Merge branch 'develop' into slither-integration

OffchainLabs · Mar 5, 2024 · 819596d · 819596d
2 parents f3973f3 + 0f88cf7
commit 819596d
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 308 deletions.
diff --git a/audit-ci.jsonc b/audit-ci.jsonc
@@ -22,8 +22,6 @@
     "GHSA-5h3x-9wvq-w4m2",
     // axios cookies data-privacy issue; used only in hardhat-deploy and sol2uml (dev deps)
     "GHSA-wf5p-g6vw-rhxx",
-    // semver vulnerable to Regular Expression Denial of Service
-    "GHSA-c2qf-rxjj-qqgw",
     // flat vulnerable to Prototype Pollution
     "GHSA-2j2x-2gpw-g8fm",
     // regular expression DoS in debug
@@ -34,14 +32,10 @@
     "GHSA-f8q6-p94x-37v3",
     // Server-Side Request Forgery in Request
     "GHSA-p8p7-x288-28g6",
-    // Prototype Pollution in lodash
-    "GHSA-p6mc-m468-83gw",
     //  OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees; unused
     "GHSA-wprv-93r4-jj2p",
     //  follow-redirects improperly handles URLs in the url.parse() function
     "GHSA-jchw-25xp-jwwc",
-    // Undici's cookie header not cleared on cross-origin redirect in fetch,
-    "GHSA-wqq4-5wpv-mx2g",
     // yargs-parser Vulnerable to Prototype Pollution
     "GHSA-p9pc-299p-vxgp",
     // Axios vulnerable to Server-Side Request Forgery
@@ -51,6 +45,8 @@
     // Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
     "GHSA-pw2r-vq6v-hr8c",
     // Exposure of sensitive information in follow-redirects
-    "GHSA-74fj-2j2h-c42q"
+    "GHSA-74fj-2j2h-c42q",
+    // Open Zeppelin: Base64 encoding may read from potentially dirty memory
+    "GHSA-9vx6-7xxf-x967"
   ]
 }
diff --git a/foundry.toml b/foundry.toml
@@ -5,7 +5,7 @@ libs = ['node_modules', 'lib']
 test = 'test/foundry'
 cache_path  = 'forge-cache/sol'
 optimizer = true
-optimizer_runs = 20000
+optimizer_runs = 100
 via_ir = false
 solc_version = '0.8.9'
 

diff --git a/patches/@nomiclabs+hardhat-etherscan+3.1.0.patch b/patches/@nomiclabs+hardhat-etherscan+3.1.0.patch
diff --git a/src/mocks/PendingBlkTimeAndNrAdvanceCheck.sol b/src/mocks/PendingBlkTimeAndNrAdvanceCheck.sol
@@ -0,0 +1,22 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/OffchainLabs/nitro-contracts/blob/main/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.0;
+
+import "../precompiles/ArbSys.sol";
+
+contract PendingBlkTimeAndNrAdvanceCheck {
+    uint256 immutable deployedAt;
+    uint256 immutable deployedAtBlock;
+
+    constructor() {
+        deployedAt = block.timestamp;
+        deployedAtBlock = ArbSys(address(100)).arbBlockNumber();
+    }
+
+    function isAdvancing() external {
+        require(block.timestamp > deployedAt, "Time didn't advance");
+        require(ArbSys(address(100)).arbBlockNumber() > deployedAtBlock, "Block didn't advance");
+    }
+}