feat(ctb): use external version of ESC (#2890)

Replaces ExcessivelySafeCall with the official external version now that
our PR has been merged.
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

.changeset/forty-pots-live.md

+---
+'@eth-optimism/contracts-bedrock': patch
+---
+
+Use external version of ExcessivelySafeCall

package.json

@@ -26,7 +26,8 @@
       "**/@typechain/*",
       "@eth-optimism/contracts-bedrock/ds-test",
       "@eth-optimism/contracts-bedrock/forge-std",
-      "@eth-optimism/contracts-bedrock/@rari-capital/solmate"
+      "@eth-optimism/contracts-bedrock/@rari-capital/solmate",
+      "@eth-optimism/contracts-bedrock/excessively-safe-call"
     ]
   },
   "private": true,

packages/contracts-bedrock/contracts/L1/OptimismPortal.sol

 //SPDX-License-Identifier: MIT
 pragma solidity 0.8.10;
 
+import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol";
+import { ExcessivelySafeCall } from "excessively-safe-call/src/ExcessivelySafeCall.sol";
 import { L2OutputOracle } from "./L2OutputOracle.sol";
 import { WithdrawalVerifier } from "../libraries/Lib_WithdrawalVerifier.sol";
 import { AddressAliasHelper } from "../libraries/AddressAliasHelper.sol";
-import { ExcessivelySafeCall } from "../libraries/ExcessivelySafeCall.sol";
 import { ResourceMetering } from "./ResourceMetering.sol";
-import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol";
 
 /**
  * @custom:proxied

packages/contracts-bedrock/contracts/libraries/ExcessivelySafeCall.sol

-// SPDX-License-Identifier: MIT OR Apache-2.0
-pragma solidity ^0.8.9;
-
-// FROM: https://github.com/nomad-xyz/ExcessivelySafeCall/blob/main/src/ExcessivelySafeCall.sol
-// TODO: Just use the original once we get our PR merged.
-library ExcessivelySafeCall {
-    /// @notice Use when you _really_ really _really_ don't trust the called
-    /// contract. This prevents the called contract from causing reversion of
-    /// the caller in as many ways as we can.
-    /// @dev The main difference between this and a solidity low-level call is
-    /// that we limit the number of bytes that the callee can cause to be
-    /// copied to caller memory. This prevents stupid things like malicious
-    /// contracts returning 10,000,000 bytes causing a local OOG when copying
-    /// to memory.
-    /// @param _target The address to call
-    /// @param _gas The amount of gas to forward to the remote contract
-    /// @param _value Ether value to send with the call
-    /// @param _maxCopy The maximum number of bytes of returndata to copy
-    /// to memory.
-    /// @param _calldata The data to send to the remote contract
-    /// @return success and returndata, as `.call()`. Returndata is capped to
-    /// `_maxCopy` bytes.
-    function excessivelySafeCall(
-        address _target,
-        uint256 _gas,
-        uint256 _value,
-        uint16 _maxCopy,
-        bytes memory _calldata
-    ) internal returns (bool, bytes memory) {
-        // set up for assembly call
-        uint256 _toCopy;
-        bool _success;
-        bytes memory _returnData = new bytes(_maxCopy);
-        // dispatch message to recipient
-        // by assembly calling "handle" function
-        // we call via assembly to avoid memcopying a very large returndata
-        // returned by a malicious contract
-        assembly {
-            _success := call(
-                _gas, // gas
-                _target, // recipient
-                _value, // ether value
-                add(_calldata, 0x20), // inloc
-                mload(_calldata), // inlen
-                0, // outloc
-                0 // outlen
-            )
-            // limit our copy to 256 bytes
-            _toCopy := returndatasize()
-            if gt(_toCopy, _maxCopy) {
-                _toCopy := _maxCopy
-            }
-            // Store the length of the copied bytes
-            mstore(_returnData, _toCopy)
-            // copy the bytes from returndata[0:_toCopy]
-            returndatacopy(add(_returnData, 0x20), 0, _toCopy)
-        }
-        return (_success, _returnData);
-    }
-}

packages/contracts-bedrock/contracts/universal/CrossDomainMessenger.sol

@@ -17,7 +17,7 @@ import {
 import {
     ReentrancyGuardUpgradeable
 } from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
-import { ExcessivelySafeCall } from "../libraries/ExcessivelySafeCall.sol";
+import { ExcessivelySafeCall } from "excessively-safe-call/src/ExcessivelySafeCall.sol";
 
 // solhint-enable max-line-length
 

packages/contracts-bedrock/foundry.toml

@@ -7,7 +7,7 @@ optimizer_runs = 999999
 remappings = [
   '@openzeppelin/contracts-upgradeable/=node_modules/@openzeppelin/contracts-upgradeable/',
   '@openzeppelin/contracts/=node_modules/@openzeppelin/contracts/',
-  'excessively-safe-call/=node_modules/excessively-safe-call/src/',
+  'excessively-safe-call/=node_modules/excessively-safe-call/',
   '@rari-capital/solmate/=node_modules/@rari-capital/solmate',
   'forge-std/=node_modules/forge-std/src',
   'ds-test/=node_modules/ds-test/src'

packages/contracts-bedrock/package.json

@@ -39,6 +39,7 @@
     "@rari-capital/solmate": "https://github.com/rari-capital/solmate.git#8f9b23f8838670afda0fd8983f2c41e8037ae6bc",
     "ds-test": "https://github.com/dapphub/ds-test.git#9310e879db8ba3ea6d5c6489a579118fd264a3f5",
     "ethers": "^5.6.8",
+    "excessively-safe-call": "https://github.com/nomad-xyz/ExcessivelySafeCall.git#4fcdfd3593d21381f696c790fa6180b8ef559c1e",
     "forge-std": "https://github.com/foundry-rs/forge-std.git#564510058ab3db01577b772c275e081e678373f2",
     "hardhat": "^2.9.6",
     "merkle-patricia-tree": "^4.2.4",

yarn.lock

@@ -8445,6 +8445,10 @@ evp_bytestokey@^1.0.0, evp_bytestokey@^1.0.3:
     md5.js "^1.3.4"
     safe-buffer "^5.1.1"
 
+"excessively-safe-call@https://github.com/nomad-xyz/ExcessivelySafeCall.git#4fcdfd3593d21381f696c790fa6180b8ef559c1e":
+  version "0.0.1-rc.1"
+  resolved "https://github.com/nomad-xyz/ExcessivelySafeCall.git#4fcdfd3593d21381f696c790fa6180b8ef559c1e"
+
 execa@^0.7.0:
   version "0.7.0"
   resolved "https://registry.yarnpkg.com/execa/-/execa-0.7.0.tgz#944becd34cc41ee32a63a9faf27ad5a65fc59777"