fix(deploy): require explicit sender on all production chains#47
Conversation
BaseScript's production guard only covered mainnet + optimism, so a Base/Arbitrum (or any other non-testnet) broadcast could silently fall back to the public TEST_MNEMONIC key. Invert to an allow-list of local/testnet chains; every other chain must pass ETH_FROM. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Claude finished @rplusq's task in 1m 7s —— View job Review
✅ No issues found The allowlist inversion is correct. The original denylist covered only mainnet + optimism, leaving Base, Arbitrum, and any future production chain silently unguarded. The new approach fails safe by default — any chain not explicitly allowlisted requires Chain IDs verified:
Logic is sound: the |
Add arbitrum (42161) and base (8453) to the existing production-chain sender guard rather than inverting to a testnet allow-list. Keeps the diff minimal and matches the existing style; covers the concrete set of production chains we deploy to. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Reworked: instead of inverting to a testnet allow-list, this now just adds the missing production chains (arbitrum |
Consistent with the mainnet/optimism entries. Note forge-std's alias is arbitrum_one (not arbitrum). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
BaseScript's production guard only covered mainnet + optimism, so a Base/Arbitrum (or any other non-testnet) broadcast could silently fall back to the public
TEST_MNEMONICkey. Invert the guard to an allow-list of local/testnet chains; every other chain must passETH_FROM.🤖 Generated with Claude Code