OffchainLabs · spsjvc · May 5, 2025 · May 5, 2025 · May 5, 2025 · May 5, 2025
diff --git a/audit-ci.jsonc b/audit-ci.jsonc
@@ -2,70 +2,6 @@
   "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
   "low": true,
   "allowlist": [
-    // OpenZeppelin
-    ////////////
-    // https://github.com/advisories/GHSA-4g63-c64m-25w9
-    // OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
-    // We dont use EIP-1271
-    "GHSA-4g63-c64m-25w9",
-    // https://github.com/advisories/GHSA-qh9x-gcfh-pcrw
-    // OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
-    // We don't use ERC165Checker
-    "GHSA-qh9x-gcfh-pcrw",
-    // https://github.com/advisories/GHSA-7grf-83vw-6f5x
-    // OpenZeppelin Contracts ERC165Checker unbounded gas consumption
-    // We don't use ERC165Checker
-    "GHSA-7grf-83vw-6f5x",
-    // https://github.com/advisories/GHSA-xrc4-737v-9q75
-    // OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
-    // We don't use GovernorVotesQuorumFraction
-    "GHSA-xrc4-737v-9q75",
-    // https://github.com/advisories/GHSA-4h98-2769-gh6h
-    // OpenZeppelin Contracts vulnerable to ECDSA signature malleability
-    // We don’t use signatures for replay protection anywhere
-    "GHSA-4h98-2769-gh6h",
-    // https://github.com/advisories/GHSA-mx2q-35m2-x2rh
-    // OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
-    // from: @arbitrum/nitro-contracts>@openzeppelin/contracts-upgradeable
-    // from: arb-bridge-peripherals>@openzeppelin/contracts-upgradeable
-    // from: arb-bridge-peripherals>arb-bridge-eth>@openzeppelin/contracts-upgradeable
-    // from: @arbitrum/nitro-contracts>@openzeppelin/contracts
-    // from: arb-bridge-peripherals>@openzeppelin/contracts
-    // from: arb-bridge-peripherals>arb-bridge-eth>@openzeppelin/contracts
-    // Clashing selector between proxy and implementation can only be caused deliberately
-    "GHSA-mx2q-35m2-x2rh",
-    // https://github.com/advisories/GHSA-93hq-5wgc-jc82
-    // GovernorCompatibilityBravo may trim proposal calldata
-    // from: @arbitrum/nitro-contracts>@openzeppelin/contracts-upgradeable
-    // from: @arbitrum/nitro-contracts>@openzeppelin/contracts
-    // We don't use GovernorCompatibilityBravo
-    "GHSA-93hq-5wgc-jc82",
-    // https://github.com/advisories/GHSA-5h3x-9wvq-w4m2
-    // OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
-    // from: @arbitrum/nitro-contracts>@openzeppelin/contracts-upgradeable
-    // from: @arbitrum/nitro-contracts>@openzeppelin/contracts
-    // We don't use Governor or GovernorCompatibilityBravo
-    "GHSA-5h3x-9wvq-w4m2",
-    // https://github.com/advisories/GHSA-g4vp-m682-qqmp
-    // OpenZeppelin Contracts vulnerable to Improper Escaping of Output
-    // from: @arbitrum/nitro-contracts>@openzeppelin/contracts-upgradeable
-    // from @arbitrum/nitro-contracts>@openzeppelin/contracts
-    // We don't use ERC2771Context
-    "GHSA-g4vp-m682-qqmp",
-    // https://github.com/advisories/GHSA-wprv-93r4-jj2p
-    // OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
-    // we don't use oz/merkle-trees anywhere
-    // from @arbitrum/nitro-contracts>@offchainlabs/upgrade-executor>@openzeppelin/contracts-upgradeable
-    // from @arbitrum/nitro-contracts>@offchainlabs/upgrade-executor>@openzeppelin/contracts
-    "GHSA-wprv-93r4-jj2p",
-    // https://github.com/advisories/GHSA-9vx6-7xxf-x967
-    // OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
-    // we don't use the base64 functions
-    // from: @arbitrum/nitro-contracts>@openzeppelin/contracts-upgradeable
-    // from: @arbitrum/token-bridge-contracts>@openzeppelin/contracts-upgradeable
-    // from: @arbitrum/nitro-contracts>@openzeppelin/contracts
-    // from: @arbitrum/token-bridge-contracts>@openzeppelin/contracts
-    "GHSA-9vx6-7xxf-x967",
     // https://github.com/advisories/GHSA-584q-6j8j-r5pm
     // secp256k1-node allows private key extraction over ECDH
     // We're using eliptic 5.0.7 which doesn't contain the issue

diff --git a/src/contracts/TokenBridgeCreator/L2AtomicTokenBridgeFactory/index.ts b/src/contracts/TokenBridgeCreator/L2AtomicTokenBridgeFactory/index.ts
@@ -0,0 +1,2 @@
+// export the latest version
+export * from './v1.2';
diff --git a/src/contracts/TokenBridgeCreator/L2AtomicTokenBridgeFactory/v1.2.ts b/src/contracts/TokenBridgeCreator/L2AtomicTokenBridgeFactory/v1.2.ts
diff --git a/src/createTokenBridge-ethers.ts b/src/createTokenBridge-ethers.ts
@@ -3,26 +3,22 @@ import { BigNumber, ContractFactory, ethers } from 'ethers';
 import { ParentToChildMessageGasEstimator } from '@arbitrum/sdk';
 import { getBaseFee } from '@arbitrum/sdk/dist/lib/utils/lib';
 import { RollupAdminLogic__factory } from '@arbitrum/sdk/dist/lib/abi/factories/RollupAdminLogic__factory';
-import L1AtomicTokenBridgeCreator from '@arbitrum/token-bridge-contracts/build/contracts/contracts/tokenbridge/ethereum/L1AtomicTokenBridgeCreator.sol/L1AtomicTokenBridgeCreator.json';
-import L2AtomicTokenBridgeFactory from '@arbitrum/token-bridge-contracts/build/contracts/contracts/tokenbridge/arbitrum/L2AtomicTokenBridgeFactory.sol/L2AtomicTokenBridgeFactory.json';
+
 import { applyPercentIncrease } from './utils/gasOverrides';
 import { TransactionRequestRetryableGasOverrides } from './createTokenBridgePrepareTransactionRequest';
 import { registerNewNetwork } from './utils/registerNewNetwork';
 import { publicClientToProvider } from './ethers-compat/publicClientToProvider';
 
-type NamedFactory = ContractFactory & { contractName: string };
-const NamedFactoryInstance = (contractJson: {
-  abi: any;
-  bytecode: string;
-  contractName: string;
-}): NamedFactory => {
-  const factory = new ContractFactory(contractJson.abi, contractJson.bytecode) as NamedFactory;
-  factory['contractName'] = contractJson.contractName;
-  return factory;
-};
+import { tokenBridgeCreatorABI as l1TokenBridgeCreatorABI } from './contracts/TokenBridgeCreator';
+import {
+  l2AtomicTokenBridgeFactoryABI,
+  l2AtomicTokenBridgeFactoryBytecode,
+} from './contracts/TokenBridgeCreator/L2AtomicTokenBridgeFactory';
 
-// import from token-bridge-contracts directly to make sure the bytecode is the same
-const L2AtomicTokenBridgeFactory__factory = NamedFactoryInstance(L2AtomicTokenBridgeFactory);
+const L2AtomicTokenBridgeFactory__factory = new ContractFactory(
+  l2AtomicTokenBridgeFactoryABI,
+  l2AtomicTokenBridgeFactoryBytecode,
+);
 
 export type CreateTokenBridgeGetInputsResult = {
   inbox: Address;
@@ -149,7 +145,7 @@ const getEstimateForDeployingFactory = async (
 }> => {
   const L1AtomicTokenBridgeCreator__factory = new ethers.Contract(
     l1TokenBridgeCreatorAddress,
-    L1AtomicTokenBridgeCreator.abi,
+    l1TokenBridgeCreatorABI,
   );
   const l1TokenBridgeCreator = L1AtomicTokenBridgeCreator__factory.connect(l1Provider);
 
@@ -190,7 +186,7 @@ async function getEstimateForDeployingContracts(
 }> {
   const L1AtomicTokenBridgeCreator__factory = new ethers.Contract(
     l1TokenBridgeCreatorAddress,
-    L1AtomicTokenBridgeCreator.abi,
+    l1TokenBridgeCreatorABI,
   );
   const l1TokenBridgeCreator = L1AtomicTokenBridgeCreator__factory.connect(l1Provider);
 

diff --git a/src/package.json b/src/package.json
@@ -52,7 +52,6 @@
   },
   "dependencies": {
     "@arbitrum/sdk": "^4.0.2",
-    "@arbitrum/token-bridge-contracts": "^1.2.2",
     "@offchainlabs/fund-distribution-contracts": "^1.0.1",
     "@safe-global/protocol-kit": "^4.0.2",
     "ethers": "^5.7.2"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		// export the latest version
		export * from './v1.2';