[Contract Verification] Sophon Mainnet contract verification problem. The SafeL2 contract could not be verified.

[DenSmolonski]

Team or Project

Protofire Safe

Environment

Mainnet

Block Explorer

https://explorer.zksync.io/

Issue Type

• Plugin
• Block Explorer

Contract Address

0x610fcA2e0279Fa1F8C00c8c2F71dF522AD469380

Compiler Type

Multi-part contract

zkSolc Version

1.5.4

Solc Version

0.7.6

Contract Name

SafeL2.sol

Contract Code

// SPDX-License-Identifier: LGPL-3.0-only
pragma solidity >=0.7.0 <0.9.0;

import "./Safe.sol";

/**

• @title SafeL2 - An implementation of the Safe contract that emits additional events on transaction executions.

• @notice For a more complete description of the Safe contract, please refer to the main Safe contract Safe.sol.

• @author Stefan George - @Georgi87

• @author Richard Meissner - @rmeissner
  */
  contract SafeL2 is Safe {
  event SafeMultiSigTransaction(
  address to,
  uint256 value,
  bytes data,
  Enum.Operation operation,
  uint256 safeTxGas,
  uint256 baseGas,
  uint256 gasPrice,
  address gasToken,
  address payable refundReceiver,
  bytes signatures,
  // We combine nonce, sender and threshold into one to avoid stack too deep
  // Dev note: additionalInfo should not contain bytes, as this complicates decoding
  bytes additionalInfo
  );

  event SafeModuleTransaction(address module, address to, uint256 value, bytes data, Enum.Operation operation);

  // @inheritdoc Safe
  function execTransaction(
  address to,
  uint256 value,
  bytes calldata data,
  Enum.Operation operation,
  uint256 safeTxGas,
  uint256 baseGas,
  uint256 gasPrice,
  address gasToken,
  address payable refundReceiver,
  bytes memory signatures
  ) public payable override returns (bool) {
  bytes memory additionalInfo;
  {
  additionalInfo = abi.encode(nonce, msg.sender, threshold);
  }
  emit SafeMultiSigTransaction(
  to,
  value,
  data,
  operation,
  safeTxGas,
  baseGas,
  gasPrice,
  gasToken,
  refundReceiver,
  signatures,
  additionalInfo
  );
  return super.execTransaction(to, value, data, operation, safeTxGas, baseGas, gasPrice, gasToken, refundReceiver, signatures);
  }

  // @inheritdoc Safe
  function execTransactionFromModule(
  address to,
  uint256 value,
  bytes memory data,
  Enum.Operation operation
  ) public override returns (bool success) {
  emit SafeModuleTransaction(msg.sender, to, value, data, operation);
  success = super.execTransactionFromModule(to, value, data, operation);
  }
  }

Constructor Arguments

The are no arguments

Hardhat Verify Plugin Version

^1.6.0

Repo Link (Optional)

https://github.com/safe-global/safe-smart-account

Additional Details

Hi there.

We have encountered issue during smart contract verification. The issue log below. We have tried verify contract using --suppress-errors sendtransfer without any success. Any help would be greatly appreciated!

Address - https://explorer.sophon.xyz/address/0x610fcA2e0279Fa1F8C00c8c2F71dF522AD469380#contract
Smart contract verification URL - https://verification-explorer.sophon.xyz/contract_verification

contracts/SafeL2.sol:1248:5: Warning: Function state mutability can be restricted to pure
    function getChainId() public view returns (uint256) {
    ^ (Relevant source part starts here and spans across multiple lines).

Warning: You are checking for 'tx.origin', which might lead to unexpected behavior.

ZKsync Era comes with native account abstraction support, and therefore the initiator of a
transaction might be different from the contract calling your code. It is highly recommended NOT
to rely on tx.origin, but use msg.sender instead.

Learn more about Account Abstraction at https://docs.zksync.io/build/developer-reference/account-abstraction/

You may disable this warning with:
    a. `suppressedWarnings = ["txorigin"]` in standard JSON.
    b. `--suppress-warnings txorigin` in the CLI.
     --> contracts/SafeL2.sol:1135:73
      |
 1135 |         address payable receiver = refundReceiver == address(0) ? payable(tx.origin) : refundReceiver;
      |                                                                           ^^^^^^^^^

Error: You are using '<address payable>.send/transfer(<X>)' without providing the gas amount.
Such calls will fail depending on the pubdata costs.

Please use 'payable(<address>).call{value: <X>}("")' instead, but be careful with the
reentrancy attack. `send` and `transfer` send limited amount of gas that prevents reentrancy,
whereas `<address>.call{value: <X>}` sends all gas to the callee.

In Solidity v0.4, where there is no `payable` type, this may be a false positive
if `using X for address` is used with `X` implementing its own `send` or `transfer` functions.

Learn more about reentrancy at https://docs.soliditylang.org/en/latest/security-considerations.html#reentrancy

You may disable this error with:
    1. `suppressedErrors = ["sendtransfer"]` in standard JSON.
    2. `--suppress-errors sendtransfer` in the CLI.
     --> contracts/SafeL2.sol:1139:19
      |
 1139 |             require(receiver.send(payment), "GS011");
      |                     ^^^^^^^^^^^^^^^^^^^^^^ 

[gleenai[bot]]

It appears you are encountering issues with contract verification on the Sophon Mainnet using the ZKsync block explorer. The errors and warnings you've shared indicate specific Solidity practices that might be problematic on the ZKsync Era network, particularly concerning the use of tx.origin and the .send/.transfer methods without specifying gas amounts.

Here are a few steps and recommendations to address these issues:

1. Replace tx.origin with msg.sender: As the warning suggests, relying on tx.origin can lead to unexpected behavior due to account abstraction on ZKsync Era. Update your contract to use msg.sender where applicable.

2. Modify .send/.transfer Calls: Instead of using .send or .transfer, which provide limited gas and can lead to failures, consider using the .call method with specified gas values. This change requires careful handling to avoid reentrancy attacks, as .call sends all available gas by default.

3. Suppress Specific Warnings and Errors: If you are certain that the warnings and errors can be safely ignored in your context, you can suppress them using the suppressedWarnings and suppressedErrors options in your Hardhat configuration. However, this should be done with caution as it may mask important security considerations.

4. Review and Update Contract Logic: Given the unique constraints and features of the ZKsync Era, review your contract's logic and interactions to ensure compatibility and security. Consider consulting the ZKsync Era documentation on account abstraction for more detailed guidance.

5. Reattempt Verification: After making the necessary modifications, try verifying the contract again using the Hardhat verify plugin with the updated settings.

If these steps do not resolve the issue, or if you need further assistance, consider reaching out for more specific support through the ZKsync developers discussions on Github. This platform can provide more tailored advice for your situation.

Your feedback helps us serve you better. If this fully addresses your question, please give it a thumbs up. If it doesn't, please give it a thumbs down. This will inform the community and team so we can improve our support.

[JackHamer09]

@DenSmolonski hey! More info about your issue would be helpful, for example:

• Is the log for verification and not compilation?
• Which tool are you using to verify contact? Explorer UI / hardhat / foundry

[DenSmolonski]

1. This is log for verification.
2. I used hardhat and Explorer UI

[JackHamer09]

@DenSmolonski I would also need full step-by-step reproduction scenario to help you debug this and narrow down the scope.