cannon: use constant instead of magic value for solidity part

[Inphi]

ref: #12484
This is a follow-up PR for #12386 one, which does the same to the solidity part.

[semgrep-app]

Semgrep found 3 golang_fmt_errorf_no_params findings:

• op-chain-ops/deployer/state/intent.go
  • L75 - Triage
  • L83 - Triage
• op-chain-ops/deployer/bootstrap/bootstrap.go
  • L59 - Triage

No fmt.Errorf invocations without fmt arguments allowed

_{Ignore this finding from golang_fmt_errorf_no_params.}

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 64.86%. Comparing base (1e59d08) to head (a84a2e4).
Report is 62 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #12486      +/-   ##
===========================================
- Coverage    65.04%   64.86%   -0.18%     
===========================================
  Files           54       54              
  Lines         4460     4460              
===========================================
- Hits          2901     2893       -8     
- Misses        1382     1391       +9     
+ Partials       177      176       -1     

Flag	Coverage Δ
cannon-go-tests	64.86% <ø> (-0.18%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 1 file with indirect coverage changes

[semgrep-app]

Semgrep found 1 golang_fmt_errorf_no_params finding:

• op-supervisor/supervisor/backend/db/db_test.go
  • L280 - Triage

No fmt.Errorf invocations without fmt arguments allowed

_{Ignore this finding from golang_fmt_errorf_no_params.}

Semgrep found 6 sol-style-input-arg-fmt findings:

• packages/contracts-bedrock/src/L2/interfaces/ISuperchainWETH.sol
  • L20 - Triage
  • L25 - Triage
  • L26 - Triage
  • L29 - Triage
  • L30 - Triage
  • L32 - Triage

Inputs to functions must be prepended with an underscore (_)

_{Ignore this finding from sol-style-input-arg-fmt.}

Semgrep found 1 math-random-used finding:

• op-supervisor/supervisor/backend/source/head_monitor_test.go
  • L7 - Triage

Do not use math/rand. Use crypto/rand instead.

_{Ignore this finding from math-random-used.}

Semgrep found 1 marshal-json-pointer-receiver finding:

• op-supervisor/supervisor/backend/db/heads/types.go
  • L99 - Triage

MarshalJSON with a pointer receiver has surprising results: golang/go#22967

_{Ignore this finding from marshal-json-pointer-receiver.}

Semgrep found 1 err-nil-check finding:

• op-supervisor/supervisor/backend/db/db.go
  • L108-112 - Triage

superfluous nil err check before return

_{Ignore this finding from err-nil-check.}

[semgrep-app]

Semgrep found 1 sol-style-require-reason finding:

• packages/contracts-bedrock/src/L2/SuperchainWETH.sol
  • L95 - Triage

require() must include a reason string

_{Ignore this finding from sol-style-require-reason.}

Semgrep found 5 sol-style-input-arg-fmt findings:

• packages/contracts-bedrock/src/L2/SuperchainWETH.sol
  • L35 - Triage
  • L41 - Triage
  • L62 - Triage
  • L86 - Triage
  • L94 - Triage

Inputs to functions must be prepended with an underscore (_)

_{Ignore this finding from sol-style-input-arg-fmt.}

[semgrep-app]

Semgrep found 1 no-direct-write-to-responsewriter finding:

• op-challenger/game/fault/trace/prestates/multi_test.go
  • L194 - Triage

Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'.

_{Ignore this finding from no-direct-write-to-responsewriter.}

Semgrep found 1 no-direct-write-to-responsewriter-taint finding:

• op-challenger/game/fault/trace/prestates/multi_test.go
  • L194 - Triage

Untrusted input could be used to tamper with a web page rendering, which can lead to a Cross-site scripting (XSS) vulnerability. XSS vulnerabilities occur when untrusted input executes malicious JavaScript code, leading to issues such as account compromise and sensitive information leakage. To prevent this vulnerability, validate the user input, perform contextual output encoding or sanitize the input. For more information, see: Go XSS prevention.

View Dataflow Graph

flowchart LR
    classDef invis fill:white, stroke: none
    classDef default fill:#e7f5ff, color:#1c7fd6, stroke: none

    subgraph File0["<b>op-challenger/game/fault/trace/prestates/multi_test.go</b>"]
        direction LR
        %% Source

        subgraph Source
            direction LR

            v0["<a href=https://github.com/ethereum-optimism/optimism/blob/2ab49867cbd71c2eee68fd81d7070a1930a1a97f/op-challenger/game/fault/trace/prestates/multi_test.go#L194 target=_blank style='text-decoration:none; color:#1c7fd6'>[Line: 194] r.URL</a>"]
        end
        %% Intermediate

        %% Sink

        subgraph Sink
            direction LR

            v1["<a href=https://github.com/ethereum-optimism/optimism/blob/2ab49867cbd71c2eee68fd81d7070a1930a1a97f/op-challenger/game/fault/trace/prestates/multi_test.go#L194 target=_blank style='text-decoration:none; color:#1c7fd6'>[Line: 194] w.Write([]byte(r.URL.Path))</a>"]
        end
    end
    %% Class Assignment
    Source:::invis
    Sink:::invis

    File0:::invis

    %% Connections

    Source --> Sink

Loading

_{Ignore this finding from no-direct-write-to-responsewriter-taint.}