Atlas v1.6.4 upgrade

Description

The ArbSys contract is a pre-compile contract deployed on the arbitrum chain. It is not implemented in Solidity and therefore the code that resides there is just a placeholder. It is implemented in Go instead as part of the nitro repo.

Recommendation

Consider changing the comment to refer to ArbSys.go#L35 instead.

Fastlane

Fixed in PR-3

Cantina

Fix verified.

Description

The metacall() function currently refunds the bundler by sending any leftover native tokens back to msg.sender. However, this approach assumes that the sender is capable of receiving native tokens, which might not always be the case — for instance, if the sender is a contract that does not implement a payable fallback function.

Recommendation

Consider allowing the caller to specify a dedicated refund recipient address, similar to the gasRefundBeneficiary() pattern. This would make refunds more flexible and prevent potential failures when sending native tokens.
However, note that changing the refund mechanism could impact backward compatibility with existing integrations that rely on the current behavior. Carefully assess this trade-off before implementation.

Fastlane

Acknowledging the issue, prefers to improve documentation for bundlers instead of implementing the recommended fix.

Description

Both _verifySolverSignature() and _verifyDAppSignature() utilize ECDSA.tryRecover(), which returns an error code along with address(0) when the signature is invalid.
However, both functions currently ignore the returned error code. While the impact is limited — since _verifyDAppSignature() will eventually revert due to the address(0) result — the handling in _verifySolverSignature() is unclear, as it was outside the scope of this engagement.

Recommendation

Explicitly handle the error code returned by tryRecover() and revert in case of any error.
This would improve code clarity and ensure consistent behavior across all signature verification paths.

Fastlane

Fixed in PR-1.

Cantina

Fix verified.