explicitly ignore slither results in code

packages/contracts/contracts/L1/deployment/AddressDictator.sol

@@ -44,6 +44,7 @@ contract AddressDictator {
         address[] memory _addresses
     ) {
         manager = _manager;
+        // slither-disable-next-line missing-zero-check
         finalOwner = _finalOwner;
         require(
             _names.length == _addresses.length,
@@ -62,6 +63,7 @@ contract AddressDictator {
      * Called to finalize the transfer, this function is callable by anyone, but will only result in
      * an upgrade if this contract is the owner Address Manager.
      */
+    // slither-disable-next-line calls-loop
     function setAddresses() external {
         for (uint256 i = 0; i < namedAddresses.length; i++) {
             manager.setAddress(namedAddresses[i].name, namedAddresses[i].addr);

packages/contracts/contracts/L1/deployment/ChugSplashDictator.sol

@@ -14,6 +14,7 @@ contract ChugSplashDictator is iL1ChugSplashDeployer {
      * Variables *
      *************/
 
+    // slither-disable-next-line constable-states
     bool public isUpgrading = true;
     L1ChugSplashProxy public target;
     address public finalOwner;
@@ -37,6 +38,7 @@ contract ChugSplashDictator is iL1ChugSplashDeployer {
         bytes32 _bridgeSlotVal
     ) {
         target = _target;
+        // slither-disable-next-line missing-zero-check
         finalOwner = _finalOwner;
         codeHash = _codeHash;
         messengerSlotKey = _messengerSlotKey;

packages/contracts/contracts/L1/messaging/L1CrossDomainMessenger.sol

@@ -77,6 +77,7 @@ contract L1CrossDomainMessenger is
     /**
      * @param _libAddressManager Address of the Address Manager.
      */
+    // slither-disable-next-line external-function
     function initialize(address _libAddressManager) public initializer {
         require(
             address(libAddressManager) == address(0),
@@ -117,6 +118,7 @@ contract L1CrossDomainMessenger is
         emit MessageAllowed(_xDomainCalldataHash);
     }
 
+    // slither-disable-next-line external-function
     function xDomainMessageSender() public view returns (address) {
         require(
             xDomainMsgSender != Lib_DefaultValues.DEFAULT_XDOMAIN_SENDER,
@@ -131,6 +133,7 @@ contract L1CrossDomainMessenger is
      * @param _message Message to send to the target.
      * @param _gasLimit Gas limit for the provided message.
      */
+    // slither-disable-next-line external-function
     function sendMessage(
         address _target,
         bytes memory _message,
@@ -147,8 +150,10 @@ contract L1CrossDomainMessenger is
             nonce
         );
 
+        // slither-disable-next-line reentrancy-events
         _sendXDomainMessage(ovmCanonicalTransactionChain, xDomainCalldata, _gasLimit);
 
+        // slither-disable-next-line reentrancy-events
         emit SentMessage(_target, msg.sender, _message, nonce, _gasLimit);
     }
 
@@ -156,6 +161,7 @@ contract L1CrossDomainMessenger is
      * Relays a cross domain message to a contract.
      * @inheritdoc IL1CrossDomainMessenger
      */
+    // slither-disable-next-line external-function
     function relayMessage(
         address _target,
         address _sender,
@@ -170,6 +176,7 @@ contract L1CrossDomainMessenger is
             _messageNonce
         );
 
+        // slither-disable-next-line boolean-equal
         require(
             _verifyXDomainMessage(xDomainCalldata, _proof) == true,
             "Provided message could not be verified."
@@ -177,11 +184,13 @@ contract L1CrossDomainMessenger is
 
         bytes32 xDomainCalldataHash = keccak256(xDomainCalldata);
 
+        // slither-disable-next-line boolean-equal
         require(
             successfulMessages[xDomainCalldataHash] == false,
             "Provided message has already been received."
         );
 
+        // slither-disable-next-line boolean-equal
         require(
             blockedMessages[xDomainCalldataHash] == false,
             "Provided message has been blocked."
@@ -192,22 +201,32 @@ contract L1CrossDomainMessenger is
             "Cannot send L2->L1 messages to L1 system contracts."
         );
 
+        // slither-disable-next-line missing-zero-check
         xDomainMsgSender = _sender;
+        // slither-disable-next-line reentrancy-no-eth
+        // slither-disable-next-line reentrancy-events
+        // slither-disable-next-line reentrancy-benign
         (bool success, ) = _target.call(_message);
+        // slither-disable-next-line reentrancy-benign
         xDomainMsgSender = Lib_DefaultValues.DEFAULT_XDOMAIN_SENDER;
 
         // Mark the message as received if the call was successful. Ensures that a message can be
         // relayed multiple times in the case that the call reverted.
+        // slither-disable-next-line boolean-equal
         if (success == true) {
+            // slither-disable-next-line reentrancy-no-eth
             successfulMessages[xDomainCalldataHash] = true;
+            // slither-disable-next-line reentrancy-events
             emit RelayedMessage(xDomainCalldataHash);
         } else {
+            // slither-disable-next-line reentrancy-events
             emit FailedRelayedMessage(xDomainCalldataHash);
         }
 
         // Store an identifier that can be used to prove that the given message was relayed by some
         // user. Gives us an easy way to pay relayers for their work.
         bytes32 relayId = keccak256(abi.encodePacked(xDomainCalldata, msg.sender, block.number));
+        // slither-disable-next-line reentrancy-benign
         relayedMessages[relayId] = true;
     }
 
@@ -215,6 +234,7 @@ contract L1CrossDomainMessenger is
      * Replays a cross domain message to the target messenger.
      * @inheritdoc IL1CrossDomainMessenger
      */
+    // slither-disable-next-line external-function
     function replayMessage(
         address _target,
         address _sender,
@@ -279,6 +299,7 @@ contract L1CrossDomainMessenger is
      * @param _proof Message inclusion proof.
      * @return Whether or not the provided proof is valid.
      */
+    // slither-disable-next-line boolean-equal
     function _verifyStateRootProof(L2MessageInclusionProof memory _proof)
         internal
         view
@@ -325,6 +346,7 @@ contract L1CrossDomainMessenger is
             _proof.stateRoot
         );
 
+        // slither-disable-next-line boolean-equal
         require(
             exists == true,
             "Message passing predeploy has not been initialized or invalid proof provided."
@@ -354,6 +376,7 @@ contract L1CrossDomainMessenger is
         bytes memory _message,
         uint256 _gasLimit
     ) internal {
+        // slither-disable-next-line reentrancy-events
         ICanonicalTransactionChain(_canonicalTransactionChain).enqueue(
             Lib_PredeployAddresses.L2_CROSS_DOMAIN_MESSENGER,
             _gasLimit,

packages/contracts/contracts/L1/messaging/L1StandardBridge.sol

@@ -47,9 +47,12 @@ contract L1StandardBridge is IL1StandardBridge, CrossDomainEnabled {
      * @param _l1messenger L1 Messenger address being used for cross-chain communications.
      * @param _l2TokenBridge L2 standard bridge address.
      */
+    // slither-disable-next-line external-function
     function initialize(address _l1messenger, address _l2TokenBridge) public {
         require(messenger == address(0), "Contract has already been initialized.");
+        // slither-disable-next-line missing-zero-check
         messenger = _l1messenger;
+        // slither-disable-next-line missing-zero-check
         l2TokenBridge = _l2TokenBridge;
     }
 
@@ -122,8 +125,10 @@ contract L1StandardBridge is IL1StandardBridge, CrossDomainEnabled {
         );
 
         // Send calldata into L2
+        // slither-disable-next-line reentrancy-events
         sendCrossDomainMessage(l2TokenBridge, _l2Gas, message);
 
+        // slither-disable-next-line reentrancy-events
         emit ETHDepositInitiated(_from, _to, msg.value, _data);
     }
 
@@ -180,6 +185,8 @@ contract L1StandardBridge is IL1StandardBridge, CrossDomainEnabled {
         // When a deposit is initiated on L1, the L1 Bridge transfers the funds to itself for future
         // withdrawals. safeTransferFrom also checks if the contract has code, so this will fail if
         // _from is an EOA or address(0).
+        // slither-disable-next-line reentrancy-events
+        // slither-disable-next-line reentrancy-benign
         IERC20(_l1Token).safeTransferFrom(_from, address(this), _amount);
 
         // Construct calldata for _l2Token.finalizeDeposit(_to, _amount)
@@ -194,10 +201,14 @@ contract L1StandardBridge is IL1StandardBridge, CrossDomainEnabled {
         );
 
         // Send calldata into L2
+        // slither-disable-next-line reentrancy-events
+        // slither-disable-next-line reentrancy-benign
         sendCrossDomainMessage(l2TokenBridge, _l2Gas, message);
 
+        // slither-disable-next-line reentrancy-benign
         deposits[_l1Token][_l2Token] = deposits[_l1Token][_l2Token] + _amount;
 
+        // slither-disable-next-line reentrancy-events
         emit ERC20DepositInitiated(_l1Token, _l2Token, _from, _to, _amount, _data);
     }
 
@@ -214,9 +225,12 @@ contract L1StandardBridge is IL1StandardBridge, CrossDomainEnabled {
         uint256 _amount,
         bytes calldata _data
     ) external onlyFromCrossDomainAccount(l2TokenBridge) {
+        // slither-disable-next-line reentrancy-events
+        // slither-disable-next-line missing-zero-check
         (bool success, ) = _to.call{ value: _amount }(new bytes(0));
         require(success, "TransferHelper::safeTransferETH: ETH transfer failed");
 
+        // slither-disable-next-line reentrancy-events
         emit ETHWithdrawalFinalized(_from, _to, _amount, _data);
     }
 
@@ -234,8 +248,10 @@ contract L1StandardBridge is IL1StandardBridge, CrossDomainEnabled {
         deposits[_l1Token][_l2Token] = deposits[_l1Token][_l2Token] - _amount;
 
         // When a withdrawal is finalized on L1, the L1 Bridge transfers the funds to the withdrawer
+        // slither-disable-next-line reentrancy-events
         IERC20(_l1Token).safeTransfer(_to, _amount);
 
+        // slither-disable-next-line reentrancy-events
         emit ERC20WithdrawalFinalized(_l1Token, _l2Token, _from, _to, _amount, _data);
     }
 

packages/contracts/contracts/L1/rollup/CanonicalTransactionChain.sol

@@ -39,9 +39,12 @@ contract CanonicalTransactionChain is ICanonicalTransactionChain, Lib_AddressRes
 
     // Encoding-related (all in bytes)
     uint256 internal constant BATCH_CONTEXT_SIZE = 16;
+    // slither-disable-next-line unused-state
     uint256 internal constant BATCH_CONTEXT_LENGTH_POS = 12;
     uint256 internal constant BATCH_CONTEXT_START_POS = 15;
+    // slither-disable-next-line unused-state
     uint256 internal constant TX_DATA_HEADER_SIZE = 3;
+    // slither-disable-next-line unused-state
     uint256 internal constant BYTES_TILL_TX_DATA = 65;
 
     /*************
@@ -131,6 +134,7 @@ contract CanonicalTransactionChain is ICanonicalTransactionChain, Lib_AddressRes
      * Retrieves the total number of batches submitted.
      * @return _totalBatches Total submitted batches.
      */
+    // slither-disable-next-line external-function
     function getTotalBatches() public view returns (uint256 _totalBatches) {
         return batches().length();
     }
@@ -139,6 +143,7 @@ contract CanonicalTransactionChain is ICanonicalTransactionChain, Lib_AddressRes
      * Returns the index of the next element to be enqueued.
      * @return Index for the next queue element.
      */
+    // slither-disable-next-line external-function
     function getNextQueueIndex() public view returns (uint40) {
         return _nextQueueIndex;
     }
@@ -147,6 +152,7 @@ contract CanonicalTransactionChain is ICanonicalTransactionChain, Lib_AddressRes
      * Returns the timestamp of the last transaction.
      * @return Timestamp for the last transaction.
      */
+    // slither-disable-next-line external-function
     function getLastTimestamp() public view returns (uint40) {
         (, , uint40 lastTimestamp, ) = _getBatchExtraData();
         return lastTimestamp;
@@ -156,6 +162,7 @@ contract CanonicalTransactionChain is ICanonicalTransactionChain, Lib_AddressRes
      * Returns the blocknumber of the last transaction.
      * @return Blocknumber for the last transaction.
      */
+    // slither-disable-next-line external-function
     function getLastBlockNumber() public view returns (uint40) {
         (, , , uint40 lastBlockNumber) = _getBatchExtraData();
         return lastBlockNumber;
@@ -166,6 +173,7 @@ contract CanonicalTransactionChain is ICanonicalTransactionChain, Lib_AddressRes
      * @param _index Index of the queue element to access.
      * @return _element Queue element at the given index.
      */
+    // slither-disable-next-line external-function
     function getQueueElement(uint256 _index)
         public
         view
@@ -178,6 +186,7 @@ contract CanonicalTransactionChain is ICanonicalTransactionChain, Lib_AddressRes
      * Get the number of queue elements which have not yet been included.
      * @return Number of pending queue elements.
      */
+    // slither-disable-next-line external-function
     function getNumPendingQueueElements() public view returns (uint40) {
         return uint40(queueElements.length) - _nextQueueIndex;
     }
@@ -187,6 +196,7 @@ contract CanonicalTransactionChain is ICanonicalTransactionChain, Lib_AddressRes
      * both pending and canonical transactions.
      * @return Length of the queue.
      */
+    // slither-disable-next-line external-function
     function getQueueLength() public view returns (uint40) {
         return uint40(queueElements.length);
     }
@@ -348,6 +358,8 @@ contract CanonicalTransactionChain is ICanonicalTransactionChain, Lib_AddressRes
         }
 
         // Cache the previous blockhash to ensure all transaction data can be retrieved efficiently.
+        // slither-disable-next-line reentrancy-no-eth
+        // slither-disable-next-line reentrancy-events
         _appendBatch(
             blockhash(block.number - 1),
             totalElementsToAppend,
@@ -356,6 +368,7 @@ contract CanonicalTransactionChain is ICanonicalTransactionChain, Lib_AddressRes
             blockNumber
         );
 
+        // slither-disable-next-line reentrancy-events
         emit SequencerBatchAppended(
             nextQueueIndex - numQueuedTransactions,
             numQueuedTransactions,
@@ -363,6 +376,7 @@ contract CanonicalTransactionChain is ICanonicalTransactionChain, Lib_AddressRes
         );
 
         // Update the _nextQueueIndex storage variable.
+        // slither-disable-next-line reentrancy-no-eth
         _nextQueueIndex = nextQueueIndex;
     }
 
@@ -377,6 +391,7 @@ contract CanonicalTransactionChain is ICanonicalTransactionChain, Lib_AddressRes
      */
     function _getBatchContext(uint256 _index) internal pure returns (BatchContext memory) {
         uint256 contextPtr = 15 + _index * BATCH_CONTEXT_SIZE;
+        // slither-disable-next-line similar-names
         uint256 numSequencedTransactions;
         uint256 numSubsequentQueueTransactions;
         uint256 ctxTimestamp;
@@ -513,6 +528,8 @@ contract CanonicalTransactionChain is ICanonicalTransactionChain, Lib_AddressRes
             _blockNumber
         );
 
+        // slither-disable-next-line reentrancy-no-eth
+        // slither-disable-next-line reentrancy-events
         batchesRef.push(batchHeaderHash, latestBatchContext);
     }
 }

packages/contracts/contracts/L1/rollup/ChainStorageContainer.sol

@@ -67,6 +67,7 @@ contract ChainStorageContainer is IChainStorageContainer, Lib_AddressResolver {
     /**
      * @inheritdoc IChainStorageContainer
      */
+    // slither-disable-next-line external-function
     function setGlobalMetadata(bytes27 _globalMetadata) public onlyOwner {
         return buffer.setExtraData(_globalMetadata);
     }
@@ -74,6 +75,7 @@ contract ChainStorageContainer is IChainStorageContainer, Lib_AddressResolver {
     /**
      * @inheritdoc IChainStorageContainer
      */
+    // slither-disable-next-line external-function
     function getGlobalMetadata() public view returns (bytes27) {
         return buffer.getExtraData();
     }
@@ -81,6 +83,7 @@ contract ChainStorageContainer is IChainStorageContainer, Lib_AddressResolver {
     /**
      * @inheritdoc IChainStorageContainer
      */
+    // slither-disable-next-line external-function
     function length() public view returns (uint256) {
         return uint256(buffer.getLength());
     }
@@ -88,6 +91,7 @@ contract ChainStorageContainer is IChainStorageContainer, Lib_AddressResolver {
     /**
      * @inheritdoc IChainStorageContainer
      */
+    // slither-disable-next-line external-function
     function push(bytes32 _object) public onlyOwner {
         buffer.push(_object);
     }
@@ -95,6 +99,7 @@ contract ChainStorageContainer is IChainStorageContainer, Lib_AddressResolver {
     /**
      * @inheritdoc IChainStorageContainer
      */
+    // slither-disable-next-line external-function
     function push(bytes32 _object, bytes27 _globalMetadata) public onlyOwner {
         buffer.push(_object, _globalMetadata);
     }
@@ -102,6 +107,7 @@ contract ChainStorageContainer is IChainStorageContainer, Lib_AddressResolver {
     /**
      * @inheritdoc IChainStorageContainer
      */
+    // slither-disable-next-line external-function
     function get(uint256 _index) public view returns (bytes32) {
         return buffer.get(uint40(_index));
     }
@@ -109,6 +115,7 @@ contract ChainStorageContainer is IChainStorageContainer, Lib_AddressResolver {
     /**
      * @inheritdoc IChainStorageContainer
      */
+    // slither-disable-next-line external-function
     function deleteElementsAfterInclusive(uint256 _index) public onlyOwner {
         buffer.deleteElementsAfterInclusive(uint40(_index));
     }
@@ -116,6 +123,7 @@ contract ChainStorageContainer is IChainStorageContainer, Lib_AddressResolver {
     /**
      * @inheritdoc IChainStorageContainer
      */
+    // slither-disable-next-line external-function
     function deleteElementsAfterInclusive(uint256 _index, bytes27 _globalMetadata)
         public
         onlyOwner

packages/contracts/contracts/L1/rollup/StateCommitmentChain.sol

@@ -74,6 +74,7 @@ contract StateCommitmentChain is IStateCommitmentChain, Lib_AddressResolver {
     /**
      * @inheritdoc IStateCommitmentChain
      */
+    // slither-disable-next-line external-function
     function getLastSequencerTimestamp() public view returns (uint256 _lastSequencerTimestamp) {
         (, uint40 lastSequencerTimestamp) = _getBatchExtraData();
         return uint256(lastSequencerTimestamp);
@@ -82,6 +83,7 @@ contract StateCommitmentChain is IStateCommitmentChain, Lib_AddressResolver {
     /**
      * @inheritdoc IStateCommitmentChain
      */
+    // slither-disable-next-line external-function
     function appendStateBatch(bytes32[] memory _batch, uint256 _shouldStartAtElement) public {
         // Fail fast in to make sure our batch roots aren't accidentally made fraudulent by the
         // publication of batches by some other user.
@@ -112,6 +114,7 @@ contract StateCommitmentChain is IStateCommitmentChain, Lib_AddressResolver {
     /**
      * @inheritdoc IStateCommitmentChain
      */
+    // slither-disable-next-line external-function
     function deleteStateBatch(Lib_OVMCodec.ChainBatchHeader memory _batchHeader) public {
         require(
             msg.sender == resolve("OVM_FraudVerifier"),
@@ -131,6 +134,7 @@ contract StateCommitmentChain is IStateCommitmentChain, Lib_AddressResolver {
     /**
      * @inheritdoc IStateCommitmentChain
      */
+    // slither-disable-next-line external-function
     function verifyStateCommitment(
         bytes32 _element,
         Lib_OVMCodec.ChainBatchHeader memory _batchHeader,
@@ -277,11 +281,13 @@ contract StateCommitmentChain is IStateCommitmentChain, Lib_AddressResolver {
 
         require(_isValidBatchHeader(_batchHeader), "Invalid batch header.");
 
+        // slither-disable-next-line reentrancy-events
         batches().deleteElementsAfterInclusive(
             _batchHeader.batchIndex,
             _makeBatchExtraData(uint40(_batchHeader.prevTotalElements), 0)
         );
 
+        // slither-disable-next-line reentrancy-events
         emit StateBatchDeleted(_batchHeader.batchIndex, _batchHeader.batchRoot);
     }
 

packages/contracts/contracts/L1/verification/BondManager.sol

@@ -25,6 +25,7 @@ contract BondManager is IBondManager, Lib_AddressResolver {
      * @param _who Address to check.
      * @return true if the address is properly collateralized, false otherwise.
      */
+    // slither-disable-next-line external-function
     function isCollateralized(address _who) public view returns (bool) {
         // Only authenticate sequencer to submit state root batches.
         return _who == resolve("OVM_Proposer");

packages/contracts/contracts/L2/messaging/L2CrossDomainMessenger.sol

@@ -34,6 +34,7 @@ contract L2CrossDomainMessenger is IL2CrossDomainMessenger {
      ***************/
 
     constructor(address _l1CrossDomainMessenger) {
+        // slither-disable-next-line missing-zero-check
         l1CrossDomainMessenger = _l1CrossDomainMessenger;
     }
 
@@ -41,6 +42,7 @@ contract L2CrossDomainMessenger is IL2CrossDomainMessenger {
      * Public Functions *
      ********************/
 
+    // slither-disable-next-line external-function
     function xDomainMessageSender() public view returns (address) {
         require(
             xDomainMsgSender != Lib_DefaultValues.DEFAULT_XDOMAIN_SENDER,
@@ -55,6 +57,7 @@ contract L2CrossDomainMessenger is IL2CrossDomainMessenger {
      * @param _message Message to send to the target.
      * @param _gasLimit Gas limit for the provided message.
      */
+    // slither-disable-next-line external-function
     function sendMessage(
         address _target,
         bytes memory _message,
@@ -70,12 +73,16 @@ contract L2CrossDomainMessenger is IL2CrossDomainMessenger {
         sentMessages[keccak256(xDomainCalldata)] = true;
 
         // Actually send the message.
+        // slither-disable-next-line reentrancy-no-eth
+        // slither-disable-next-line reentrancy-events
         iOVM_L2ToL1MessagePasser(Lib_PredeployAddresses.L2_TO_L1_MESSAGE_PASSER).passMessageToL1(
             xDomainCalldata
         );
 
         // Emit an event before we bump the nonce or the nonce will be off by one.
+        // slither-disable-next-line reentrancy-events
         emit SentMessage(_target, msg.sender, _message, messageNonce, _gasLimit);
+        // slither-disable-next-line reentrancy-no-eth
         messageNonce += 1;
     }
 
@@ -83,6 +90,7 @@ contract L2CrossDomainMessenger is IL2CrossDomainMessenger {
      * Relays a cross domain message to a contract.
      * @inheritdoc IL2CrossDomainMessenger
      */
+    // slither-disable-next-line external-function
     function relayMessage(
         address _target,
         address _sender,
@@ -103,6 +111,7 @@ contract L2CrossDomainMessenger is IL2CrossDomainMessenger {
 
         bytes32 xDomainCalldataHash = keccak256(xDomainCalldata);
 
+        // slither-disable-next-line boolean-equal
         require(
             successfulMessages[xDomainCalldataHash] == false,
             "Provided message has already been received."
@@ -117,16 +126,25 @@ contract L2CrossDomainMessenger is IL2CrossDomainMessenger {
             return;
         }
 
+        // slither-disable-next-line missing-zero-check
         xDomainMsgSender = _sender;
+        // slither-disable-next-line reentrancy-no-eth
+        // slither-disable-next-line reentrancy-events
+        // slither-disable-next-line reentrancy-benign
         (bool success, ) = _target.call(_message);
+        // slither-disable-next-line reentrancy-benign
         xDomainMsgSender = Lib_DefaultValues.DEFAULT_XDOMAIN_SENDER;
 
         // Mark the message as received if the call was successful. Ensures that a message can be
         // relayed multiple times in the case that the call reverted.
+        // slither-disable-next-line boolean-equal
         if (success == true) {
+            // slither-disable-next-line reentrancy-no-eth
             successfulMessages[xDomainCalldataHash] = true;
+            // slither-disable-next-line reentrancy-events
             emit RelayedMessage(xDomainCalldataHash);
         } else {
+            // slither-disable-next-line reentrancy-events
             emit FailedRelayedMessage(xDomainCalldataHash);
         }
 
@@ -134,6 +152,7 @@ contract L2CrossDomainMessenger is IL2CrossDomainMessenger {
         // user. Gives us an easy way to pay relayers for their work.
         bytes32 relayId = keccak256(abi.encodePacked(xDomainCalldata, msg.sender, block.number));
 
+        // slither-disable-next-line reentrancy-benign
         relayedMessages[relayId] = true;
     }
 }

packages/contracts/contracts/L2/messaging/L2StandardBridge.sol

@@ -41,6 +41,7 @@ contract L2StandardBridge is IL2ERC20Bridge, CrossDomainEnabled {
     constructor(address _l2CrossDomainMessenger, address _l1TokenBridge)
         CrossDomainEnabled(_l2CrossDomainMessenger)
     {
+        // slither-disable-next-line missing-zero-check
         l1TokenBridge = _l1TokenBridge;
     }
 
@@ -95,9 +96,11 @@ contract L2StandardBridge is IL2ERC20Bridge, CrossDomainEnabled {
     ) internal {
         // When a withdrawal is initiated, we burn the withdrawer's funds to prevent subsequent L2
         // usage
+        // slither-disable-next-line reentrancy-events
         IL2StandardERC20(_l2Token).burn(msg.sender, _amount);
 
         // Construct calldata for l1TokenBridge.finalizeERC20Withdrawal(_to, _amount)
+        // slither-disable-next-line reentrancy-events
         address l1Token = IL2StandardERC20(_l2Token).l1Token();
         bytes memory message;
 
@@ -122,8 +125,10 @@ contract L2StandardBridge is IL2ERC20Bridge, CrossDomainEnabled {
         }
 
         // Send message up to L1 bridge
+        // slither-disable-next-line reentrancy-events
         sendCrossDomainMessage(l1TokenBridge, _l1Gas, message);
 
+        // slither-disable-next-line reentrancy-events
         emit WithdrawalInitiated(l1Token, _l2Token, msg.sender, _to, _amount, _data);
     }
 
@@ -145,12 +150,15 @@ contract L2StandardBridge is IL2ERC20Bridge, CrossDomainEnabled {
         // Check the target token is compliant and
         // verify the deposited token on L1 matches the L2 deposited token representation here
         if (
+            // slither-disable-next-line reentrancy-events
             ERC165Checker.supportsInterface(_l2Token, 0x1d1d8b63) &&
             _l1Token == IL2StandardERC20(_l2Token).l1Token()
         ) {
             // When a deposit is finalized, we credit the account on L2 with the same amount of
             // tokens.
+            // slither-disable-next-line reentrancy-events
             IL2StandardERC20(_l2Token).mint(_to, _amount);
+            // slither-disable-next-line reentrancy-events
             emit DepositFinalized(_l1Token, _l2Token, _from, _to, _amount, _data);
         } else {
             // Either the L2 token which is being deposited-into disagrees about the correct address
@@ -172,7 +180,9 @@ contract L2StandardBridge is IL2ERC20Bridge, CrossDomainEnabled {
             );
 
             // Send message up to L1 bridge
+            // slither-disable-next-line reentrancy-events
             sendCrossDomainMessage(l1TokenBridge, 0, message);
+            // slither-disable-next-line reentrancy-events
             emit DepositFailed(_l1Token, _l2Token, _from, _to, _amount, _data);
         }
     }

packages/contracts/contracts/L2/predeploys/OVM_DeployerWhitelist.sol

@@ -55,6 +55,7 @@ contract OVM_DeployerWhitelist {
      * Updates the owner of this contract.
      * @param _owner Address of the new owner.
      */
+    // slither-disable-next-line external-function
     function setOwner(address _owner) public onlyOwner {
         // Prevent users from setting the whitelist owner to address(0) except via
         // enableArbitraryContractDeployment. If you want to burn the whitelist owner, send it to

packages/contracts/contracts/L2/predeploys/OVM_GasPriceOracle.sol

@@ -60,6 +60,7 @@ contract OVM_GasPriceOracle is Ownable {
      * Allows the owner to modify the l2 gas price.
      * @param _gasPrice New l2 gas price.
      */
+    // slither-disable-next-line external-function
     function setGasPrice(uint256 _gasPrice) public onlyOwner {
         gasPrice = _gasPrice;
         emit GasPriceUpdated(_gasPrice);
@@ -69,6 +70,7 @@ contract OVM_GasPriceOracle is Ownable {
      * Allows the owner to modify the l1 base fee.
      * @param _baseFee New l1 base fee
      */
+    // slither-disable-next-line external-function
     function setL1BaseFee(uint256 _baseFee) public onlyOwner {
         l1BaseFee = _baseFee;
         emit L1BaseFeeUpdated(_baseFee);
@@ -78,6 +80,7 @@ contract OVM_GasPriceOracle is Ownable {
      * Allows the owner to modify the overhead.
      * @param _overhead New overhead
      */
+    // slither-disable-next-line external-function
     function setOverhead(uint256 _overhead) public onlyOwner {
         overhead = _overhead;
         emit OverheadUpdated(_overhead);
@@ -87,6 +90,7 @@ contract OVM_GasPriceOracle is Ownable {
      * Allows the owner to modify the scalar.
      * @param _scalar New scalar
      */
+    // slither-disable-next-line external-function
     function setScalar(uint256 _scalar) public onlyOwner {
         scalar = _scalar;
         emit ScalarUpdated(_scalar);
@@ -96,6 +100,7 @@ contract OVM_GasPriceOracle is Ownable {
      * Allows the owner to modify the decimals.
      * @param _decimals New decimals
      */
+    // slither-disable-next-line external-function
     function setDecimals(uint256 _decimals) public onlyOwner {
         decimals = _decimals;
         emit DecimalsUpdated(_decimals);
@@ -108,6 +113,7 @@ contract OVM_GasPriceOracle is Ownable {
      * @param _data Unsigned RLP encoded tx, 6 elements
      * @return L1 fee that should be paid for the tx
      */
+    // slither-disable-next-line external-function
     function getL1Fee(bytes memory _data) public view returns (uint256) {
         uint256 l1GasUsed = getL1GasUsed(_data);
         uint256 l1Fee = l1GasUsed * l1BaseFee;

packages/contracts/contracts/L2/predeploys/OVM_L2ToL1MessagePasser.sol

@@ -26,6 +26,7 @@ contract OVM_L2ToL1MessagePasser is iOVM_L2ToL1MessagePasser {
      * Passes a message to L1.
      * @param _message Message to pass to L1.
      */
+    // slither-disable-next-line external-function
     function passMessageToL1(bytes memory _message) public {
         // Note: although this function is public, only messages sent from the
         // L2CrossDomainMessenger will be relayed by the L1CrossDomainMessenger.

packages/contracts/contracts/L2/predeploys/OVM_SequencerFeeVault.sol

@@ -37,6 +37,7 @@ contract OVM_SequencerFeeVault {
      * the genesis block. This is ONLY for testing purposes.
      */
     constructor(address _l1FeeWallet) {
+        // slither-disable-next-line missing-zero-check
         l1FeeWallet = _l1FeeWallet;
     }
 
@@ -44,12 +45,14 @@ contract OVM_SequencerFeeVault {
      * Fallback *
      ************/
 
+    // slither-disable-next-line locked-ether
     receive() external payable {}
 
     /********************
      * Public Functions *
      ********************/
 
+    // slither-disable-next-line external-function
     function withdraw() public {
         require(
             address(this).balance >= MIN_WITHDRAWAL_AMOUNT,

packages/contracts/contracts/chugsplash/L1ChugSplashProxy.sol

@@ -88,6 +88,7 @@ contract L1ChugSplashProxy {
      * keep track of the current owner in order to make an eth_call that doesn't trigger the
      * proxied contract.
      */
+    // slither-disable-next-line incorrect-modifier
     modifier proxyCallIfNotOwner() {
         if (msg.sender == _getOwner() || msg.sender == address(0)) {
             _;
@@ -101,6 +102,7 @@ contract L1ChugSplashProxy {
      * Fallback Function *
      *********************/
 
+    // slither-disable-next-line locked-ether
     fallback() external payable {
         // Proxy call by default.
         _doProxyCall();
@@ -117,6 +119,7 @@ contract L1ChugSplashProxy {
      * us a lot more freedom on the client side. Can only be triggered by the contract owner.
      * @param _code New contract code to run inside this contract.
      */
+    // slither-disable-next-line external-function
     function setCode(bytes memory _code) public proxyCallIfNotOwner {
         // Get the code hash of the current implementation.
         address implementation = _getImplementation();
@@ -153,6 +156,7 @@ contract L1ChugSplashProxy {
      * @param _key Storage key to modify.
      * @param _value New value for the storage key.
      */
+    // slither-disable-next-line external-function
     function setStorage(bytes32 _key, bytes32 _value) public proxyCallIfNotOwner {
         assembly {
             sstore(_key, _value)
@@ -163,6 +167,7 @@ contract L1ChugSplashProxy {
      * Changes the owner of the proxy contract. Only callable by the owner.
      * @param _owner New owner of the proxy contract.
      */
+    // slither-disable-next-line external-function
     function setOwner(address _owner) public proxyCallIfNotOwner {
         _setOwner(_owner);
     }
@@ -172,6 +177,7 @@ contract L1ChugSplashProxy {
      * eth_call and setting the "from" address to address(0).
      * @return Owner address.
      */
+    // slither-disable-next-line external-function
     function getOwner() public proxyCallIfNotOwner returns (address) {
         return _getOwner();
     }
@@ -181,6 +187,7 @@ contract L1ChugSplashProxy {
      * eth_call and setting the "from" address to address(0).
      * @return Implementation address.
      */
+    // slither-disable-next-line external-function
     function getImplementation() public proxyCallIfNotOwner returns (address) {
         return _getImplementation();
     }

packages/contracts/contracts/libraries/bridge/CrossDomainEnabled.sol

@@ -26,6 +26,7 @@ contract CrossDomainEnabled {
      * @param _messenger Address of the CrossDomainMessenger on the current layer.
      */
     constructor(address _messenger) {
+        // slither-disable-next-line missing-zero-check
         messenger = _messenger;
     }
 
@@ -77,6 +78,8 @@ contract CrossDomainEnabled {
         uint32 _gasLimit,
         bytes memory _message
     ) internal {
+        // slither-disable-next-line reentrancy-events
+        // slither-disable-next-line reentrancy-benign
         getCrossDomainMessenger().sendMessage(_crossDomainTarget, _message, _gasLimit);
     }
 }

packages/contracts/contracts/libraries/resolver/Lib_ResolvedDelegateProxy.sol

@@ -47,8 +47,10 @@ contract Lib_ResolvedDelegateProxy {
 
         require(target != address(0), "Target address must be initialized.");
 
+        // slither-disable-next-line controlled-delegatecall
         (bool success, bytes memory returndata) = target.delegatecall(msg.data);
 
+        // slither-disable-next-line boolean-equal
         if (success == true) {
             assembly {
                 return(add(returndata, 0x20), mload(returndata))

packages/contracts/contracts/libraries/rlp/Lib_RLPReader.sol

@@ -285,6 +285,7 @@ library Lib_RLPReader {
         } else if (prefix <= 0xb7) {
             // Short string.
 
+            // slither-disable-next-line variable-scope
             uint256 strLen = prefix - 0x80;
 
             require(_in.length > strLen, "Invalid RLP short string.");
@@ -307,6 +308,7 @@ library Lib_RLPReader {
             return (1 + lenOfStrLen, strLen, RLPItemType.DATA_ITEM);
         } else if (prefix <= 0xf7) {
             // Short list.
+            // slither-disable-next-line variable-scope
             uint256 listLen = prefix - 0xc0;
 
             require(_in.length > listLen, "Invalid RLP short list.");

packages/contracts/contracts/libraries/trie/Lib_MerkleTrie.sol

@@ -285,6 +285,7 @@ library Lib_MerkleTrie {
      */
     function _getNewPath(
         TrieNode[] memory _path,
+        // slither-disable-next-line variable-scope
         uint256 _pathLength,
         bytes memory _key,
         bytes memory _keyRemainder,
@@ -458,8 +459,10 @@ library Lib_MerkleTrie {
         bytes memory key = Lib_BytesUtils.toNibbles(_key);
 
         // Some variables to keep track of during iteration.
+        // slither-disable-next-line uninitialized-local
         TrieNode memory currentNode;
         NodeType currentNodeType;
+        // slither-disable-next-line uninitialized-local
         bytes memory previousNodeHash;
 
         // Run through the path backwards to rebuild our root hash.

packages/contracts/contracts/standards/L2StandardERC20.sol

@@ -20,7 +20,9 @@ contract L2StandardERC20 is IL2StandardERC20, ERC20 {
         string memory _name,
         string memory _symbol
     ) ERC20(_name, _symbol) {
+        // slither-disable-next-line missing-zero-check
         l1Token = _l1Token;
+        // slither-disable-next-line missing-zero-check
         l2Bridge = _l2Bridge;
     }
 
@@ -29,6 +31,7 @@ contract L2StandardERC20 is IL2StandardERC20, ERC20 {
         _;
     }
 
+    // slither-disable-next-line external-function
     function supportsInterface(bytes4 _interfaceId) public pure returns (bool) {
         bytes4 firstSupportedInterface = bytes4(keccak256("supportsInterface(bytes4)")); // ERC165
         bytes4 secondSupportedInterface = IL2StandardERC20.l1Token.selector ^
@@ -37,12 +40,14 @@ contract L2StandardERC20 is IL2StandardERC20, ERC20 {
         return _interfaceId == firstSupportedInterface || _interfaceId == secondSupportedInterface;
     }
 
+    // slither-disable-next-line external-function
     function mint(address _to, uint256 _amount) public virtual onlyL2Bridge {
         _mint(_to, _amount);
 
         emit Mint(_to, _amount);
     }
 
+    // slither-disable-next-line external-function
     function burn(address _from, uint256 _amount) public virtual onlyL2Bridge {
         _burn(_from, _amount);