immutable · drinkcoffee · Oct 24, 2024 · Oct 22, 2024 · Oct 22, 2024 · Oct 22, 2024
diff --git a/contracts/access/MintingAccessControl.sol b/contracts/access/MintingAccessControl.sol
@@ -2,8 +2,7 @@
 // SPDX-License-Identifier: Apache 2.0
 pragma solidity 0.8.19;
 
-// solhint-disable no-unused-import
-import {AccessControlEnumerable, AccessControl, IAccessControl} from "@openzeppelin/contracts/access/AccessControlEnumerable.sol";
+import {AccessControlEnumerable} from "@openzeppelin/contracts/access/AccessControlEnumerable.sol";
 
 abstract contract MintingAccessControl is AccessControlEnumerable {
     /// @notice Role to mint tokens

diff --git a/contracts/bridge/x/v4/CoreV4.sol b/contracts/bridge/x/v4/CoreV4.sol
@@ -9,6 +9,7 @@
 // the StarkEx contract ABI that was provided by StarkWare via slack.
 pragma solidity ^0.8.19;
 
+// solhint-disable func-name-mixedcase
 interface CoreV4 {
     fallback() external payable;
 

diff --git a/contracts/deployer/create/OwnableCreateDeploy.sol b/contracts/deployer/create/OwnableCreateDeploy.sol
@@ -22,10 +22,10 @@ contract OwnableCreateDeploy {
      * @param bytecode The bytecode of the contract to be deployed
      */
     // slither-disable-next-line locked-ether
-
     function deploy(bytes memory bytecode) external payable {
-        // solhint-disable-next-line custom-errors
+        // solhint-disable-next-line custom-errors, reason-string
         require(msg.sender == owner, "CreateDeploy: caller is not the owner");
+        // solhint-disable no-inline-assembly
         assembly {
             if iszero(create(callvalue(), add(bytecode, 32), mload(bytecode))) {
                 revert(0, 0)

diff --git a/contracts/deployer/create2/OwnableCreate2Deployer.sol b/contracts/deployer/create2/OwnableCreate2Deployer.sol
@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache 2.0
 pragma solidity 0.8.19;
 
-import "@openzeppelin/contracts/access/Ownable.sol";
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
 import {Deployer} from "@axelar-network/axelar-gmp-sdk-solidity/contracts/deploy/Deployer.sol";
 import {Create2} from "@axelar-network/axelar-gmp-sdk-solidity/contracts/deploy/Create2.sol";
 
@@ -32,6 +32,8 @@ contract OwnableCreate2Deployer is Ownable, Create2, Deployer {
      * @param deploySalt A salt which is a hash of the salt provided by the sender and the sender's address.
      * @return The address of the deployed contract
      */
+    // Slither 0.10.4 is mistakenly seeing this as dead code. It is called from Deployer.deploy
+    // slither-disable-next-line dead-code
     function _deploy(bytes memory bytecode, bytes32 deploySalt) internal override onlyOwner returns (address) {
         return _create2(bytecode, deploySalt);
     }

diff --git a/contracts/deployer/create3/OwnableCreate3.sol b/contracts/deployer/create3/OwnableCreate3.sol
@@ -27,7 +27,10 @@ contract OwnableCreate3 is OwnableCreate3Address, IDeploy {
      * @param deploySalt A salt to influence the contract address
      * @return deployed The address of the deployed contract
      */
-    function _create3(bytes memory bytecode, bytes32 deploySalt) internal returns (address deployed) {
+    // Slither 0.10.4 is mistakenly seeing this as dead code. It is called 
+    // from OwnableCreate3Deployer.deploy and could be called from other contracts.
+    // slither-disable-next-line dead-code
+     function _create3(bytes memory bytecode, bytes32 deploySalt) internal returns (address deployed) {
         deployed = _create3Address(deploySalt);
 
         if (bytecode.length == 0) revert EmptyBytecode();

diff --git a/contracts/deployer/create3/OwnableCreate3Address.sol b/contracts/deployer/create3/OwnableCreate3Address.sol
@@ -15,6 +15,9 @@ abstract contract OwnableCreate3Address {
     bytes32 internal immutable createDeployBytecodeHash;
 
     constructor() {
+        // Slither is mistakenly seeing the expansion of type(OwnableCreateDeploy).creationCode
+        // as a very large number.
+        // slither-disable-next-line too-many-digits
         createDeployBytecodeHash = keccak256(type(OwnableCreateDeploy).creationCode);
     }
 

diff --git a/contracts/deployer/create3/OwnableCreate3Deployer.sol b/contracts/deployer/create3/OwnableCreate3Deployer.sol
@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache 2.0
 pragma solidity 0.8.19;
 
-import "@openzeppelin/contracts/access/Ownable.sol";
+import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
 import {Deployer} from "@axelar-network/axelar-gmp-sdk-solidity/contracts/deploy/Deployer.sol";
 
 import {OwnableCreate3} from "./OwnableCreate3.sol";
@@ -37,6 +37,8 @@ contract OwnableCreate3Deployer is Ownable, OwnableCreate3, Deployer {
      * @param deploySalt A salt which is a hash of the salt provided by the sender and the sender's address.
      * @return The address of the deployed contract
      */
+    // Slither 0.10.4 is mistakenly seeing this as dead code. It is called from Deployer.deploy
+    // slither-disable-next-line dead-code
     function _deploy(bytes memory bytecode, bytes32 deploySalt) internal override onlyOwner returns (address) {
         return _create3(bytecode, deploySalt);
     }

@@ -2,26 +2,23 @@
 // SPDX-License-Identifier: Apache 2.0
 pragma solidity 0.8.19;
 
-import "@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Burnable.sol";
-import "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
-import "@openzeppelin/contracts/interfaces/IERC1271.sol";
-import "solidity-bytes-utils/contracts/BytesLib.sol";
-import "./IERC1155Permit.sol";
+import {ERC1155Burnable, ERC1155} from "@openzeppelin/contracts/token/ERC1155/extensions/ERC1155Burnable.sol";
+import {EIP712, ECDSA} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
+import {IERC1271} from "@openzeppelin/contracts/interfaces/IERC1271.sol";
+import {BytesLib} from "solidity-bytes-utils/contracts/BytesLib.sol";
+import {IERC1155Permit} from "./IERC1155Permit.sol";
 import {IImmutableERC1155Errors} from "../../../errors/Errors.sol";
 
 abstract contract ERC1155Permit is ERC1155Burnable, EIP712, IERC1155Permit, IImmutableERC1155Errors {
-
     bytes32 private immutable _PERMIT_TYPEHASH =
         keccak256("Permit(address owner,address spender,bool approved,uint256 nonce,uint256 deadline)");
 
-    mapping(address => uint256) private _nonces;
+    mapping(address account => uint256 nonce) private _nonces;
 
-    constructor(string memory name, string memory uri)
-        ERC1155(uri)
-        EIP712(name, "1")
-    {}
+    constructor(string memory name, string memory uri) ERC1155(uri) EIP712(name, "1") {}
 
     function permit(address owner, address spender, bool approved, uint256 deadline, bytes memory sig) external {
+        // solhint-disable-next-line not-rely-on-time
         if (deadline < block.timestamp) {
             revert PermitExpired();
         }
@@ -30,7 +27,7 @@ abstract contract ERC1155Permit is ERC1155Burnable, EIP712, IERC1155Permit, IImm
 
         // smart contract signature validation
         if (_isValidERC1271Signature(owner, digest, sig)) {
-             _setApprovalForAll(owner, spender, approved);
+            _setApprovalForAll(owner, spender, approved);
             return;
         }
 
@@ -63,16 +60,15 @@ abstract contract ERC1155Permit is ERC1155Burnable, EIP712, IERC1155Permit, IImm
      * @param owner The address for which to retrieve the nonce.
      * @return Current nonce of the given token.
      */
-    function nonces(
-        address owner
-    ) external view returns (uint256) {
+    function nonces(address owner) external view returns (uint256) {
         return _nonces[owner];
     }
 
     /**
      * @notice Returns the domain separator used in the encoding of the signature for permits, as defined by EIP-712
      * @return the bytes32 domain separator
      */
+    // solhint-disable-next-line func-name-mixedcase
     function DOMAIN_SEPARATOR() external view override returns (bytes32) {
         return _domainSeparatorV4();
     }
@@ -82,16 +78,10 @@ abstract contract ERC1155Permit is ERC1155Burnable, EIP712, IERC1155Permit, IImm
      * @param interfaceId The interface identifier, which is a 4-byte selector.
      * @return True if the contract implements `interfaceId` and the call doesn't revert, otherwise false.
      */
-    function supportsInterface(bytes4 interfaceId)
-      public
-      view
-      virtual
-      override(ERC1155)
-      returns (bool)
-    {
-     return
-      interfaceId == type(IERC1155Permit).interfaceId || // 0x9e3ae8e4
-      super.supportsInterface(interfaceId);
+    function supportsInterface(bytes4 interfaceId) public view virtual override(ERC1155) returns (bool) {
+        return
+            interfaceId == type(IERC1155Permit).interfaceId || // 0x9e3ae8e4
+            super.supportsInterface(interfaceId);
     }
 
     /**
@@ -107,18 +97,10 @@ abstract contract ERC1155Permit is ERC1155Burnable, EIP712, IERC1155Permit, IImm
         bool approved,
         uint256 deadline
     ) internal returns (bytes32) {
-        return _hashTypedDataV4(
-            keccak256(
-                abi.encode(
-                    _PERMIT_TYPEHASH,
-                    owner,
-                    spender,
-                    approved,
-                    _nonces[owner]++,
-                    deadline
-                )
-            )
-        );
+        return
+            _hashTypedDataV4(
+                keccak256(abi.encode(_PERMIT_TYPEHASH, owner, spender, approved, _nonces[owner]++, deadline))
+            );
     }
 
     /**
@@ -128,14 +110,10 @@ abstract contract ERC1155Permit is ERC1155Burnable, EIP712, IERC1155Permit, IImm
      * @param sig The actual signature bytes.
      * @return True if the signature is valid according to EIP-1271, otherwise false.
      */
-    function _isValidERC1271Signature(address spender, bytes32 digest, bytes memory sig) private view returns(bool) {
+    function _isValidERC1271Signature(address spender, bytes32 digest, bytes memory sig) private view returns (bool) {
         // slither-disable-next-line low-level-calls
         (bool success, bytes memory res) = spender.staticcall(
-            abi.encodeWithSelector(
-                IERC1271.isValidSignature.selector,
-                digest,
-                sig
-            )
+            abi.encodeWithSelector(IERC1271.isValidSignature.selector, digest, sig)
         );
 
         if (success && res.length == 32) {
@@ -154,8 +132,7 @@ abstract contract ERC1155Permit is ERC1155Burnable, EIP712, IERC1155Permit, IImm
      * @param owner The owner of the tokens.
      * @return True if the signature is from an approved operator or owner, otherwise false.
      */
-    function _isValidEOASignature(address recoveredSigner, address owner) private pure returns(bool) {
+    function _isValidEOASignature(address recoveredSigner, address owner) private pure returns (bool) {
         return recoveredSigner != address(0) && recoveredSigner == owner;
     }
-
 }
@@ -2,15 +2,14 @@
 // SPDX-License-Identifier: Apache 2.0
 pragma solidity 0.8.19;
 
-import {ERC1155, ERC1155Permit} from "../../../token/erc1155/abstract/ERC1155Permit.sol";
+import {ERC1155Permit, ERC1155} from "../../../token/erc1155/abstract/ERC1155Permit.sol";
 
 // Allowlist
 import {ERC2981} from "@openzeppelin/contracts/token/common/ERC2981.sol";
 import {OperatorAllowlistEnforced} from "../../../allowlist/OperatorAllowlistEnforced.sol";
 
 import {AccessControlEnumerable, MintingAccessControl} from "../../../access/MintingAccessControl.sol";
 
-
 abstract contract ImmutableERC1155Base is OperatorAllowlistEnforced, ERC1155Permit, ERC2981, MintingAccessControl {
     /// @dev Contract level metadata
     string public contractURI;

@@ -5,7 +5,8 @@ pragma solidity 0.8.19;
 import {ERC20Permit, ERC20} from "@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol";
 import {ERC20Burnable} from "@openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol";
 import {ERC20Capped} from "@openzeppelin/contracts/token/ERC20/extensions/ERC20Capped.sol";
-import {MintingAccessControl, AccessControl, IAccessControl} from "../../../access/MintingAccessControl.sol";
+import {AccessControl, IAccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";
+import {MintingAccessControl} from "../../../access/MintingAccessControl.sol";
 import {IImmutableERC20Errors} from "./Errors.sol";
 
 /**

@@ -197,13 +197,7 @@ abstract contract ImmutableERC721Base is OperatorAllowlistEnforced, MintingAcces
      */
     function supportsInterface(
         bytes4 interfaceId
-    )
-        public
-        view
-        virtual
-        override(ERC721Permit, ERC2981, AccessControlEnumerable)
-        returns (bool)
-    {
+    ) public view virtual override(ERC721Permit, ERC2981, AccessControlEnumerable) returns (bool) {
         return super.supportsInterface(interfaceId);
     }
 

@@ -52,13 +52,7 @@ abstract contract ImmutableERC721HybridBase is
     /// @dev Returns the supported interfaces
     function supportsInterface(
         bytes4 interfaceId
-    )
-        public
-        view
-        virtual
-        override(ERC721HybridPermit, ERC2981, AccessControlEnumerable)
-        returns (bool)
-    {
+    ) public view virtual override(ERC721HybridPermit, ERC2981, AccessControlEnumerable) returns (bool) {
         return super.supportsInterface(interfaceId);
     }
 

@@ -9,6 +9,8 @@ import {Schema} from "seaport-types/src/lib/ConsiderationStructs.sol";
  * @dev SIP-5: Contract Metadata Interface for Seaport Contracts
  *      https://github.com/ProjectOpenSea/SIPs/blob/main/SIPS/sip-5.md
  */
+// This contract name re-use is OK because the SIP5Interface is an interface and not a deployable contract.
+// slither-disable-next-line name-reused      
 interface SIP5Interface {
     /**
      * @dev An event that is emitted when a SIP-5 compatible contract is deployed.

@@ -7,6 +7,8 @@ pragma solidity ^0.8.17;
  * @notice SIP6EventsAndErrors contains errors and events
  *         related to zone interaction as specified in the SIP6.
  */
+// This contract name re-use is OK because the SIP6EventsAndErrors is an interface and not a deployable contract.
+// slither-disable-next-line name-reused      
 interface SIP6EventsAndErrors {
     /**
      * @dev Revert with an error if SIP6 version is not supported

@@ -7,6 +7,7 @@ pragma solidity ^0.8.17;
  * @notice SIP7EventsAndErrors contains errors and events
  *         related to zone interaction as specified in the SIP7.
  */
+
 interface SIP7EventsAndErrors {
     /**
      * @dev Emit an event when a new signer is added.

@@ -11,6 +11,8 @@ pragma solidity ^0.8.17;
  *         https://github.com/ProjectOpenSea/SIPs/blob/main/SIPS/sip-7.md
  *
  */
+// This contract name re-use is OK because the SIP7Interface is an interface and not a deployable contract.
+// slither-disable-next-line name-reused      
 interface SIP7Interface {
     /**
      * @dev The struct for storing signer info.

@@ -11,6 +11,8 @@ import {SIP5EventsAndErrors} from "./SIP5EventsAndErrors.sol";
  * @dev SIP-5: Contract Metadata Interface for Seaport Contracts
  *      https://github.com/ProjectOpenSea/SIPs/blob/main/SIPS/sip-5.md
  */
+// This contract name re-use is OK because the SIP5Interface is an interface and not a deployable contract.
+// slither-disable-next-line name-reused      
 interface SIP5Interface is SIP5EventsAndErrors {
     /**
      * @dev Returns Seaport metadata for this contract, returning the

@@ -8,6 +8,8 @@ pragma solidity ^0.8.17;
  * @notice SIP6EventsAndErrors contains errors and events
  *         related to zone interaction as specified in the SIP-6.
  */
+// This contract name re-use is OK because the SIP6EventsAndErrors is an interface and not a deployable contract.
+// slither-disable-next-line name-reused      
 interface SIP6EventsAndErrors {
     /**
      * @dev Revert with an error if SIP-6 version byte is not supported.

@@ -4,11 +4,11 @@
 // solhint-disable compiler-version
 pragma solidity ^0.8.17;
 
-import {Schema} from "seaport-types/src/lib/ConsiderationStructs.sol";
 import {SIP6EventsAndErrors} from "./SIP6EventsAndErrors.sol";
 
 /**
  * @dev SIP-6: Multi-Zone ExtraData
  *      https://github.com/ProjectOpenSea/SIPs/blob/main/SIPS/sip-6.md
  */
+// solhint-disable no-empty-blocks
 interface SIP6Interface is SIP6EventsAndErrors {}
@@ -8,6 +8,8 @@ pragma solidity ^0.8.17;
  * @notice SIP7EventsAndErrors contains errors and events
  *         related to zone interaction as specified in the SIP-7.
  */
+// This contract name re-use is OK because the SIP7EventsAndErrors is an interface and not a deployable contract.
+// slither-disable-next-line name-reused      
 interface SIP7EventsAndErrors {
     /**
      * @dev Emit an event when a new signer is added.

@@ -14,6 +14,8 @@ import {SIP7EventsAndErrors} from "./SIP7EventsAndErrors.sol";
  *         https://github.com/ProjectOpenSea/SIPs/blob/main/SIPS/sip-7.md
  *
  */
+// This contract name re-use is OK because the SIP7Interface is an interface and not a deployable contract.
+// slither-disable-next-line name-reused      
 interface SIP7Interface is SIP7EventsAndErrors {
     /**
      * @dev The struct for storing signer info.