Unsafe cast in `ScrollChain.finalizeBundleWithProof`

[barakman]

In case you've missed it (since this issue is typically easy to miss), in the aforementioned contract function, you are performing an unsafe cast:

uint32(_batchIndex - _finalizedBatchIndex), // numBatches

If the value of _batchIndex - _finalizedBatchIndex is larger than type(uint32).max, then the expression above will be evaluated incorrectly, instead of reverting the transaction at hand on overflow (as it should).

You can either add this as a preliminary requirement, prior to the code above:

require(_batchIndex - _finalizedBatchIndex <= type(uint32).max);

Or you can replace that cast with a call to OpenZeppelin's de-facto standard library function SafeCast.toUint32:

SafeCast.toUint32(_batchIndex - _finalizedBatchIndex), // numBatches

[Thegaram]

Thank you for reporging this. Given our current rate of batch production, this value is guaranteed to fit into uint32.