feat(ctb): slither static analysis and ci check

.circleci/config.yml

@@ -491,7 +491,7 @@ jobs:
       - run:
           name: slither
           command: |
-            slither --version && pnpm slither || echo "Slither failed"
+            pnpm slither:check || echo "Slither failed"
 
   contracts-bedrock-validate-spaces:
     docker:

ops/docker/ci-builder/Dockerfile

@@ -106,7 +106,6 @@ RUN /bin/sh -c set -eux; \
   rm -rf /root/.cache/pip; \
   rm -rf /root/.cache/npm;
 
-
 RUN npm i -g pnpm && npm i -g yarn@1 && pnpm --version && yarn --version
 
 RUN svm install 0.5.17 && \

packages/contracts-bedrock/foundry.toml

@@ -36,6 +36,7 @@ fs_permissions = [
   { access='read', path = './forge-artifacts/' },
   { access='write', path='./semver-lock.json' },
 ]
+libs = ["node_modules", "lib"]
 
 [fuzz]
 runs = 64

packages/contracts-bedrock/package.json

@@ -27,12 +27,13 @@
     "gas-snapshot": "pnpm build:go-ffi && pnpm gas-snapshot:no-build",
     "storage-snapshot": "./scripts/storage-snapshot.sh",
     "abi-snapshot": "npx tsx scripts/generate-snapshots.ts",
+    "slither": "./scripts/slither.sh",
+    "slither:check": "./scripts/slither.sh && git diff --exit-code",
+    "slither:triage": "TRIAGE_MODE=1 ./scripts/slither.sh",
     "semver-lock": "forge script scripts/SemverLock.s.sol",
     "validate-deploy-configs": "./scripts/check-deploy-configs.sh",
     "validate-spacers:no-build": "npx tsx scripts/validate-spacers.ts",
     "validate-spacers": "pnpm build && pnpm validate-spacers:no-build",
-    "slither": "./scripts/slither.sh",
-    "slither:triage": "TRIAGE_MODE=1 ./scripts/slither.sh",
     "clean": "rm -rf ./artifacts ./forge-artifacts ./cache ./tsconfig.tsbuildinfo ./tsconfig.build.tsbuildinfo ./scripts/go-ffi/go-ffi ./.testdata ./deployments/hardhat/*",
     "preinstall": "npx only-allow pnpm",
     "pre-pr:no-build": "pnpm gas-snapshot:no-build && pnpm storage-snapshot && pnpm semver-lock && pnpm autogen:invariant-docs && pnpm lint && pnpm bindings:go",

packages/contracts-bedrock/scripts/slither.sh

 #!/usr/bin/env bash
 
-rm -rf artifacts forge-artifacts
+set -e
 
+SLITHER_REPORT="slither-report.json"
+SLITHER_REPORT_BACKUP="slither-report.json.temp"
+
+# Get the absolute path of the parent directory of this script
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && cd .. && pwd )"
+echo "Running slither in $DIR"
+cd $DIR
+
+# Clean up any previous artifacts.
+# We do not check if pnpm is installed since it is used across the monorepo
+# and must be installed as a prerequisite.
+pnpm clean
+
+# Check if slither is installed
+# If not, provide instructions to install with `pip3 install slither-analyzer` and exit
+if ! command -v slither &> /dev/null
+then
+    echo "Slither could not be found. Please install slither by running:"
+    echo "pip3 install slither-analyzer"
+    exit
+fi
+
+
+# Check if jq is installed and exit otherwise
+if ! command -v jq &> /dev/null
+then
+    echo "jq could not be found. Please install jq."
+    echo "On Mac: brew install jq"
+    echo "On Ubuntu: sudo apt-get install jq"
+    echo "For other platforms: https://stedolan.github.io/jq/download/"
+    exit
+fi
+
+# Print the slither version
+echo "Slither version: $(slither --version)"
+
+# Copy the slither report if it exists to a temp file
+if [ -e "$SLITHER_REPORT" ]; then
+    mv $SLITHER_REPORT $SLITHER_REPORT_BACKUP
+    echo "Created backup of previous slither report at $SLITHER_REPORT_BACKUP"
+fi
+
+# Slither's triage mode will run an 'interview' in the terminal, allowing you to review each of
+# its findings, and specify which should be ignored in future runs of slither. This will update
+# (or create) the slither.db.json file. This DB is a cleaner alternative to adding slither-disable
+# comments throughout the codebase.
+# Triage mode should only be run manually, and can be used to update the db when new findings are
+# causing a CI failure.
 # See slither.config.json for slither settings
 if [[ -z "$TRIAGE_MODE" ]]; then
-  echo "Building contracts"
-  forge build --build-info --force
-  echo "Running slither"
-  slither --ignore-compile .
+  echo "Running slither in normal mode"
+  # Run slither and store the output in a variable to be used later
+  SLITHER_OUTPUT=$(slither . 2>&1 || true)
+
+  # If slither failed to generate a report, exit with an error.
+  if [ ! -f "$SLITHER_REPORT" ]; then
+    echo "Slither output:\n$SLITHER_OUTPUT"
+    echo "Slither failed to generate a report."
+    if [ -e "$SLITHER_REPORT_BACKUP" ]; then
+        mv $SLITHER_REPORT_BACKUP $SLITHER_REPORT
+        echo "Restored previous slither report from $SLITHER_REPORT_BACKUP"
+    fi
+    echo "Exiting with error."
+    exit 1
+  fi
+
+  echo "Slither ran successfully, generating minimzed report..."
+  json=$(cat $SLITHER_REPORT)
+  updated_json=$(cat $SLITHER_REPORT | jq -r '[.results.detectors[] | .description as $description | .check as $check | .impact as $impact | .confidence as $confidence | (.elements[] | .type as $type | .name as $name | (.source_mapping | { "impact": $impact, "confidence": $confidence, "check": $check, "description": $description, "type": $type, "name": $name, start, length, filename_relative } ))]')
+  echo "$updated_json" > $SLITHER_REPORT
+  echo "Slither report stored at $DIR/$SLITHER_REPORT"
 else
   echo "Running slither in triage mode"
-  # Slither's triage mode will run an 'interview' in the terminal, allowing you to review each of
-  # its findings, and specify which should be ignored in future runs of slither. This will update
-  # (or create) the slither.db.json file. This DB is a cleaner alternative to adding slither-disable
-  # comments throughout the codebase.
-  # Triage mode should only be run manually, and can be used to update the db when new findings are
-  # causing a CI failure.
   slither . --triage-mode
 
-  # For whatever reason the slither db contains a filename_absolute property which includes the full
-  # local path to source code on the machine where it was generated. This property does not
-  # seem to be required for slither to run, so we remove it.
-  DB=slither.db.json
-  TEMP_DB=temp-slither.db.json
-  mv $DB $TEMP_DB
-  jq 'walk(if type == "object" then del(.filename_absolute) else . end)' $TEMP_DB > $DB
-  rm -f $TEMP_DB
+  # The slither json report contains a `filename_absolute` property which includes the full
+  # local path to source code on the machine where it was generated. This property breaks
+  # cross-platform report comparisons, so it's removed here.
+  mv $SLITHER_REPORT temp-slither-report.json
+  jq 'walk(if type == "object" then del(.filename_absolute) else . end)' temp-slither-report.json > $SLITHER_REPORT
+  rm -f temp-slither-report.json
+fi
+
+# Delete the backup of the previous slither report if it exists
+if [ -e "$SLITHER_REPORT_BACKUP" ]; then
+    rm $SLITHER_REPORT_BACKUP
+    echo "Deleted backup of previous slither report at $SLITHER_REPORT_BACKUP"
 fi

packages/contracts-bedrock/slither-report.json

+[
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.setOwner(address) (src/legacy/L1ChugSplashProxy.sol#138-140) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "function",
+    "name": "setOwner",
+    "start": 6890,
+    "length": 97,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.setOwner(address) (src/legacy/L1ChugSplashProxy.sol#138-140) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "function",
+    "name": "proxyCallIfNotOwner",
+    "start": 3867,
+    "length": 237,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.setOwner(address) (src/legacy/L1ChugSplashProxy.sol#138-140) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(0x0,returndatasize()())",
+    "start": 9403,
+    "length": 29,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.target() (src/L1/DelayedVetoable.sol#108-110) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "target",
+    "start": 4421,
+    "length": 99,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.target() (src/L1/DelayedVetoable.sol#108-110) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "readOrHandle",
+    "start": 2953,
+    "length": 200,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.target() (src/L1/DelayedVetoable.sol#108-110) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata))",
+    "start": 7723,
+    "length": 48,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.getImplementation() (src/legacy/L1ChugSplashProxy.sol#152-154) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "function",
+    "name": "getImplementation",
+    "start": 7519,
+    "length": 120,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.getImplementation() (src/legacy/L1ChugSplashProxy.sol#152-154) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "function",
+    "name": "proxyCallIfNotOwner",
+    "start": 3867,
+    "length": 237,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.getImplementation() (src/legacy/L1ChugSplashProxy.sol#152-154) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(0x0,returndatasize()())",
+    "start": 9403,
+    "length": 29,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.implementation() (src/universal/Proxy.sol#97-99) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "function",
+    "name": "implementation",
+    "start": 3967,
+    "length": 123,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.implementation() (src/universal/Proxy.sol#97-99) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "function",
+    "name": "proxyCallIfNotAdmin",
+    "start": 1295,
+    "length": 237,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.implementation() (src/universal/Proxy.sol#97-99) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(0x0,returndatasize()())",
+    "start": 5922,
+    "length": 29,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.upgradeToAndCall(address,bytes) (src/universal/Proxy.sol#67-81) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "function",
+    "name": "upgradeToAndCall",
+    "start": 2959,
+    "length": 458,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.upgradeToAndCall(address,bytes) (src/universal/Proxy.sol#67-81) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "function",
+    "name": "proxyCallIfNotAdmin",
+    "start": 1295,
+    "length": 237,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.upgradeToAndCall(address,bytes) (src/universal/Proxy.sol#67-81) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(0x0,returndatasize()())",
+    "start": 5922,
+    "length": 29,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.vetoer() (src/L1/DelayedVetoable.sol#102-104) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "vetoer",
+    "start": 4223,
+    "length": 107,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.vetoer() (src/L1/DelayedVetoable.sol#102-104) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "readOrHandle",
+    "start": 2953,
+    "length": 200,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.vetoer() (src/L1/DelayedVetoable.sol#102-104) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata))",
+    "start": 7723,
+    "length": 48,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) calls DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "readOrHandle",
+    "start": 2953,
+    "length": 200,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) calls DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "_handleCall",
+    "start": 5365,
+    "length": 2009,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) calls DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata))",
+    "start": 7723,
+    "length": 48,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.initiator() (src/L1/DelayedVetoable.sol#96-98) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "initiator",
+    "start": 4013,
+    "length": 119,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.initiator() (src/L1/DelayedVetoable.sol#96-98) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "readOrHandle",
+    "start": 2953,
+    "length": 200,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.initiator() (src/L1/DelayedVetoable.sol#96-98) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata))",
+    "start": 7723,
+    "length": 48,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181) calls DelayedVetoable._forwardAndHalt(bytes32) (src/L1/DelayedVetoable.sol#184-197) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "_handleCall",
+    "start": 5365,
+    "length": 2009,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181) calls DelayedVetoable._forwardAndHalt(bytes32) (src/L1/DelayedVetoable.sol#184-197) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "_forwardAndHalt",
+    "start": 7454,
+    "length": 466,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181) calls DelayedVetoable._forwardAndHalt(bytes32) (src/L1/DelayedVetoable.sol#184-197) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata))",
+    "start": 7723,
+    "length": 48,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.queuedAt(bytes32) (src/L1/DelayedVetoable.sol#121-123) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "queuedAt",
+    "start": 4865,
+    "length": 134,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.queuedAt(bytes32) (src/L1/DelayedVetoable.sol#121-123) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "readOrHandle",
+    "start": 2953,
+    "length": 200,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.queuedAt(bytes32) (src/L1/DelayedVetoable.sol#121-123) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata))",
+    "start": 7723,
+    "length": 48,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.setCode(bytes) (src/legacy/L1ChugSplashProxy.sol#96-124) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "function",
+    "name": "setCode",
+    "start": 5022,
+    "length": 1285,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.setCode(bytes) (src/legacy/L1ChugSplashProxy.sol#96-124) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "function",
+    "name": "proxyCallIfNotOwner",
+    "start": 3867,
+    "length": 237,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.setCode(bytes) (src/legacy/L1ChugSplashProxy.sol#96-124) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(0x0,returndatasize()())",
+    "start": 9403,
+    "length": 29,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.upgradeTo(address) (src/universal/Proxy.sol#59-61) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "function",
+    "name": "upgradeTo",
+    "start": 2498,
+    "length": 131,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.upgradeTo(address) (src/universal/Proxy.sol#59-61) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "function",
+    "name": "proxyCallIfNotAdmin",
+    "start": 1295,
+    "length": 237,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.upgradeTo(address) (src/universal/Proxy.sol#59-61) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(0x0,returndatasize()())",
+    "start": 5922,
+    "length": 29,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.changeAdmin(address) (src/universal/Proxy.sol#85-87) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "function",
+    "name": "changeAdmin",
+    "start": 3563,
+    "length": 109,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.changeAdmin(address) (src/universal/Proxy.sol#85-87) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "function",
+    "name": "proxyCallIfNotAdmin",
+    "start": 1295,
+    "length": 237,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.changeAdmin(address) (src/universal/Proxy.sol#85-87) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(0x0,returndatasize()())",
+    "start": 5922,
+    "length": 29,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.admin() (src/universal/Proxy.sol#91-93) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "function",
+    "name": "admin",
+    "start": 3763,
+    "length": 105,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.admin() (src/universal/Proxy.sol#91-93) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "function",
+    "name": "proxyCallIfNotAdmin",
+    "start": 1295,
+    "length": 237,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.admin() (src/universal/Proxy.sol#91-93) calls Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(0x0,returndatasize()())",
+    "start": 5922,
+    "length": 29,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) calls L1ChugSplashProxy._doProxyCall() (src/legacy/L1ChugSplashProxy.sol#175-198) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "function",
+    "name": "proxyCallIfNotOwner",
+    "start": 3867,
+    "length": 237,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) calls L1ChugSplashProxy._doProxyCall() (src/legacy/L1ChugSplashProxy.sol#175-198) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "function",
+    "name": "_doProxyCall",
+    "start": 8349,
+    "length": 1099,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) calls L1ChugSplashProxy._doProxyCall() (src/legacy/L1ChugSplashProxy.sol#175-198) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(0x0,returndatasize()())",
+    "start": 9403,
+    "length": 29,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.delay() (src/L1/DelayedVetoable.sol#114-116) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "delay",
+    "start": 4595,
+    "length": 96,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.delay() (src/L1/DelayedVetoable.sol#114-116) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "function",
+    "name": "readOrHandle",
+    "start": 2953,
+    "length": 200,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "DelayedVetoable.delay() (src/L1/DelayedVetoable.sol#114-116) calls DelayedVetoable.readOrHandle() (src/L1/DelayedVetoable.sol#67-74) which halt the execution return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata)) (src/L1/DelayedVetoable.sol#190)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(returndata + 0x20,mload(uint256)(returndata))",
+    "start": 7723,
+    "length": 48,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.getOwner() (src/legacy/L1ChugSplashProxy.sol#145-147) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "function",
+    "name": "getOwner",
+    "start": 7200,
+    "length": 102,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.getOwner() (src/legacy/L1ChugSplashProxy.sol#145-147) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "function",
+    "name": "proxyCallIfNotOwner",
+    "start": 3867,
+    "length": 237,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.getOwner() (src/legacy/L1ChugSplashProxy.sol#145-147) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(0x0,returndatasize()())",
+    "start": 9403,
+    "length": 29,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.setStorage(bytes32,bytes32) (src/legacy/L1ChugSplashProxy.sol#130-134) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "function",
+    "name": "setStorage",
+    "start": 6596,
+    "length": 148,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.setStorage(bytes32,bytes32) (src/legacy/L1ChugSplashProxy.sol#130-134) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "function",
+    "name": "proxyCallIfNotOwner",
+    "start": 3867,
+    "length": 237,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "L1ChugSplashProxy.setStorage(bytes32,bytes32) (src/legacy/L1ChugSplashProxy.sol#130-134) calls L1ChugSplashProxy.proxyCallIfNotOwner() (src/legacy/L1ChugSplashProxy.sol#64-71) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/legacy/L1ChugSplashProxy.sol#196)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(0x0,returndatasize()())",
+    "start": 9403,
+    "length": 29,
+    "filename_relative": "src/legacy/L1ChugSplashProxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) calls Proxy._doProxyCall() (src/universal/Proxy.sol#123-145) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "function",
+    "name": "proxyCallIfNotAdmin",
+    "start": 1295,
+    "length": 237,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) calls Proxy._doProxyCall() (src/universal/Proxy.sol#123-145) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "function",
+    "name": "_doProxyCall",
+    "start": 4928,
+    "length": 1039,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "Medium",
+    "check": "incorrect-return",
+    "description": "Proxy.proxyCallIfNotAdmin() (src/universal/Proxy.sol#26-33) calls Proxy._doProxyCall() (src/universal/Proxy.sol#123-145) which halt the execution return(uint256,uint256)(0x0,returndatasize()()) (src/universal/Proxy.sol#143)\n",
+    "type": "node",
+    "name": "return(uint256,uint256)(0x0,returndatasize()())",
+    "start": 5922,
+    "length": 29,
+    "filename_relative": "src/universal/Proxy.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "High",
+    "check": "shadowing-state",
+    "description": "EAS.__gap (src/EAS/EAS.sol#80) shadows:\n\t- EIP1271Verifier.__gap (src/EAS/eip1271/EIP1271Verifier.sol#48)\n",
+    "type": "variable",
+    "name": "__gap",
+    "start": 2496,
+    "length": 34,
+    "filename_relative": "src/EAS/EAS.sol"
+  },
+  {
+    "impact": "High",
+    "confidence": "High",
+    "check": "shadowing-state",
+    "description": "EAS.__gap (src/EAS/EAS.sol#80) shadows:\n\t- EIP1271Verifier.__gap (src/EAS/eip1271/EIP1271Verifier.sol#48)\n",
+    "type": "variable",
+    "name": "__gap",
+    "start": 1820,
+    "length": 34,
+    "filename_relative": "src/EAS/eip1271/EIP1271Verifier.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract L2OutputOracle (src/L1/L2OutputOracle.sol#14-296) has payable functions:\n\t - L2OutputOracle.proposeL2Output(bytes32,uint256,bytes32,uint256) (src/L1/L2OutputOracle.sol#168-215)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "contract",
+    "name": "L2OutputOracle",
+    "start": 611,
+    "length": 12768,
+    "filename_relative": "src/L1/L2OutputOracle.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract L2OutputOracle (src/L1/L2OutputOracle.sol#14-296) has payable functions:\n\t - L2OutputOracle.proposeL2Output(bytes32,uint256,bytes32,uint256) (src/L1/L2OutputOracle.sol#168-215)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "proposeL2Output",
+    "start": 7598,
+    "length": 1981,
+    "filename_relative": "src/L1/L2OutputOracle.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract FaultDisputeGame (src/dispute/FaultDisputeGame.sol#24-560) has payable functions:\n\t - IFaultDisputeGame.attack(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#51)\n\t - IFaultDisputeGame.defend(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#56)\n\t - IFaultDisputeGame.resolveClaim(uint256) (src/dispute/interfaces/IFaultDisputeGame.sol#83)\n\t - FaultDisputeGame.move(uint256,Claim,bool) (src/dispute/FaultDisputeGame.sol#193-271)\n\t - FaultDisputeGame.attack(uint256,Claim) (src/dispute/FaultDisputeGame.sol#274-276)\n\t - FaultDisputeGame.defend(uint256,Claim) (src/dispute/FaultDisputeGame.sol#279-281)\n\t - FaultDisputeGame.resolveClaim(uint256) (src/dispute/FaultDisputeGame.sol#375-425)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "contract",
+    "name": "FaultDisputeGame",
+    "start": 1080,
+    "length": 25208,
+    "filename_relative": "src/dispute/FaultDisputeGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract FaultDisputeGame (src/dispute/FaultDisputeGame.sol#24-560) has payable functions:\n\t - IFaultDisputeGame.attack(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#51)\n\t - IFaultDisputeGame.defend(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#56)\n\t - IFaultDisputeGame.resolveClaim(uint256) (src/dispute/interfaces/IFaultDisputeGame.sol#83)\n\t - FaultDisputeGame.move(uint256,Claim,bool) (src/dispute/FaultDisputeGame.sol#193-271)\n\t - FaultDisputeGame.attack(uint256,Claim) (src/dispute/FaultDisputeGame.sol#274-276)\n\t - FaultDisputeGame.defend(uint256,Claim) (src/dispute/FaultDisputeGame.sol#279-281)\n\t - FaultDisputeGame.resolveClaim(uint256) (src/dispute/FaultDisputeGame.sol#375-425)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "attack",
+    "start": 2181,
+    "length": 69,
+    "filename_relative": "src/dispute/interfaces/IFaultDisputeGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract FaultDisputeGame (src/dispute/FaultDisputeGame.sol#24-560) has payable functions:\n\t - IFaultDisputeGame.attack(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#51)\n\t - IFaultDisputeGame.defend(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#56)\n\t - IFaultDisputeGame.resolveClaim(uint256) (src/dispute/interfaces/IFaultDisputeGame.sol#83)\n\t - FaultDisputeGame.move(uint256,Claim,bool) (src/dispute/FaultDisputeGame.sol#193-271)\n\t - FaultDisputeGame.attack(uint256,Claim) (src/dispute/FaultDisputeGame.sol#274-276)\n\t - FaultDisputeGame.defend(uint256,Claim) (src/dispute/FaultDisputeGame.sol#279-281)\n\t - FaultDisputeGame.resolveClaim(uint256) (src/dispute/FaultDisputeGame.sol#375-425)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "defend",
+    "start": 2454,
+    "length": 69,
+    "filename_relative": "src/dispute/interfaces/IFaultDisputeGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract FaultDisputeGame (src/dispute/FaultDisputeGame.sol#24-560) has payable functions:\n\t - IFaultDisputeGame.attack(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#51)\n\t - IFaultDisputeGame.defend(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#56)\n\t - IFaultDisputeGame.resolveClaim(uint256) (src/dispute/interfaces/IFaultDisputeGame.sol#83)\n\t - FaultDisputeGame.move(uint256,Claim,bool) (src/dispute/FaultDisputeGame.sol#193-271)\n\t - FaultDisputeGame.attack(uint256,Claim) (src/dispute/FaultDisputeGame.sol#274-276)\n\t - FaultDisputeGame.defend(uint256,Claim) (src/dispute/FaultDisputeGame.sol#279-281)\n\t - FaultDisputeGame.resolveClaim(uint256) (src/dispute/FaultDisputeGame.sol#375-425)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "resolveClaim",
+    "start": 4428,
+    "length": 60,
+    "filename_relative": "src/dispute/interfaces/IFaultDisputeGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract FaultDisputeGame (src/dispute/FaultDisputeGame.sol#24-560) has payable functions:\n\t - IFaultDisputeGame.attack(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#51)\n\t - IFaultDisputeGame.defend(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#56)\n\t - IFaultDisputeGame.resolveClaim(uint256) (src/dispute/interfaces/IFaultDisputeGame.sol#83)\n\t - FaultDisputeGame.move(uint256,Claim,bool) (src/dispute/FaultDisputeGame.sol#193-271)\n\t - FaultDisputeGame.attack(uint256,Claim) (src/dispute/FaultDisputeGame.sol#274-276)\n\t - FaultDisputeGame.defend(uint256,Claim) (src/dispute/FaultDisputeGame.sol#279-281)\n\t - FaultDisputeGame.resolveClaim(uint256) (src/dispute/FaultDisputeGame.sol#375-425)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "move",
+    "start": 9286,
+    "length": 3953,
+    "filename_relative": "src/dispute/FaultDisputeGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract FaultDisputeGame (src/dispute/FaultDisputeGame.sol#24-560) has payable functions:\n\t - IFaultDisputeGame.attack(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#51)\n\t - IFaultDisputeGame.defend(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#56)\n\t - IFaultDisputeGame.resolveClaim(uint256) (src/dispute/interfaces/IFaultDisputeGame.sol#83)\n\t - FaultDisputeGame.move(uint256,Claim,bool) (src/dispute/FaultDisputeGame.sol#193-271)\n\t - FaultDisputeGame.attack(uint256,Claim) (src/dispute/FaultDisputeGame.sol#274-276)\n\t - FaultDisputeGame.defend(uint256,Claim) (src/dispute/FaultDisputeGame.sol#279-281)\n\t - FaultDisputeGame.resolveClaim(uint256) (src/dispute/FaultDisputeGame.sol#375-425)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "attack",
+    "start": 13283,
+    "length": 118,
+    "filename_relative": "src/dispute/FaultDisputeGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract FaultDisputeGame (src/dispute/FaultDisputeGame.sol#24-560) has payable functions:\n\t - IFaultDisputeGame.attack(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#51)\n\t - IFaultDisputeGame.defend(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#56)\n\t - IFaultDisputeGame.resolveClaim(uint256) (src/dispute/interfaces/IFaultDisputeGame.sol#83)\n\t - FaultDisputeGame.move(uint256,Claim,bool) (src/dispute/FaultDisputeGame.sol#193-271)\n\t - FaultDisputeGame.attack(uint256,Claim) (src/dispute/FaultDisputeGame.sol#274-276)\n\t - FaultDisputeGame.defend(uint256,Claim) (src/dispute/FaultDisputeGame.sol#279-281)\n\t - FaultDisputeGame.resolveClaim(uint256) (src/dispute/FaultDisputeGame.sol#375-425)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "defend",
+    "start": 13445,
+    "length": 119,
+    "filename_relative": "src/dispute/FaultDisputeGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract FaultDisputeGame (src/dispute/FaultDisputeGame.sol#24-560) has payable functions:\n\t - IFaultDisputeGame.attack(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#51)\n\t - IFaultDisputeGame.defend(uint256,Claim) (src/dispute/interfaces/IFaultDisputeGame.sol#56)\n\t - IFaultDisputeGame.resolveClaim(uint256) (src/dispute/interfaces/IFaultDisputeGame.sol#83)\n\t - FaultDisputeGame.move(uint256,Claim,bool) (src/dispute/FaultDisputeGame.sol#193-271)\n\t - FaultDisputeGame.attack(uint256,Claim) (src/dispute/FaultDisputeGame.sol#274-276)\n\t - FaultDisputeGame.defend(uint256,Claim) (src/dispute/FaultDisputeGame.sol#279-281)\n\t - FaultDisputeGame.resolveClaim(uint256) (src/dispute/FaultDisputeGame.sol#375-425)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "resolveClaim",
+    "start": 17388,
+    "length": 2033,
+    "filename_relative": "src/dispute/FaultDisputeGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract OutputBisectionGame (src/dispute/OutputBisectionGame.sol#24-551) has payable functions:\n\t - IOutputBisectionGame.attack(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#30)\n\t - IOutputBisectionGame.defend(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#35)\n\t - IOutputBisectionGame.resolveClaim(uint256) (src/dispute/interfaces/IOutputBisectionGame.sol#62)\n\t - OutputBisectionGame.move(uint256,Claim,bool) (src/dispute/OutputBisectionGame.sol#189-270)\n\t - OutputBisectionGame.attack(uint256,Claim) (src/dispute/OutputBisectionGame.sol#273-275)\n\t - OutputBisectionGame.defend(uint256,Claim) (src/dispute/OutputBisectionGame.sol#278-280)\n\t - OutputBisectionGame.resolveClaim(uint256) (src/dispute/OutputBisectionGame.sol#350-400)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "contract",
+    "name": "OutputBisectionGame",
+    "start": 1092,
+    "length": 25331,
+    "filename_relative": "src/dispute/OutputBisectionGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract OutputBisectionGame (src/dispute/OutputBisectionGame.sol#24-551) has payable functions:\n\t - IOutputBisectionGame.attack(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#30)\n\t - IOutputBisectionGame.defend(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#35)\n\t - IOutputBisectionGame.resolveClaim(uint256) (src/dispute/interfaces/IOutputBisectionGame.sol#62)\n\t - OutputBisectionGame.move(uint256,Claim,bool) (src/dispute/OutputBisectionGame.sol#189-270)\n\t - OutputBisectionGame.attack(uint256,Claim) (src/dispute/OutputBisectionGame.sol#273-275)\n\t - OutputBisectionGame.defend(uint256,Claim) (src/dispute/OutputBisectionGame.sol#278-280)\n\t - OutputBisectionGame.resolveClaim(uint256) (src/dispute/OutputBisectionGame.sol#350-400)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "attack",
+    "start": 1139,
+    "length": 69,
+    "filename_relative": "src/dispute/interfaces/IOutputBisectionGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract OutputBisectionGame (src/dispute/OutputBisectionGame.sol#24-551) has payable functions:\n\t - IOutputBisectionGame.attack(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#30)\n\t - IOutputBisectionGame.defend(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#35)\n\t - IOutputBisectionGame.resolveClaim(uint256) (src/dispute/interfaces/IOutputBisectionGame.sol#62)\n\t - OutputBisectionGame.move(uint256,Claim,bool) (src/dispute/OutputBisectionGame.sol#189-270)\n\t - OutputBisectionGame.attack(uint256,Claim) (src/dispute/OutputBisectionGame.sol#273-275)\n\t - OutputBisectionGame.defend(uint256,Claim) (src/dispute/OutputBisectionGame.sol#278-280)\n\t - OutputBisectionGame.resolveClaim(uint256) (src/dispute/OutputBisectionGame.sol#350-400)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "defend",
+    "start": 1412,
+    "length": 69,
+    "filename_relative": "src/dispute/interfaces/IOutputBisectionGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract OutputBisectionGame (src/dispute/OutputBisectionGame.sol#24-551) has payable functions:\n\t - IOutputBisectionGame.attack(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#30)\n\t - IOutputBisectionGame.defend(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#35)\n\t - IOutputBisectionGame.resolveClaim(uint256) (src/dispute/interfaces/IOutputBisectionGame.sol#62)\n\t - OutputBisectionGame.move(uint256,Claim,bool) (src/dispute/OutputBisectionGame.sol#189-270)\n\t - OutputBisectionGame.attack(uint256,Claim) (src/dispute/OutputBisectionGame.sol#273-275)\n\t - OutputBisectionGame.defend(uint256,Claim) (src/dispute/OutputBisectionGame.sol#278-280)\n\t - OutputBisectionGame.resolveClaim(uint256) (src/dispute/OutputBisectionGame.sol#350-400)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "resolveClaim",
+    "start": 3429,
+    "length": 60,
+    "filename_relative": "src/dispute/interfaces/IOutputBisectionGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract OutputBisectionGame (src/dispute/OutputBisectionGame.sol#24-551) has payable functions:\n\t - IOutputBisectionGame.attack(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#30)\n\t - IOutputBisectionGame.defend(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#35)\n\t - IOutputBisectionGame.resolveClaim(uint256) (src/dispute/interfaces/IOutputBisectionGame.sol#62)\n\t - OutputBisectionGame.move(uint256,Claim,bool) (src/dispute/OutputBisectionGame.sol#189-270)\n\t - OutputBisectionGame.attack(uint256,Claim) (src/dispute/OutputBisectionGame.sol#273-275)\n\t - OutputBisectionGame.defend(uint256,Claim) (src/dispute/OutputBisectionGame.sol#278-280)\n\t - OutputBisectionGame.resolveClaim(uint256) (src/dispute/OutputBisectionGame.sol#350-400)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "move",
+    "start": 9135,
+    "length": 4228,
+    "filename_relative": "src/dispute/OutputBisectionGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract OutputBisectionGame (src/dispute/OutputBisectionGame.sol#24-551) has payable functions:\n\t - IOutputBisectionGame.attack(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#30)\n\t - IOutputBisectionGame.defend(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#35)\n\t - IOutputBisectionGame.resolveClaim(uint256) (src/dispute/interfaces/IOutputBisectionGame.sol#62)\n\t - OutputBisectionGame.move(uint256,Claim,bool) (src/dispute/OutputBisectionGame.sol#189-270)\n\t - OutputBisectionGame.attack(uint256,Claim) (src/dispute/OutputBisectionGame.sol#273-275)\n\t - OutputBisectionGame.defend(uint256,Claim) (src/dispute/OutputBisectionGame.sol#278-280)\n\t - OutputBisectionGame.resolveClaim(uint256) (src/dispute/OutputBisectionGame.sol#350-400)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "attack",
+    "start": 13410,
+    "length": 118,
+    "filename_relative": "src/dispute/OutputBisectionGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract OutputBisectionGame (src/dispute/OutputBisectionGame.sol#24-551) has payable functions:\n\t - IOutputBisectionGame.attack(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#30)\n\t - IOutputBisectionGame.defend(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#35)\n\t - IOutputBisectionGame.resolveClaim(uint256) (src/dispute/interfaces/IOutputBisectionGame.sol#62)\n\t - OutputBisectionGame.move(uint256,Claim,bool) (src/dispute/OutputBisectionGame.sol#189-270)\n\t - OutputBisectionGame.attack(uint256,Claim) (src/dispute/OutputBisectionGame.sol#273-275)\n\t - OutputBisectionGame.defend(uint256,Claim) (src/dispute/OutputBisectionGame.sol#278-280)\n\t - OutputBisectionGame.resolveClaim(uint256) (src/dispute/OutputBisectionGame.sol#350-400)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "defend",
+    "start": 13575,
+    "length": 119,
+    "filename_relative": "src/dispute/OutputBisectionGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract OutputBisectionGame (src/dispute/OutputBisectionGame.sol#24-551) has payable functions:\n\t - IOutputBisectionGame.attack(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#30)\n\t - IOutputBisectionGame.defend(uint256,Claim) (src/dispute/interfaces/IOutputBisectionGame.sol#35)\n\t - IOutputBisectionGame.resolveClaim(uint256) (src/dispute/interfaces/IOutputBisectionGame.sol#62)\n\t - OutputBisectionGame.move(uint256,Claim,bool) (src/dispute/OutputBisectionGame.sol#189-270)\n\t - OutputBisectionGame.attack(uint256,Claim) (src/dispute/OutputBisectionGame.sol#273-275)\n\t - OutputBisectionGame.defend(uint256,Claim) (src/dispute/OutputBisectionGame.sol#278-280)\n\t - OutputBisectionGame.resolveClaim(uint256) (src/dispute/OutputBisectionGame.sol#350-400)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "resolveClaim",
+    "start": 16915,
+    "length": 2043,
+    "filename_relative": "src/dispute/OutputBisectionGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract L1BlockNumber (src/legacy/L1BlockNumber.sol#16-45) has payable functions:\n\t - L1BlockNumber.receive() (src/legacy/L1BlockNumber.sol#22-28)\n\t - L1BlockNumber.fallback() (src/legacy/L1BlockNumber.sol#32-38)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "contract",
+    "name": "L1BlockNumber",
+    "start": 668,
+    "length": 888,
+    "filename_relative": "src/legacy/L1BlockNumber.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract L1BlockNumber (src/legacy/L1BlockNumber.sol#16-45) has payable functions:\n\t - L1BlockNumber.receive() (src/legacy/L1BlockNumber.sol#22-28)\n\t - L1BlockNumber.fallback() (src/legacy/L1BlockNumber.sol#32-38)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "receive",
+    "start": 863,
+    "length": 178,
+    "filename_relative": "src/legacy/L1BlockNumber.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract L1BlockNumber (src/legacy/L1BlockNumber.sol#16-45) has payable functions:\n\t - L1BlockNumber.receive() (src/legacy/L1BlockNumber.sol#22-28)\n\t - L1BlockNumber.fallback() (src/legacy/L1BlockNumber.sol#32-38)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "fallback",
+    "start": 1145,
+    "length": 179,
+    "filename_relative": "src/legacy/L1BlockNumber.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract SchemaResolver (src/EAS/resolver/SchemaResolver.sol#11-165) has payable functions:\n\t - ISchemaResolver.attest(Attestation) (src/EAS/resolver/ISchemaResolver.sol#16)\n\t - ISchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#22-28)\n\t - ISchemaResolver.revoke(Attestation) (src/EAS/resolver/ISchemaResolver.sol#33)\n\t - ISchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#39-45)\n\t - SchemaResolver.receive() (src/EAS/resolver/SchemaResolver.sol#41-45)\n\t - SchemaResolver.attest(Attestation) (src/EAS/resolver/SchemaResolver.sol#48-50)\n\t - SchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#53-92)\n\t - SchemaResolver.revoke(Attestation) (src/EAS/resolver/SchemaResolver.sol#95-97)\n\t - SchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#100-139)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "contract",
+    "name": "SchemaResolver",
+    "start": 350,
+    "length": 5868,
+    "filename_relative": "src/EAS/resolver/SchemaResolver.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract SchemaResolver (src/EAS/resolver/SchemaResolver.sol#11-165) has payable functions:\n\t - ISchemaResolver.attest(Attestation) (src/EAS/resolver/ISchemaResolver.sol#16)\n\t - ISchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#22-28)\n\t - ISchemaResolver.revoke(Attestation) (src/EAS/resolver/ISchemaResolver.sol#33)\n\t - ISchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#39-45)\n\t - SchemaResolver.receive() (src/EAS/resolver/SchemaResolver.sol#41-45)\n\t - SchemaResolver.attest(Attestation) (src/EAS/resolver/SchemaResolver.sol#48-50)\n\t - SchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#53-92)\n\t - SchemaResolver.revoke(Attestation) (src/EAS/resolver/SchemaResolver.sol#95-97)\n\t - SchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#100-139)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "attest",
+    "start": 565,
+    "length": 82,
+    "filename_relative": "src/EAS/resolver/ISchemaResolver.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract SchemaResolver (src/EAS/resolver/SchemaResolver.sol#11-165) has payable functions:\n\t - ISchemaResolver.attest(Attestation) (src/EAS/resolver/ISchemaResolver.sol#16)\n\t - ISchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#22-28)\n\t - ISchemaResolver.revoke(Attestation) (src/EAS/resolver/ISchemaResolver.sol#33)\n\t - ISchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#39-45)\n\t - SchemaResolver.receive() (src/EAS/resolver/SchemaResolver.sol#41-45)\n\t - SchemaResolver.attest(Attestation) (src/EAS/resolver/SchemaResolver.sol#48-50)\n\t - SchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#53-92)\n\t - SchemaResolver.revoke(Attestation) (src/EAS/resolver/SchemaResolver.sol#95-97)\n\t - SchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#100-139)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "multiAttest",
+    "start": 926,
+    "length": 163,
+    "filename_relative": "src/EAS/resolver/ISchemaResolver.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract SchemaResolver (src/EAS/resolver/SchemaResolver.sol#11-165) has payable functions:\n\t - ISchemaResolver.attest(Attestation) (src/EAS/resolver/ISchemaResolver.sol#16)\n\t - ISchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#22-28)\n\t - ISchemaResolver.revoke(Attestation) (src/EAS/resolver/ISchemaResolver.sol#33)\n\t - ISchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#39-45)\n\t - SchemaResolver.receive() (src/EAS/resolver/SchemaResolver.sol#41-45)\n\t - SchemaResolver.attest(Attestation) (src/EAS/resolver/SchemaResolver.sol#48-50)\n\t - SchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#53-92)\n\t - SchemaResolver.revoke(Attestation) (src/EAS/resolver/SchemaResolver.sol#95-97)\n\t - SchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#100-139)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "revoke",
+    "start": 1305,
+    "length": 82,
+    "filename_relative": "src/EAS/resolver/ISchemaResolver.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract SchemaResolver (src/EAS/resolver/SchemaResolver.sol#11-165) has payable functions:\n\t - ISchemaResolver.attest(Attestation) (src/EAS/resolver/ISchemaResolver.sol#16)\n\t - ISchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#22-28)\n\t - ISchemaResolver.revoke(Attestation) (src/EAS/resolver/ISchemaResolver.sol#33)\n\t - ISchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#39-45)\n\t - SchemaResolver.receive() (src/EAS/resolver/SchemaResolver.sol#41-45)\n\t - SchemaResolver.attest(Attestation) (src/EAS/resolver/SchemaResolver.sol#48-50)\n\t - SchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#53-92)\n\t - SchemaResolver.revoke(Attestation) (src/EAS/resolver/SchemaResolver.sol#95-97)\n\t - SchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#100-139)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "multiRevoke",
+    "start": 1695,
+    "length": 163,
+    "filename_relative": "src/EAS/resolver/ISchemaResolver.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract SchemaResolver (src/EAS/resolver/SchemaResolver.sol#11-165) has payable functions:\n\t - ISchemaResolver.attest(Attestation) (src/EAS/resolver/ISchemaResolver.sol#16)\n\t - ISchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#22-28)\n\t - ISchemaResolver.revoke(Attestation) (src/EAS/resolver/ISchemaResolver.sol#33)\n\t - ISchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#39-45)\n\t - SchemaResolver.receive() (src/EAS/resolver/SchemaResolver.sol#41-45)\n\t - SchemaResolver.attest(Attestation) (src/EAS/resolver/SchemaResolver.sol#48-50)\n\t - SchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#53-92)\n\t - SchemaResolver.revoke(Attestation) (src/EAS/resolver/SchemaResolver.sol#95-97)\n\t - SchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#100-139)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "receive",
+    "start": 1054,
+    "length": 113,
+    "filename_relative": "src/EAS/resolver/SchemaResolver.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract SchemaResolver (src/EAS/resolver/SchemaResolver.sol#11-165) has payable functions:\n\t - ISchemaResolver.attest(Attestation) (src/EAS/resolver/ISchemaResolver.sol#16)\n\t - ISchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#22-28)\n\t - ISchemaResolver.revoke(Attestation) (src/EAS/resolver/ISchemaResolver.sol#33)\n\t - ISchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#39-45)\n\t - SchemaResolver.receive() (src/EAS/resolver/SchemaResolver.sol#41-45)\n\t - SchemaResolver.attest(Attestation) (src/EAS/resolver/SchemaResolver.sol#48-50)\n\t - SchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#53-92)\n\t - SchemaResolver.revoke(Attestation) (src/EAS/resolver/SchemaResolver.sol#95-97)\n\t - SchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#100-139)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "attest",
+    "start": 1209,
+    "length": 146,
+    "filename_relative": "src/EAS/resolver/SchemaResolver.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract SchemaResolver (src/EAS/resolver/SchemaResolver.sol#11-165) has payable functions:\n\t - ISchemaResolver.attest(Attestation) (src/EAS/resolver/ISchemaResolver.sol#16)\n\t - ISchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#22-28)\n\t - ISchemaResolver.revoke(Attestation) (src/EAS/resolver/ISchemaResolver.sol#33)\n\t - ISchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#39-45)\n\t - SchemaResolver.receive() (src/EAS/resolver/SchemaResolver.sol#41-45)\n\t - SchemaResolver.attest(Attestation) (src/EAS/resolver/SchemaResolver.sol#48-50)\n\t - SchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#53-92)\n\t - SchemaResolver.revoke(Attestation) (src/EAS/resolver/SchemaResolver.sol#95-97)\n\t - SchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#100-139)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "multiAttest",
+    "start": 1397,
+    "length": 1497,
+    "filename_relative": "src/EAS/resolver/SchemaResolver.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract SchemaResolver (src/EAS/resolver/SchemaResolver.sol#11-165) has payable functions:\n\t - ISchemaResolver.attest(Attestation) (src/EAS/resolver/ISchemaResolver.sol#16)\n\t - ISchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#22-28)\n\t - ISchemaResolver.revoke(Attestation) (src/EAS/resolver/ISchemaResolver.sol#33)\n\t - ISchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#39-45)\n\t - SchemaResolver.receive() (src/EAS/resolver/SchemaResolver.sol#41-45)\n\t - SchemaResolver.attest(Attestation) (src/EAS/resolver/SchemaResolver.sol#48-50)\n\t - SchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#53-92)\n\t - SchemaResolver.revoke(Attestation) (src/EAS/resolver/SchemaResolver.sol#95-97)\n\t - SchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#100-139)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "revoke",
+    "start": 2936,
+    "length": 146,
+    "filename_relative": "src/EAS/resolver/SchemaResolver.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "locked-ether",
+    "description": "Contract locking ether found:\n\tContract SchemaResolver (src/EAS/resolver/SchemaResolver.sol#11-165) has payable functions:\n\t - ISchemaResolver.attest(Attestation) (src/EAS/resolver/ISchemaResolver.sol#16)\n\t - ISchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#22-28)\n\t - ISchemaResolver.revoke(Attestation) (src/EAS/resolver/ISchemaResolver.sol#33)\n\t - ISchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/ISchemaResolver.sol#39-45)\n\t - SchemaResolver.receive() (src/EAS/resolver/SchemaResolver.sol#41-45)\n\t - SchemaResolver.attest(Attestation) (src/EAS/resolver/SchemaResolver.sol#48-50)\n\t - SchemaResolver.multiAttest(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#53-92)\n\t - SchemaResolver.revoke(Attestation) (src/EAS/resolver/SchemaResolver.sol#95-97)\n\t - SchemaResolver.multiRevoke(Attestation[],uint256[]) (src/EAS/resolver/SchemaResolver.sol#100-139)\n\tBut does not have a function to withdraw the ether\n",
+    "type": "function",
+    "name": "multiRevoke",
+    "start": 3124,
+    "length": 1496,
+    "filename_relative": "src/EAS/resolver/SchemaResolver.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "reentrancy-no-eth",
+    "description": "Reentrancy in OutputBisectionGame.step(uint256,bool,bytes,bytes) (src/dispute/OutputBisectionGame.sol#119-183):\n\tExternal calls:\n\t- validStep = VM.step(_stateData,_proof,uuid) == Claim.unwrap(postState.claim) (src/dispute/OutputBisectionGame.sol#176)\n\tState variables written after the call(s):\n\t- parent.countered = true (src/dispute/OutputBisectionGame.sol#182)\n\tOutputBisectionGame.claimData (src/dispute/OutputBisectionGame.sol#71) can be used in cross function reentrancies:\n\t- OutputBisectionGame.claimData (src/dispute/OutputBisectionGame.sol#71)\n\t- OutputBisectionGame.claimDataLen() (src/dispute/OutputBisectionGame.sol#455-457)\n\t- OutputBisectionGame.findStartingAndDisputedOutputs(uint256) (src/dispute/OutputBisectionGame.sol#500-550)\n\t- OutputBisectionGame.findTraceAncestor(Position,uint256) (src/dispute/OutputBisectionGame.sol#483-493)\n\t- OutputBisectionGame.initialize() (src/dispute/OutputBisectionGame.sol#426-452)\n\t- OutputBisectionGame.move(uint256,Claim,bool) (src/dispute/OutputBisectionGame.sol#189-270)\n\t- OutputBisectionGame.resolve() (src/dispute/OutputBisectionGame.sol#335-347)\n\t- OutputBisectionGame.resolveClaim(uint256) (src/dispute/OutputBisectionGame.sol#350-400)\n\t- OutputBisectionGame.step(uint256,bool,bytes,bytes) (src/dispute/OutputBisectionGame.sol#119-183)\n",
+    "type": "function",
+    "name": "step",
+    "start": 4835,
+    "length": 3995,
+    "filename_relative": "src/dispute/OutputBisectionGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "reentrancy-no-eth",
+    "description": "Reentrancy in OutputBisectionGame.step(uint256,bool,bytes,bytes) (src/dispute/OutputBisectionGame.sol#119-183):\n\tExternal calls:\n\t- validStep = VM.step(_stateData,_proof,uuid) == Claim.unwrap(postState.claim) (src/dispute/OutputBisectionGame.sol#176)\n\tState variables written after the call(s):\n\t- parent.countered = true (src/dispute/OutputBisectionGame.sol#182)\n\tOutputBisectionGame.claimData (src/dispute/OutputBisectionGame.sol#71) can be used in cross function reentrancies:\n\t- OutputBisectionGame.claimData (src/dispute/OutputBisectionGame.sol#71)\n\t- OutputBisectionGame.claimDataLen() (src/dispute/OutputBisectionGame.sol#455-457)\n\t- OutputBisectionGame.findStartingAndDisputedOutputs(uint256) (src/dispute/OutputBisectionGame.sol#500-550)\n\t- OutputBisectionGame.findTraceAncestor(Position,uint256) (src/dispute/OutputBisectionGame.sol#483-493)\n\t- OutputBisectionGame.initialize() (src/dispute/OutputBisectionGame.sol#426-452)\n\t- OutputBisectionGame.move(uint256,Claim,bool) (src/dispute/OutputBisectionGame.sol#189-270)\n\t- OutputBisectionGame.resolve() (src/dispute/OutputBisectionGame.sol#335-347)\n\t- OutputBisectionGame.resolveClaim(uint256) (src/dispute/OutputBisectionGame.sol#350-400)\n\t- OutputBisectionGame.step(uint256,bool,bytes,bytes) (src/dispute/OutputBisectionGame.sol#119-183)\n",
+    "type": "node",
+    "name": "validStep = VM.step(_stateData,_proof,uuid) == Claim.unwrap(postState.claim)",
+    "start": 8388,
+    "length": 83,
+    "filename_relative": "src/dispute/OutputBisectionGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "reentrancy-no-eth",
+    "description": "Reentrancy in OutputBisectionGame.step(uint256,bool,bytes,bytes) (src/dispute/OutputBisectionGame.sol#119-183):\n\tExternal calls:\n\t- validStep = VM.step(_stateData,_proof,uuid) == Claim.unwrap(postState.claim) (src/dispute/OutputBisectionGame.sol#176)\n\tState variables written after the call(s):\n\t- parent.countered = true (src/dispute/OutputBisectionGame.sol#182)\n\tOutputBisectionGame.claimData (src/dispute/OutputBisectionGame.sol#71) can be used in cross function reentrancies:\n\t- OutputBisectionGame.claimData (src/dispute/OutputBisectionGame.sol#71)\n\t- OutputBisectionGame.claimDataLen() (src/dispute/OutputBisectionGame.sol#455-457)\n\t- OutputBisectionGame.findStartingAndDisputedOutputs(uint256) (src/dispute/OutputBisectionGame.sol#500-550)\n\t- OutputBisectionGame.findTraceAncestor(Position,uint256) (src/dispute/OutputBisectionGame.sol#483-493)\n\t- OutputBisectionGame.initialize() (src/dispute/OutputBisectionGame.sol#426-452)\n\t- OutputBisectionGame.move(uint256,Claim,bool) (src/dispute/OutputBisectionGame.sol#189-270)\n\t- OutputBisectionGame.resolve() (src/dispute/OutputBisectionGame.sol#335-347)\n\t- OutputBisectionGame.resolveClaim(uint256) (src/dispute/OutputBisectionGame.sol#350-400)\n\t- OutputBisectionGame.step(uint256,bool,bytes,bytes) (src/dispute/OutputBisectionGame.sol#119-183)\n",
+    "type": "node",
+    "name": "parent.countered = true",
+    "start": 8800,
+    "length": 23,
+    "filename_relative": "src/dispute/OutputBisectionGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "reentrancy-no-eth",
+    "description": "Reentrancy in TransferOnion.peel(TransferOnion.Layer[]) (src/periphery/TransferOnion.sol#44-70):\n\tExternal calls:\n\t- TOKEN.safeTransferFrom(SENDER,layer.recipient,layer.amount) (src/periphery/TransferOnion.sol#61)\n\tState variables written after the call(s):\n\t- shell = tempShell (src/periphery/TransferOnion.sol#69)\n\tTransferOnion.shell (src/periphery/TransferOnion.sol#30) can be used in cross function reentrancies:\n\t- TransferOnion.constructor(ERC20,address,bytes32) (src/periphery/TransferOnion.sol#36-40)\n\t- TransferOnion.shell (src/periphery/TransferOnion.sol#30)\n",
+    "type": "function",
+    "name": "peel",
+    "start": 1616,
+    "length": 885,
+    "filename_relative": "src/periphery/TransferOnion.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "reentrancy-no-eth",
+    "description": "Reentrancy in TransferOnion.peel(TransferOnion.Layer[]) (src/periphery/TransferOnion.sol#44-70):\n\tExternal calls:\n\t- TOKEN.safeTransferFrom(SENDER,layer.recipient,layer.amount) (src/periphery/TransferOnion.sol#61)\n\tState variables written after the call(s):\n\t- shell = tempShell (src/periphery/TransferOnion.sol#69)\n\tTransferOnion.shell (src/periphery/TransferOnion.sol#30) can be used in cross function reentrancies:\n\t- TransferOnion.constructor(ERC20,address,bytes32) (src/periphery/TransferOnion.sol#36-40)\n\t- TransferOnion.shell (src/periphery/TransferOnion.sol#30)\n",
+    "type": "node",
+    "name": "TOKEN.safeTransferFrom(SENDER,layer.recipient,layer.amount)",
+    "start": 2282,
+    "length": 61,
+    "filename_relative": "src/periphery/TransferOnion.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "reentrancy-no-eth",
+    "description": "Reentrancy in TransferOnion.peel(TransferOnion.Layer[]) (src/periphery/TransferOnion.sol#44-70):\n\tExternal calls:\n\t- TOKEN.safeTransferFrom(SENDER,layer.recipient,layer.amount) (src/periphery/TransferOnion.sol#61)\n\tState variables written after the call(s):\n\t- shell = tempShell (src/periphery/TransferOnion.sol#69)\n\tTransferOnion.shell (src/periphery/TransferOnion.sol#30) can be used in cross function reentrancies:\n\t- TransferOnion.constructor(ERC20,address,bytes32) (src/periphery/TransferOnion.sol#36-40)\n\t- TransferOnion.shell (src/periphery/TransferOnion.sol#30)\n",
+    "type": "node",
+    "name": "shell = tempShell",
+    "start": 2477,
+    "length": 17,
+    "filename_relative": "src/periphery/TransferOnion.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "reentrancy-no-eth",
+    "description": "Reentrancy in DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181):\n\tExternal calls:\n\t- _forwardAndHalt(callHash) (src/L1/DelayedVetoable.sol#150)\n\t\t- (success,returndata) = TARGET.call(msg.data) (src/L1/DelayedVetoable.sol#187)\n\tState variables written after the call(s):\n\t- _queuedAt[callHash] = block.timestamp (src/L1/DelayedVetoable.sol#152)\n\tDelayedVetoable._queuedAt (src/L1/DelayedVetoable.sol#61) can be used in cross function reentrancies:\n\t- DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181)\n\t- DelayedVetoable.queuedAt(bytes32) (src/L1/DelayedVetoable.sol#121-123)\n",
+    "type": "function",
+    "name": "_handleCall",
+    "start": 5365,
+    "length": 2009,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "reentrancy-no-eth",
+    "description": "Reentrancy in DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181):\n\tExternal calls:\n\t- _forwardAndHalt(callHash) (src/L1/DelayedVetoable.sol#150)\n\t\t- (success,returndata) = TARGET.call(msg.data) (src/L1/DelayedVetoable.sol#187)\n\tState variables written after the call(s):\n\t- _queuedAt[callHash] = block.timestamp (src/L1/DelayedVetoable.sol#152)\n\tDelayedVetoable._queuedAt (src/L1/DelayedVetoable.sol#61) can be used in cross function reentrancies:\n\t- DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181)\n\t- DelayedVetoable.queuedAt(bytes32) (src/L1/DelayedVetoable.sol#121-123)\n",
+    "type": "node",
+    "name": "_forwardAndHalt(callHash)",
+    "start": 6102,
+    "length": 25,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "reentrancy-no-eth",
+    "description": "Reentrancy in DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181):\n\tExternal calls:\n\t- _forwardAndHalt(callHash) (src/L1/DelayedVetoable.sol#150)\n\t\t- (success,returndata) = TARGET.call(msg.data) (src/L1/DelayedVetoable.sol#187)\n\tState variables written after the call(s):\n\t- _queuedAt[callHash] = block.timestamp (src/L1/DelayedVetoable.sol#152)\n\tDelayedVetoable._queuedAt (src/L1/DelayedVetoable.sol#61) can be used in cross function reentrancies:\n\t- DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181)\n\t- DelayedVetoable.queuedAt(bytes32) (src/L1/DelayedVetoable.sol#121-123)\n",
+    "type": "node",
+    "name": "(success,returndata) = TARGET.call(msg.data)",
+    "start": 7588,
+    "length": 63,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "reentrancy-no-eth",
+    "description": "Reentrancy in DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181):\n\tExternal calls:\n\t- _forwardAndHalt(callHash) (src/L1/DelayedVetoable.sol#150)\n\t\t- (success,returndata) = TARGET.call(msg.data) (src/L1/DelayedVetoable.sol#187)\n\tState variables written after the call(s):\n\t- _queuedAt[callHash] = block.timestamp (src/L1/DelayedVetoable.sol#152)\n\tDelayedVetoable._queuedAt (src/L1/DelayedVetoable.sol#61) can be used in cross function reentrancies:\n\t- DelayedVetoable._handleCall() (src/L1/DelayedVetoable.sol#133-181)\n\t- DelayedVetoable.queuedAt(bytes32) (src/L1/DelayedVetoable.sol#121-123)\n",
+    "type": "node",
+    "name": "_queuedAt[callHash] = block.timestamp",
+    "start": 6155,
+    "length": 37,
+    "filename_relative": "src/L1/DelayedVetoable.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "reentrancy-no-eth",
+    "description": "Reentrancy in FaultDisputeGame.step(uint256,bool,bytes,bytes) (src/dispute/FaultDisputeGame.sol#121-187):\n\tExternal calls:\n\t- validStep = VM.step(_stateData,_proof,0) == Claim.unwrap(postState.claim) (src/dispute/FaultDisputeGame.sol#180)\n\tState variables written after the call(s):\n\t- parent.countered = true (src/dispute/FaultDisputeGame.sol#186)\n\tFaultDisputeGame.claimData (src/dispute/FaultDisputeGame.sol#68) can be used in cross function reentrancies:\n\t- FaultDisputeGame.claimData (src/dispute/FaultDisputeGame.sol#68)\n\t- FaultDisputeGame.claimDataLen() (src/dispute/FaultDisputeGame.sol#535-537)\n\t- FaultDisputeGame.findTraceAncestor(Position,uint256) (src/dispute/FaultDisputeGame.sol#549-559)\n\t- FaultDisputeGame.initialize() (src/dispute/FaultDisputeGame.sol#451-532)\n\t- FaultDisputeGame.move(uint256,Claim,bool) (src/dispute/FaultDisputeGame.sol#193-271)\n\t- FaultDisputeGame.resolve() (src/dispute/FaultDisputeGame.sol#363-372)\n\t- FaultDisputeGame.resolveClaim(uint256) (src/dispute/FaultDisputeGame.sol#375-425)\n\t- FaultDisputeGame.step(uint256,bool,bytes,bytes) (src/dispute/FaultDisputeGame.sol#121-187)\n",
+    "type": "function",
+    "name": "step",
+    "start": 5018,
+    "length": 3963,
+    "filename_relative": "src/dispute/FaultDisputeGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "reentrancy-no-eth",
+    "description": "Reentrancy in FaultDisputeGame.step(uint256,bool,bytes,bytes) (src/dispute/FaultDisputeGame.sol#121-187):\n\tExternal calls:\n\t- validStep = VM.step(_stateData,_proof,0) == Claim.unwrap(postState.claim) (src/dispute/FaultDisputeGame.sol#180)\n\tState variables written after the call(s):\n\t- parent.countered = true (src/dispute/FaultDisputeGame.sol#186)\n\tFaultDisputeGame.claimData (src/dispute/FaultDisputeGame.sol#68) can be used in cross function reentrancies:\n\t- FaultDisputeGame.claimData (src/dispute/FaultDisputeGame.sol#68)\n\t- FaultDisputeGame.claimDataLen() (src/dispute/FaultDisputeGame.sol#535-537)\n\t- FaultDisputeGame.findTraceAncestor(Position,uint256) (src/dispute/FaultDisputeGame.sol#549-559)\n\t- FaultDisputeGame.initialize() (src/dispute/FaultDisputeGame.sol#451-532)\n\t- FaultDisputeGame.move(uint256,Claim,bool) (src/dispute/FaultDisputeGame.sol#193-271)\n\t- FaultDisputeGame.resolve() (src/dispute/FaultDisputeGame.sol#363-372)\n\t- FaultDisputeGame.resolveClaim(uint256) (src/dispute/FaultDisputeGame.sol#375-425)\n\t- FaultDisputeGame.step(uint256,bool,bytes,bytes) (src/dispute/FaultDisputeGame.sol#121-187)\n",
+    "type": "node",
+    "name": "validStep = VM.step(_stateData,_proof,0) == Claim.unwrap(postState.claim)",
+    "start": 8542,
+    "length": 80,
+    "filename_relative": "src/dispute/FaultDisputeGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "reentrancy-no-eth",
+    "description": "Reentrancy in FaultDisputeGame.step(uint256,bool,bytes,bytes) (src/dispute/FaultDisputeGame.sol#121-187):\n\tExternal calls:\n\t- validStep = VM.step(_stateData,_proof,0) == Claim.unwrap(postState.claim) (src/dispute/FaultDisputeGame.sol#180)\n\tState variables written after the call(s):\n\t- parent.countered = true (src/dispute/FaultDisputeGame.sol#186)\n\tFaultDisputeGame.claimData (src/dispute/FaultDisputeGame.sol#68) can be used in cross function reentrancies:\n\t- FaultDisputeGame.claimData (src/dispute/FaultDisputeGame.sol#68)\n\t- FaultDisputeGame.claimDataLen() (src/dispute/FaultDisputeGame.sol#535-537)\n\t- FaultDisputeGame.findTraceAncestor(Position,uint256) (src/dispute/FaultDisputeGame.sol#549-559)\n\t- FaultDisputeGame.initialize() (src/dispute/FaultDisputeGame.sol#451-532)\n\t- FaultDisputeGame.move(uint256,Claim,bool) (src/dispute/FaultDisputeGame.sol#193-271)\n\t- FaultDisputeGame.resolve() (src/dispute/FaultDisputeGame.sol#363-372)\n\t- FaultDisputeGame.resolveClaim(uint256) (src/dispute/FaultDisputeGame.sol#375-425)\n\t- FaultDisputeGame.step(uint256,bool,bytes,bytes) (src/dispute/FaultDisputeGame.sol#121-187)\n",
+    "type": "node",
+    "name": "parent.countered = true",
+    "start": 8951,
+    "length": 23,
+    "filename_relative": "src/dispute/FaultDisputeGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "tx-origin",
+    "description": "OptimismPortal.finalizeWithdrawalTransaction(Types.WithdrawalTransaction) (src/L1/OptimismPortal.sol#272-355) uses tx.origin for authorization: success == false && tx.origin == Constants.ESTIMATION_ADDRESS (src/L1/OptimismPortal.sol#352)\n",
+    "type": "function",
+    "name": "finalizeWithdrawalTransaction",
+    "start": 13145,
+    "length": 4841,
+    "filename_relative": "src/L1/OptimismPortal.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "tx-origin",
+    "description": "OptimismPortal.finalizeWithdrawalTransaction(Types.WithdrawalTransaction) (src/L1/OptimismPortal.sol#272-355) uses tx.origin for authorization: success == false && tx.origin == Constants.ESTIMATION_ADDRESS (src/L1/OptimismPortal.sol#352)\n",
+    "type": "node",
+    "name": "success == false && tx.origin == Constants.ESTIMATION_ADDRESS",
+    "start": 17849,
+    "length": 61,
+    "filename_relative": "src/L1/OptimismPortal.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "tx-origin",
+    "description": "CrossDomainMessenger.relayMessage(uint256,address,address,uint256,uint256,bytes) (src/universal/CrossDomainMessenger.sol#211-302) uses tx.origin for authorization: tx.origin == Constants.ESTIMATION_ADDRESS (src/universal/CrossDomainMessenger.sol#275)\n",
+    "type": "function",
+    "name": "relayMessage",
+    "start": 10420,
+    "length": 4586,
+    "filename_relative": "src/universal/CrossDomainMessenger.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "tx-origin",
+    "description": "CrossDomainMessenger.relayMessage(uint256,address,address,uint256,uint256,bytes) (src/universal/CrossDomainMessenger.sol#211-302) uses tx.origin for authorization: tx.origin == Constants.ESTIMATION_ADDRESS (src/universal/CrossDomainMessenger.sol#275)\n",
+    "type": "node",
+    "name": "tx.origin == Constants.ESTIMATION_ADDRESS",
+    "start": 13781,
+    "length": 41,
+    "filename_relative": "src/universal/CrossDomainMessenger.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "tx-origin",
+    "description": "CrossDomainMessenger.relayMessage(uint256,address,address,uint256,uint256,bytes) (src/universal/CrossDomainMessenger.sol#211-302) uses tx.origin for authorization: tx.origin == Constants.ESTIMATION_ADDRESS (src/universal/CrossDomainMessenger.sol#298)\n",
+    "type": "function",
+    "name": "relayMessage",
+    "start": 10420,
+    "length": 4586,
+    "filename_relative": "src/universal/CrossDomainMessenger.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "tx-origin",
+    "description": "CrossDomainMessenger.relayMessage(uint256,address,address,uint256,uint256,bytes) (src/universal/CrossDomainMessenger.sol#211-302) uses tx.origin for authorization: tx.origin == Constants.ESTIMATION_ADDRESS (src/universal/CrossDomainMessenger.sol#298)\n",
+    "type": "node",
+    "name": "tx.origin == Constants.ESTIMATION_ADDRESS",
+    "start": 14859,
+    "length": 41,
+    "filename_relative": "src/universal/CrossDomainMessenger.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "uninitialized-local",
+    "description": "FaultDisputeGame.move(uint256,Claim,bool).grandparentClock (src/dispute/FaultDisputeGame.sol#218) is a local variable never initialized\n",
+    "type": "variable",
+    "name": "grandparentClock",
+    "start": 10880,
+    "length": 22,
+    "filename_relative": "src/dispute/FaultDisputeGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "uninitialized-local",
+    "description": "OutputBisectionGame.findStartingAndDisputedOutputs(uint256).currentDepth (src/dispute/OutputBisectionGame.sol#518) is a local variable never initialized\n",
+    "type": "variable",
+    "name": "currentDepth",
+    "start": 24494,
+    "length": 20,
+    "filename_relative": "src/dispute/OutputBisectionGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "uninitialized-local",
+    "description": "OutputBisectionGame.move(uint256,Claim,bool).grandparentClock (src/dispute/OutputBisectionGame.sol#218) is a local variable never initialized\n",
+    "type": "variable",
+    "name": "grandparentClock",
+    "start": 11025,
+    "length": 22,
+    "filename_relative": "src/dispute/OutputBisectionGame.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "uninitialized-local",
+    "description": "EAS._attest(bytes32,AttestationRequestData[],address,uint256,bool).res (src/EAS/EAS.sol#403) is a local variable never initialized\n",
+    "type": "variable",
+    "name": "res",
+    "start": 16042,
+    "length": 29,
+    "filename_relative": "src/EAS/EAS.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "Medium",
+    "check": "uninitialized-local",
+    "description": "EAS._attest(bytes32,AttestationRequestData[],address,uint256,bool).uid (src/EAS/EAS.sol#442) is a local variable never initialized\n",
+    "type": "variable",
+    "name": "uid",
+    "start": 17694,
+    "length": 11,
+    "filename_relative": "src/EAS/EAS.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "write-after-write",
+    "description": "OptimismPortal.l2Sender (src/L1/OptimismPortal.sol#53) is written in both\n\tl2Sender = _tx.sender (src/L1/OptimismPortal.sol#331)\n\tl2Sender = Constants.DEFAULT_L2_SENDER (src/L1/OptimismPortal.sol#343)\n",
+    "type": "variable",
+    "name": "l2Sender",
+    "start": 2603,
+    "length": 23,
+    "filename_relative": "src/L1/OptimismPortal.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "write-after-write",
+    "description": "OptimismPortal.l2Sender (src/L1/OptimismPortal.sol#53) is written in both\n\tl2Sender = _tx.sender (src/L1/OptimismPortal.sol#331)\n\tl2Sender = Constants.DEFAULT_L2_SENDER (src/L1/OptimismPortal.sol#343)\n",
+    "type": "node",
+    "name": "l2Sender = _tx.sender",
+    "start": 16550,
+    "length": 21,
+    "filename_relative": "src/L1/OptimismPortal.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "write-after-write",
+    "description": "OptimismPortal.l2Sender (src/L1/OptimismPortal.sol#53) is written in both\n\tl2Sender = _tx.sender (src/L1/OptimismPortal.sol#331)\n\tl2Sender = Constants.DEFAULT_L2_SENDER (src/L1/OptimismPortal.sol#343)\n",
+    "type": "node",
+    "name": "l2Sender = Constants.DEFAULT_L2_SENDER",
+    "start": 17344,
+    "length": 38,
+    "filename_relative": "src/L1/OptimismPortal.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "write-after-write",
+    "description": "CrossDomainMessenger.xDomainMsgSender (src/universal/CrossDomainMessenger.sol#129) is written in both\n\txDomainMsgSender = _sender (src/universal/CrossDomainMessenger.sol#282)\n\txDomainMsgSender = Constants.DEFAULT_L2_SENDER (src/universal/CrossDomainMessenger.sol#284)\n",
+    "type": "variable",
+    "name": "xDomainMsgSender",
+    "start": 5784,
+    "length": 33,
+    "filename_relative": "src/universal/CrossDomainMessenger.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "write-after-write",
+    "description": "CrossDomainMessenger.xDomainMsgSender (src/universal/CrossDomainMessenger.sol#129) is written in both\n\txDomainMsgSender = _sender (src/universal/CrossDomainMessenger.sol#282)\n\txDomainMsgSender = Constants.DEFAULT_L2_SENDER (src/universal/CrossDomainMessenger.sol#284)\n",
+    "type": "node",
+    "name": "xDomainMsgSender = _sender",
+    "start": 13953,
+    "length": 26,
+    "filename_relative": "src/universal/CrossDomainMessenger.sol"
+  },
+  {
+    "impact": "Medium",
+    "confidence": "High",
+    "check": "write-after-write",
+    "description": "CrossDomainMessenger.xDomainMsgSender (src/universal/CrossDomainMessenger.sol#129) is written in both\n\txDomainMsgSender = _sender (src/universal/CrossDomainMessenger.sol#282)\n\txDomainMsgSender = Constants.DEFAULT_L2_SENDER (src/universal/CrossDomainMessenger.sol#284)\n",
+    "type": "node",
+    "name": "xDomainMsgSender = Constants.DEFAULT_L2_SENDER",
+    "start": 14086,
+    "length": 46,
+    "filename_relative": "src/universal/CrossDomainMessenger.sol"
+  }
+]

packages/contracts-bedrock/slither.config.json

 {
-  "detectors_to_exclude": "incorrect-shift-in-assembly",
-  "fail_high": true,
-  "fail_pedantic": false,
-  "exclude_optimization": true,
+    "detectors_to_exclude": "incorrect-shift-in-assembly,assembly,timestamp,solc-version,missing-zero-check,immutable-states,arbitrary-send-eth,too-many-digits,divide-before-multiply,conformance-to-solidity-naming-conventions,low-level-calls,reentrancy-events,cache-array-length,unused-return,cyclomatic-complexity,calls-loop,reentrancy-unlimited-gas,reentrancy-eth,reentrancy-benign,costly-loop,events-maths,incorrect-equality",
     "exclude_informational": true,
+    "exclude_optimization": true,
     "exclude_low": true,
-  "exclude_medium": true,
+    "json": "slither-report.json",
+    "exclude_medium": false,
+    "exclude_high": false,
     "solc_disable_warnings": false,
-  "hardhat_ignore_compile": false,
     "disable_color": false,
     "exclude_dependencies": true,
-  "filter_paths": "test,src/vendor,lib,src/cannon/MIPS.sol",
+    "filter_paths": "(lib/|src/vendor|src/cannon/MIPS.sol)",
+    "legacy_ast": false,
     "foundry_out_directory": "artifacts"
 }

packages/contracts-bedrock/slither.db.json

-[
-  {
-    "elements": [
-      {
-        "type": "function",
-        "name": "peel",
-        "source_mapping": {
-          "start": 1695,
-          "length": 824,
-          "filename_relative": "contracts/periphery/TransferOnion.sol",
-          "filename_short": "contracts/periphery/TransferOnion.sol",
-          "is_dependency": false,
-          "lines": [
-            62,
-            63,
-            64,
-            65,
-            66,
-            67,
-            68,
-            69,
-            70,
-            71,
-            72,
-            73,
-            74,
-            75,
-            76,
-            77,
-            78,
-            79,
-            80,
-            81,
-            82,
-            83,
-            84,
-            85,
-            86,
-            87
-          ],
-          "starting_column": 5,
-          "ending_column": 6
-        },
-        "type_specific_fields": {
-          "parent": {
-            "type": "contract",
-            "name": "TransferOnion",
-            "source_mapping": {
-              "start": 636,
-              "length": 1885,
-              "filename_relative": "contracts/periphery/TransferOnion.sol",
-              "filename_short": "contracts/periphery/TransferOnion.sol",
-              "is_dependency": false,
-              "lines": [
-                15,
-                16,
-                17,
-                18,
-                19,
-                20,
-                21,
-                22,
-                23,
-                24,
-                25,
-                26,
-                27,
-                28,
-                29,
-                30,
-                31,
-                32,
-                33,
-                34,
-                35,
-                36,
-                37,
-                38,
-                39,
-                40,
-                41,
-                42,
-                43,
-                44,
-                45,
-                46,
-                47,
-                48,
-                49,
-                50,
-                51,
-                52,
-                53,
-                54,
-                55,
-                56,
-                57,
-                58,
-                59,
-                60,
-                61,
-                62,
-                63,
-                64,
-                65,
-                66,
-                67,
-                68,
-                69,
-                70,
-                71,
-                72,
-                73,
-                74,
-                75,
-                76,
-                77,
-                78,
-                79,
-                80,
-                81,
-                82,
-                83,
-                84,
-                85,
-                86,
-                87,
-                88
-              ],
-              "starting_column": 1,
-              "ending_column": 2
-            }
-          },
-          "signature": "peel(TransferOnion.Layer[])"
-        }
-      },
-      {
-        "type": "node",
-        "name": "TOKEN.safeTransferFrom(SENDER,layer.recipient,layer.amount)",
-        "source_mapping": {
-          "start": 2300,
-          "length": 61,
-          "filename_relative": "contracts/periphery/TransferOnion.sol",
-          "filename_short": "contracts/periphery/TransferOnion.sol",
-          "is_dependency": false,
-          "lines": [
-            78
-          ],
-          "starting_column": 13,
-          "ending_column": 74
-        },
-        "type_specific_fields": {
-          "parent": {
-            "type": "function",
-            "name": "peel",
-            "source_mapping": {
-              "start": 1695,
-              "length": 824,
-              "filename_relative": "contracts/periphery/TransferOnion.sol",
-              "filename_short": "contracts/periphery/TransferOnion.sol",
-              "is_dependency": false,
-              "lines": [
-                62,
-                63,
-                64,
-                65,
-                66,
-                67,
-                68,
-                69,
-                70,
-                71,
-                72,
-                73,
-                74,
-                75,
-                76,
-                77,
-                78,
-                79,
-                80,
-                81,
-                82,
-                83,
-                84,
-                85,
-                86,
-                87
-              ],
-              "starting_column": 5,
-              "ending_column": 6
-            },
-            "type_specific_fields": {
-              "parent": {
-                "type": "contract",
-                "name": "TransferOnion",
-                "source_mapping": {
-                  "start": 636,
-                  "length": 1885,
-                  "filename_relative": "contracts/periphery/TransferOnion.sol",
-                  "filename_short": "contracts/periphery/TransferOnion.sol",
-                  "is_dependency": false,
-                  "lines": [
-                    15,
-                    16,
-                    17,
-                    18,
-                    19,
-                    20,
-                    21,
-                    22,
-                    23,
-                    24,
-                    25,
-                    26,
-                    27,
-                    28,
-                    29,
-                    30,
-                    31,
-                    32,
-                    33,
-                    34,
-                    35,
-                    36,
-                    37,
-                    38,
-                    39,
-                    40,
-                    41,
-                    42,
-                    43,
-                    44,
-                    45,
-                    46,
-                    47,
-                    48,
-                    49,
-                    50,
-                    51,
-                    52,
-                    53,
-                    54,
-                    55,
-                    56,
-                    57,
-                    58,
-                    59,
-                    60,
-                    61,
-                    62,
-                    63,
-                    64,
-                    65,
-                    66,
-                    67,
-                    68,
-                    69,
-                    70,
-                    71,
-                    72,
-                    73,
-                    74,
-                    75,
-                    76,
-                    77,
-                    78,
-                    79,
-                    80,
-                    81,
-                    82,
-                    83,
-                    84,
-                    85,
-                    86,
-                    87,
-                    88
-                  ],
-                  "starting_column": 1,
-                  "ending_column": 2
-                }
-              },
-              "signature": "peel(TransferOnion.Layer[])"
-            }
-          }
-        }
-      }
-    ],
-    "description": "TransferOnion.peel(TransferOnion.Layer[]) (contracts/periphery/TransferOnion.sol#62-87) uses arbitrary from in transferFrom: TOKEN.safeTransferFrom(SENDER,layer.recipient,layer.amount) (contracts/periphery/TransferOnion.sol#78)\n",
-    "markdown": "[TransferOnion.peel(TransferOnion.Layer[])](contracts/periphery/TransferOnion.sol#L62-L87) uses arbitrary from in transferFrom: [TOKEN.safeTransferFrom(SENDER,layer.recipient,layer.amount)](contracts/periphery/TransferOnion.sol#L78)\n",
-    "first_markdown_element": "contracts/periphery/TransferOnion.sol#L62-L87",
-    "id": "e4e68870e9d2f8a7caf9d32b8d2b1f57af2bdef51f45724b1b49397f117c3ffe",
-    "check": "arbitrary-send-erc20",
-    "impact": "High",
-    "confidence": "High"
-  },
-  {
-    "elements": [
-      {
-        "type": "function",
-        "name": "donate",
-        "source_mapping": {
-          "start": 710,
-          "length": 92,
-          "filename_relative": "contracts/deployment/PortalSender.sol",
-          "filename_short": "contracts/deployment/PortalSender.sol",
-          "is_dependency": false,
-          "lines": [
-            27,
-            28,
-            29
-          ],
-          "starting_column": 5,
-          "ending_column": 6
-        },
-        "type_specific_fields": {
-          "parent": {
-            "type": "contract",
-            "name": "PortalSender",
-            "source_mapping": {
-              "start": 328,
-              "length": 476,
-              "filename_relative": "contracts/deployment/PortalSender.sol",
-              "filename_short": "contracts/deployment/PortalSender.sol",
-              "is_dependency": false,
-              "lines": [
-                11,
-                12,
-                13,
-                14,
-                15,
-                16,
-                17,
-                18,
-                19,
-                20,
-                21,
-                22,
-                23,
-                24,
-                25,
-                26,
-                27,
-                28,
-                29,
-                30
-              ],
-              "starting_column": 1,
-              "ending_column": 2
-            }
-          },
-          "signature": "donate()"
-        }
-      },
-      {
-        "type": "node",
-        "name": "PORTAL.donateETH{value: address(this).balance}()",
-        "source_mapping": {
-          "start": 745,
-          "length": 50,
-          "filename_relative": "contracts/deployment/PortalSender.sol",
-          "filename_short": "contracts/deployment/PortalSender.sol",
-          "is_dependency": false,
-          "lines": [
-            28
-          ],
-          "starting_column": 9,
-          "ending_column": 59
-        },
-        "type_specific_fields": {
-          "parent": {
-            "type": "function",
-            "name": "donate",
-            "source_mapping": {
-              "start": 710,
-              "length": 92,
-              "filename_relative": "contracts/deployment/PortalSender.sol",
-              "filename_short": "contracts/deployment/PortalSender.sol",
-              "is_dependency": false,
-              "lines": [
-                27,
-                28,
-                29
-              ],
-              "starting_column": 5,
-              "ending_column": 6
-            },
-            "type_specific_fields": {
-              "parent": {
-                "type": "contract",
-                "name": "PortalSender",
-                "source_mapping": {
-                  "start": 328,
-                  "length": 476,
-                  "filename_relative": "contracts/deployment/PortalSender.sol",
-                  "filename_short": "contracts/deployment/PortalSender.sol",
-                  "is_dependency": false,
-                  "lines": [
-                    11,
-                    12,
-                    13,
-                    14,
-                    15,
-                    16,
-                    17,
-                    18,
-                    19,
-                    20,
-                    21,
-                    22,
-                    23,
-                    24,
-                    25,
-                    26,
-                    27,
-                    28,
-                    29,
-                    30
-                  ],
-                  "starting_column": 1,
-                  "ending_column": 2
-                }
-              },
-              "signature": "donate()"
-            }
-          }
-        }
-      }
-    ],
-    "description": "PortalSender.donate() (contracts/deployment/PortalSender.sol#27-29) sends eth to arbitrary user\n\tDangerous calls:\n\t- PORTAL.donateETH{value: address(this).balance}() (contracts/deployment/PortalSender.sol#28)\n",
-    "markdown": "[PortalSender.donate()](contracts/deployment/PortalSender.sol#L27-L29) sends eth to arbitrary user\n\tDangerous calls:\n\t- [PORTAL.donateETH{value: address(this).balance}()](contracts/deployment/PortalSender.sol#L28)\n",
-    "first_markdown_element": "contracts/deployment/PortalSender.sol#L27-L29",
-    "id": "57ff538ce533c88f5852cca299915d9dd842bfaa1a5c7d1a6d7c44f1a88d0e3c",
-    "check": "arbitrary-send-eth",
-    "impact": "High",
-    "confidence": "Medium"
-  }
-]