TOB-FUEL-37: Ethabi dependency is no longer maintained

[xgreenx]

Description

The ethabi dependency is no longer maintained. More details on 4. of September 2023.

Because the Fuel system does not have server components which parse user provided ABI specifications, this does not pose a security risk to Fuel.

Recommendations

Short term, upgrade ethabi as soon as a fixed version is released.
Long term, consider switching to an alternative library like ethers-rs. Note that the current version of ethers-rs is also vulnerable to the same bug as ethabi, so make sure to update the library if fixes are released.

[xgreenx]

We've upgraded the fuel-core to use ethers 2 #1390. But the problem is still present there.

As mentioned in the description, it doesn't affect us because we don't have a server part. So the problem is not super relevant. But we will keep this issue open for now to track the upgrade to the ethers when the fix is available.

[xgreenx]

It seems that we need to migrate to alloy when it is ready gakonst/ethers-rs#2667

[AurelienFT]

Be careful, I tried to check (and even asked on their Telegram and I got ghosted) if an equivalent was existing for QuorumProvider in alloy and didn't found any.

[rymnc]

Be careful, I tried to check (and even asked on their Telegram and I got ghosted) if an equivalent was existing for QuorumProvider in alloy and didn't found any.

we will probably have to re-implement it the same way as ethers-rs does, maybe it can go into its own repo