsNotAllowed({projectId: projectId});
         }
 
         // Set the stored terminals for the project.
@@ -286,7 +284,6 @@ contract JBDirectory is JBPermissioned, Ownable, IJBDirectory {
             IJBTerminal terminal = terminals[i];
 
             // If the terminal accepts the specified token, return it.
-            // slither-disable-next-line calls-loop
             if (terminal.accountingContextForTokenOf({projectId: projectId, token: token}).token != address(0)) {
                 return terminal;
             }
@@ -355,7 +352,7 @@ contract JBDirectory is JBPermissioned, Ownable, IJBDirectory {
 
         // The project's ruleset must allow setting terminals.
         if (!allowSetTerminals) {
-            revert JBDirectory_SetTerminalsNotAllowed(projectId);
+            revert JBDirectory_SetTerminalsNotAllowed({projectId: projectId});
         }
 
         // Add the new terminal.

package/src/JBERC20.sol

@@ -25,8 +25,8 @@ contract JBERC20 is ERC20Votes, ERC20Permit, JBPermissioned, IERC1271, IJBToken
     // --------------------------- custom errors ------------------------- //
     //*********************************************************************//
 
-    error JBERC20_AlreadyInitialized();
-    error JBERC20_Unauthorized();
+    error JBERC20_AlreadyInitialized(uint256 currentNameLength, uint256 newNameLength);
+    error JBERC20_Unauthorized(address caller, address tokens);
 
     //*********************************************************************//
     // --------------- public immutable stored properties ---------------- //
@@ -48,11 +48,9 @@ contract JBERC20 is ERC20Votes, ERC20Permit, JBPermissioned, IERC1271, IJBToken
     //*********************************************************************//
 
     /// @notice The token's name.
-    // slither-disable-next-line shadowing-state
     string private _name;
 
     /// @notice The token's symbol.
-    // slither-disable-next-line shadowing-state
     string private _symbol;
 
     //*********************************************************************//
@@ -82,7 +80,7 @@ contract JBERC20 is ERC20Votes, ERC20Permit, JBPermissioned, IERC1271, IJBToken
     /// @notice Only the JBTokens contract can call this function.
     // forge-lint: disable-next-line(unwrapped-modifier-logic)
     modifier onlyTokens() {
-        if (msg.sender != address(TOKENS)) revert JBERC20_Unauthorized();
+        if (msg.sender != address(TOKENS)) revert JBERC20_Unauthorized({caller: msg.sender, tokens: address(TOKENS)});
         _;
     }
 
@@ -132,7 +130,6 @@ contract JBERC20 is ERC20Votes, ERC20Permit, JBPermissioned, IERC1271, IJBToken
     /// @return magicValue `0x1626ba7e` if the signature is valid, `0xffffffff` otherwise.
     function isValidSignature(bytes32 hash, bytes memory signature) external view override returns (bytes4 magicValue) {
         // Recover the signer from the signature. Return invalid if recovery fails.
-        // slither-disable-next-line unused-return
         (address signer, ECDSA.RecoverError error,) = ECDSA.tryRecover(hash, signature);
         if (error != ECDSA.RecoverError.NoError) return 0xffffffff;
 
@@ -201,7 +198,11 @@ contract JBERC20 is ERC20Votes, ERC20Permit, JBPermissioned, IERC1271, IJBToken
     /// @param tokens The JBTokens contract that manages this token.
     function initialize(string memory name_, string memory symbol_, address tokens) public override {
         // Prevent re-initialization by reverting if a name is already set or if the provided name is empty.
-        if (bytes(_name).length != 0 || bytes(name_).length == 0) revert JBERC20_AlreadyInitialized();
+        if (bytes(_name).length != 0 || bytes(name_).length == 0) {
+            revert JBERC20_AlreadyInitialized({
+                currentNameLength: bytes(_name).length, newNameLength: bytes(name_).length
+            });
+        }
 
         _name = name_;
         _symbol = symbol_;

package/src/JBFundAccessLimits.sol

@@ -18,8 +18,12 @@ contract JBFundAccessLimits is JBControlled, IJBFundAccessLimits {
     // --------------------------- custom errors ------------------------- //
     //*********************************************************************//
 
-    error JBFundAccessLimits_InvalidPayoutLimitCurrencyOrdering();
-    error JBFundAccessLimits_InvalidSurplusAllowanceCurrencyOrdering();
+    error JBFundAccessLimits_InvalidPayoutLimitCurrencyOrdering(
+        uint256 projectId, uint256 rulesetId, uint256 groupIndex, uint256 limitIndex
+    );
+    error JBFundAccessLimits_InvalidSurplusAllowanceCurrencyOrdering(
+        uint256 projectId, uint256 rulesetId, uint256 groupIndex, uint256 allowanceIndex
+    );
 
     //*********************************************************************//
     // --------------------- internal stored properties ------------------ //
@@ -102,7 +106,9 @@ contract JBFundAccessLimits is JBControlled, IJBFundAccessLimits {
                 // Make sure the payout limits are passed in strictly increasing order (sorted by currency) to prevent
                 // duplicates.
                 if (j != 0 && payoutLimit.currency <= fundAccessLimitGroup.payoutLimits[j - 1].currency) {
-                    revert JBFundAccessLimits_InvalidPayoutLimitCurrencyOrdering();
+                    revert JBFundAccessLimits_InvalidPayoutLimitCurrencyOrdering({
+                        projectId: projectId, rulesetId: rulesetId, groupIndex: i, limitIndex: j
+                    });
                 }
 
                 // Set the payout limit if there is one.
@@ -127,7 +133,9 @@ contract JBFundAccessLimits is JBControlled, IJBFundAccessLimits {
                 // Make sure the surplus allowances are passed in strictly increasing order (sorted by currency) to
                 // prevent duplicates.
                 if (j != 0 && surplusAllowance.currency <= fundAccessLimitGroup.surplusAllowances[j - 1].currency) {
-                    revert JBFundAccessLimits_InvalidSurplusAllowanceCurrencyOrdering();
+                    revert JBFundAccessLimits_InvalidSurplusAllowanceCurrencyOrdering({
+                        projectId: projectId, rulesetId: rulesetId, groupIndex: i, allowanceIndex: j
+                    });
                 }
 
                 // Set the surplus allowance if there is one.