@bananapus/suckers-v6 0.0.36 → 0.0.37

package/README.md

@@ -72,8 +72,8 @@ That means every bridge path has two trust surfaces:
 1. `test/unit/registry.t.sol`
 2. `test/unit/multi_chain_evolution.t.sol`
 3. `test/ForkClaimMainnet.t.sol`
-4. `test/audit/PeerSnapshotDesync.t.sol`
-5. `test/audit/ToRemoteFeeIrrecoverable.t.sol`
+4. `test/regression/PeerSnapshotDesync.t.sol`
+5. `test/regression/ToRemoteFeeIrrecoverable.t.sol`
 
 ## Install
 
@@ -113,7 +113,7 @@ src/
   structs/
   utils/
 test/
-  unit, fork, interoperability, attack, audit, and regression coverage
+  unit, fork, interoperability, attack, review, and regression coverage
 script/
   Deploy.s.sol
   helpers/

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bananapus/suckers-v6",
-  "version": "0.0.36",
+  "version": "0.0.37",
   "license": "MIT",
   "repository": {
     "type": "git",
@@ -26,7 +26,7 @@
     "deploy:mainnets": "source ./.env && npx sphinx propose ./script/Deploy.s.sol --networks mainnets",
     "deploy:testnets": "source ./.env && npx sphinx propose ./script/Deploy.s.sol --networks testnets",
     "artifacts": "source ./.env && npx sphinx artifacts --org-id 'ea165b21-7cdc-4d7b-be59-ecdd4c26bee4' --project-name 'nana-suckers-v6'",
-    "analyze": "slither . --config-file slither-ci.config.json"
+    "analyze": "forge lint --deny notes"
   },
   "dependencies": {
     "@arbitrum/nitro-contracts": "3.2.0",

package/references/operations.md

@@ -23,6 +23,6 @@
 
 ## Useful Proof Points
 
-- [`test/SuckerAttacks.t.sol`](../test/SuckerAttacks.t.sol), [`test/SuckerDeepAttacks.t.sol`](../test/SuckerDeepAttacks.t.sol), and [`test/TestAuditGaps.sol`](../test/TestAuditGaps.sol) for security-sensitive assumptions.
+- [`test/SuckerAttacks.t.sol`](../test/SuckerAttacks.t.sol), [`test/SuckerDeepAttacks.t.sol`](../test/SuckerDeepAttacks.t.sol), and [`test/TestRegressionGaps.sol`](../test/TestRegressionGaps.sol) for security-sensitive assumptions.
 - [`test/InteropCompat.t.sol`](../test/InteropCompat.t.sol) when the problem is deployment wiring rather than runtime logic.
-- [`test/unit/invariants.t.sol`](../test/unit/invariants.t.sol), [`test/unit/peer_chain_state.t.sol`](../test/unit/peer_chain_state.t.sol), and [`test/audit/PeerSnapshotDesync.t.sol`](../test/audit/PeerSnapshotDesync.t.sol) when shared accounting or snapshot boundaries are in doubt.
+- [`test/unit/invariants.t.sol`](../test/unit/invariants.t.sol), [`test/unit/peer_chain_state.t.sol`](../test/unit/peer_chain_state.t.sol), and [`test/regression/PeerSnapshotDesync.t.sol`](../test/regression/PeerSnapshotDesync.t.sol) when shared accounting or snapshot boundaries are in doubt.

package/references/runtime.md

@@ -27,4 +27,4 @@
 - [`test/ForkMainnet.t.sol`](../test/ForkMainnet.t.sol), [`test/ForkArbitrum.t.sol`](../test/ForkArbitrum.t.sol), [`test/ForkCelo.t.sol`](../test/ForkCelo.t.sol), and [`test/ForkOPStack.t.sol`](../test/ForkOPStack.t.sol) for real transport assumptions.
 - [`test/ForkSwap.t.sol`](../test/ForkSwap.t.sol), [`test/ForkClaimMainnet.t.sol`](../test/ForkClaimMainnet.t.sol), and [`test/SuckerRegressions.t.sol`](../test/SuckerRegressions.t.sol) for pinned cross-chain edge cases.
 - [`test/unit/invariants.t.sol`](../test/unit/invariants.t.sol), [`test/unit/peer_chain_state.t.sol`](../test/unit/peer_chain_state.t.sol), and [`test/unit/registry.t.sol`](../test/unit/registry.t.sol) for shared-accounting invariants.
-- [`test/SuckerAttacks.t.sol`](../test/SuckerAttacks.t.sol), [`test/SuckerDeepAttacks.t.sol`](../test/SuckerDeepAttacks.t.sol), [`test/audit/PeerSnapshotDesync.t.sol`](../test/audit/PeerSnapshotDesync.t.sol), and [`test/audit/PeerDeterminism.t.sol`](../test/audit/PeerDeterminism.t.sol) when the bug could involve base logic, registry behavior, or a specific bridge implementation.
+- [`test/SuckerAttacks.t.sol`](../test/SuckerAttacks.t.sol), [`test/SuckerDeepAttacks.t.sol`](../test/SuckerDeepAttacks.t.sol), [`test/regression/PeerSnapshotDesync.t.sol`](../test/regression/PeerSnapshotDesync.t.sol), and [`test/regression/PeerDeterminism.t.sol`](../test/regression/PeerDeterminism.t.sol) when the bug could involve base logic, registry behavior, or a specific bridge implementation.

package/src/JBArbitrumSucker.sol

@@ -127,7 +127,6 @@ contract JBArbitrumSucker is JBSucker, IJBArbitrumSucker {
         internal
     {
         address peerAddress = _peerAddress();
-        // slither-disable-next-line unused-return,calls-loop
         ARBINBOX.unsafeCreateRetryableTicket{value: callTransportCost + nativeValue}({
             to: peerAddress,
             l2CallValue: nativeValue,
@@ -144,7 +143,6 @@ contract JBArbitrumSucker is JBSucker, IJBArbitrumSucker {
     /// @param token The ERC-20 token to approve.
     /// @param amount The amount to approve.
     function _approveGateway(address token, uint256 amount) internal {
-        // slither-disable-next-line calls-loop
         SafeERC20.forceApprove({token: IERC20(token), spender: GATEWAYROUTER.getGateway(token), value: amount});
     }
 
@@ -168,10 +166,9 @@ contract JBArbitrumSucker is JBSucker, IJBArbitrumSucker {
         bytes memory data = abi.encodeCall(JBSucker.fromRemote, (message));
 
         // Depending on which layer we are on, send the call to the other layer.
-        // slither-disable-start out-of-order-retryable
         if (LAYER == JBLayer.L1) {
             // L1→L2 requires transport payment for retryable tickets.
-            if (transportPayment == 0) revert JBSucker_ExpectedMsgValue();
+            if (transportPayment == 0) revert JBSucker_ExpectedMsgValue({msgValue: transportPayment});
             _toL2({
                 token: token, transportPayment: transportPayment, amount: amount, data: data, remoteToken: remoteToken
             });
@@ -180,7 +177,6 @@ contract JBArbitrumSucker is JBSucker, IJBArbitrumSucker {
             if (transportPayment != 0) revert JBSucker_UnexpectedMsgValue(transportPayment);
             _toL1({token: token, amount: amount, data: data, remoteToken: remoteToken});
         }
-        // slither-disable-end out-of-order-retryable
     }
 
     /// @notice Bridge the `token` and data to the remote L1 chain.
@@ -208,7 +204,6 @@ contract JBArbitrumSucker is JBSucker, IJBArbitrumSucker {
             _approveGateway({token: token, amount: amount});
 
             // Convert bytes32 types to address at the Arbitrum bridge API boundary.
-            // slither-disable-next-line calls-loop,unused-return
             IArbL2GatewayRouter(address(GATEWAYROUTER))
                 .outboundTransfer({
                 l1Token: _toAddress(remoteToken.addr), to: peerAddress, amount: amount, data: bytes("")
@@ -220,7 +215,6 @@ contract JBArbitrumSucker is JBSucker, IJBArbitrumSucker {
 
         // Send the message to the peer with the reclaimed ETH.
         // Address `100` is the ArbSys precompile address.
-        // slither-disable-next-line calls-loop,unused-return
         ArbSys(address(100)).sendTxToL1{value: nativeValue}({destination: peerAddress, data: data});
     }
 
@@ -251,7 +245,6 @@ contract JBArbitrumSucker is JBSucker, IJBArbitrumSucker {
         uint256 maxSubmissionCost;
 
         {
-            // slither-disable-next-line calls-loop
             maxSubmissionCost =
                 ARBINBOX.calculateRetryableSubmissionFee({dataLength: data.length, baseFee: maxFeePerGas});
 
@@ -267,15 +260,12 @@ contract JBArbitrumSucker is JBSucker, IJBArbitrumSucker {
             {
                 // Get the exact calldata length the gateway will create for the retryable ticket.
                 // The Arbitrum Inbox validates maxSubmissionCost against this actual payload, not the user data.
-                // slither-disable-next-line calls-loop
                 address gateway = GATEWAYROUTER.getGateway(token);
-                // slither-disable-next-line calls-loop
                 uint256 outboundCalldataLength =
                     IL1ArbitrumGateway(gateway)
                 .getOutboundCalldata({
                     _token: token, _from: address(this), _to: _peerAddress(), _amount: amount, _data: bytes("")
                 }).length;
-                // slither-disable-next-line calls-loop
                 maxSubmissionCostERC20 = ARBINBOX.calculateRetryableSubmissionFee({
                     dataLength: outboundCalldataLength, baseFee: maxFeePerGas
                 });
@@ -284,7 +274,9 @@ contract JBArbitrumSucker is JBSucker, IJBArbitrumSucker {
 
             // Ensure we bridge enough for gas costs on L2 side
             if (transportPayment < callTransportCost + tokenTransportCost) {
-                revert JBArbitrumSucker_NotEnoughGas(transportPayment, callTransportCost + tokenTransportCost);
+                revert JBArbitrumSucker_NotEnoughGas({
+                    payment: transportPayment, cost: callTransportCost + tokenTransportCost
+                });
             }
 
             {
@@ -298,8 +290,6 @@ contract JBArbitrumSucker is JBSucker, IJBArbitrumSucker {
             _approveGateway({token: token, amount: amount});
 
             // Perform the ERC-20 bridge transfer. Convert bytes32 peer to address at the Arbitrum bridge API boundary.
-            // slither-disable-start out-of-order-retryable
-            // slither-disable-next-line calls-loop,unused-return
             IArbL1GatewayRouter(address(GATEWAYROUTER)).outboundTransferCustomRefund{value: tokenTransportCost}({
                 token: token,
                 refundTo: _msgSender(),
@@ -312,7 +302,7 @@ contract JBArbitrumSucker is JBSucker, IJBArbitrumSucker {
         } else {
             // Ensure we bridge enough for gas costs on L2 side
             if (transportPayment < callTransportCost) {
-                revert JBArbitrumSucker_NotEnoughGas(transportPayment, callTransportCost);
+                revert JBArbitrumSucker_NotEnoughGas({payment: transportPayment, cost: callTransportCost});
             }
 
             // If the token is the native token then we only need to do a single call.
@@ -328,7 +318,6 @@ contract JBArbitrumSucker is JBSucker, IJBArbitrumSucker {
         // The above check is the same check that makes it `safeCreateRetryableTicket`.
 
         // Convert bytes32 peer to address at the Arbitrum inbox API boundary.
-        // slither-disable-next-line calls-loop,unused-return
         _createRetryableTicket({
             callTransportCost: callTransportCost,
             nativeValue: nativeValue,
@@ -336,6 +325,5 @@ contract JBArbitrumSucker is JBSucker, IJBArbitrumSucker {
             maxFeePerGas: maxFeePerGas,
             data: data
         });
-        // slither-disable-end out-of-order-retryable
     }
 }

package/src/JBCCIPSucker.sol

@@ -163,7 +163,7 @@ contract JBCCIPSucker is JBSucker, IAny2EVMMessageReceiver {
 
         // Make sure that the message came from our peer.
         if (origin != _peerAddress() || any2EvmMessage.sourceChainSelector != REMOTE_CHAIN_SELECTOR) {
-            revert JBSucker_NotPeer(_toBytes32(origin));
+            revert JBSucker_NotPeer({caller: _toBytes32(origin)});
         }
 
         // Discriminate message type: abi.encode(uint8 type, bytes payload).
@@ -184,7 +184,7 @@ contract JBCCIPSucker is JBSucker, IAny2EVMMessageReceiver {
             // Forward the root message to this contract's fromRemote handler.
             this.fromRemote(root);
         } else {
-            revert JBCCIPSucker_UnknownMessageType(messageType);
+            revert JBCCIPSucker_UnknownMessageType({messageType: messageType});
         }
     }
 
@@ -225,7 +225,6 @@ contract JBCCIPSucker is JBSucker, IAny2EVMMessageReceiver {
             gasLimit += remoteToken.minGas;
 
             // Wrap native tokens if needed, build the CCIP token amounts array, and approve the router.
-            // slither-disable-next-line unused-return
             (tokenAmounts,) = JBCCIPLib.prepareTokenAmounts({ccipRouter: CCIP_ROUTER, token: token, amount: amount});
         } else {
             // No tokens to bridge — use an empty array.
@@ -239,7 +238,6 @@ contract JBCCIPSucker is JBSucker, IAny2EVMMessageReceiver {
         address feeToken = transportPayment == 0 ? CCIPHelper.linkOfChain(block.chainid) : address(0);
 
         // Build and send the CCIP message with the root payload.
-        // slither-disable-next-line reentrancy-events
         (bool refundFailed, uint256 refundAmount) = JBCCIPLib.sendCCIPMessage({
             ccipRouter: CCIP_ROUTER,
             remoteChainSelector: REMOTE_CHAIN_SELECTOR,
@@ -256,7 +254,6 @@ contract JBCCIPSucker is JBSucker, IAny2EVMMessageReceiver {
         // Retain failed refunds as caller credit instead of leaving them project-addable or stranded.
         if (refundFailed) {
             // Refund accounting is isolated per caller; reentry cannot increase the retained credit.
-            // slither-disable-next-line reentrancy-benign
             _retainTransportPaymentRefund({account: _msgSender(), amount: refundAmount});
             emit TransportPaymentRefundFailed({recipient: _msgSender(), amount: refundAmount});
         }

package/src/JBCeloSucker.sol

@@ -90,11 +90,9 @@ contract JBCeloSucker is JBOptimismSucker {
             }
 
             // Unwrap wrapped native tokens → native tokens.
-            // slither-disable-next-line calls-loop
             WRAPPED_NATIVE_TOKEN.withdraw(amount);
 
             // Get the project's primary terminal for native token.
-            // slither-disable-next-line calls-loop
             IJBTerminal terminal =
                 DIRECTORY.primaryTerminalOf({projectId: cachedProjectId, token: JBConstants.NATIVE_TOKEN});
 
@@ -103,7 +101,6 @@ contract JBCeloSucker is JBOptimismSucker {
             }
 
             // Add native ETH to the project's balance.
-            // slither-disable-next-line arbitrary-send-eth,calls-loop
             terminal.addToBalanceOf{value: amount}({
                 projectId: cachedProjectId,
                 token: JBConstants.NATIVE_TOKEN,
@@ -140,7 +137,7 @@ contract JBCeloSucker is JBOptimismSucker {
 
         // Revert if there's a `msg.value`. The OP bridge does not expect to be paid.
         if (transportPayment != 0) {
-            revert JBSucker_UnexpectedMsgValue(transportPayment);
+            revert JBSucker_UnexpectedMsgValue({value: transportPayment});
         }
 
         // Cache peer address to avoid redundant calls.
@@ -151,17 +148,14 @@ contract JBCeloSucker is JBOptimismSucker {
             address bridgeToken = token;
             if (token == JBConstants.NATIVE_TOKEN) {
                 // Wrap native tokens so they can be bridged as ERC-20.
-                // slither-disable-next-line arbitrary-send-eth,calls-loop
                 WRAPPED_NATIVE_TOKEN.deposit{value: amount}();
                 bridgeToken = address(WRAPPED_NATIVE_TOKEN);
             }
 
             // Approve the bridge to spend the token.
-            // slither-disable-next-line reentrancy-events
             SafeERC20.forceApprove({token: IERC20(bridgeToken), spender: address(OPBRIDGE), value: amount});
 
             // Bridge the ERC-20 token to the peer.
-            // slither-disable-next-line reentrancy-events,calls-loop
             OPBRIDGE.bridgeERC20To({
                 localToken: bridgeToken,
                 remoteToken: _toAddress(remoteToken.addr),
@@ -175,7 +169,6 @@ contract JBCeloSucker is JBOptimismSucker {
         // Send the messenger message with nativeValue = 0.
         // Celo's native token is CELO, not ETH — we never attach ETH as msg.value on the messenger.
         // On L1, the ETH was already wrapped and bridged as ERC-20 above.
-        // slither-disable-next-line reentrancy-events,calls-loop
         OPMESSENGER.sendMessage({
             target: peerAddress,
             message: abi.encodeCall(JBSucker.fromRemote, (message)),

package/src/JBOptimismSucker.sol

@@ -105,7 +105,7 @@ contract JBOptimismSucker is JBSucker, IJBOptimismSucker {
 
         // Revert if there's a `msg.value`. The OP bridge does not expect to be paid.
         if (transportPayment != 0) {
-            revert JBSucker_UnexpectedMsgValue(transportPayment);
+            revert JBSucker_UnexpectedMsgValue({value: transportPayment});
         }
 
         // Cache peer address to avoid redundant calls.
@@ -115,11 +115,9 @@ contract JBOptimismSucker is JBSucker, IJBOptimismSucker {
         // If the amount is `0` then we do not need to bridge any ERC20.
         if (token != JBConstants.NATIVE_TOKEN && amount != 0) {
             // Approve the tokens being bridged.
-            // slither-disable-next-line reentrancy-events
             SafeERC20.forceApprove({token: IERC20(token), spender: address(OPBRIDGE), value: amount});
 
             // Bridge the tokens to the peer sucker. Convert bytes32 types to address at the OP Bridge API boundary.
-            // slither-disable-next-line reentrancy-events,calls-loop
             OPBRIDGE.bridgeERC20To({
                 localToken: token,
                 remoteToken: _toAddress(remoteToken.addr),
@@ -134,7 +132,6 @@ contract JBOptimismSucker is JBSucker, IJBOptimismSucker {
         }
 
         // Send the message to the peer with the reclaimed ETH.
-        // slither-disable-next-line arbitrary-send-eth,reentrancy-events,calls-loop
         OPMESSENGER.sendMessage{value: nativeValue}({
             target: peerAddress,
             message: abi.encodeCall(JBSucker.fromRemote, (message)),