v2.5.0

2.5.0 - 20240910

Features

• Add ERC-1643 (part of ERC-1400) for document management through an optional external contract called DocumentEngine [Add ERC-1643 support #267](#267)
• Externalize the Debt and CreditEvent module to an optional external contract called DebtEngine Add DebtEngine #271
• CMTAT version compatible with UUPS proxy : more gas efficient than Transparent Proxy + no need of a proxy admin contract. See Upgradable Smart Contracts - What is a Smart Contract Proxy Pattern? [Add UUPS proxy support #270](#270)
• Remove flag attribute, present since v2.3.0, which was not really used. [ #266](#266)

Technical

• Change Solidity version to 0.8.27 (latest)
• Change EVM version to Cancun
• Remove truffle from dependencies, replaced by Hardhat. See Consensys Announces the Sunset of Truffle and Ganache and New Hardhat Partnership
• Proxy Factory
  • use create2 with the library Create2 from OpenZeppelin:
• Implement ERC-7201 to manage memory to reduce memory collision when upgrading a proxy to a new implementation. [Use erc-7201 for namespace #272](#272)

v2.5.0-rc0

2.5.0-rc.0 - 20240809

Features

• Add ERC-1643 (part of ERC-1400) for document management through an optional external contract called DocumentEngine (not yet available) [Add ERC-1643 support #267](#267)
• Externalize the Debt and CreditEvent module to an optional external contract called DebtEngine (not yet available) Add DebtEngine #271
• CMTAT version compatible with UUPS proxy : more gas efficient than Transparent Proxy + no need of a proxy admin contract. See Upgradable Smart Contracts - What is a Smart Contract Proxy Pattern? [Add UUPS proxy support #270](#270)
• Remove flag attribute, present since v2.3.0, which was not really used. [ #266](#266)

Technical

• Change Solidity version to 0.8.26 (latest)
• Change EVM version to Cancun
• Remove truffle from dependencies, replaced by Hardhat. See Consensys Announces the Sunset of Truffle and Ganache and New Hardhat Partnership
• Proxy Factory
  • use create2 with the library Create2 from OpenZeppelin:
• Implement ERC-7201 to manage memory to reduce memory collision when upgrading a proxy to a new implementation. [Use erc-7201 for namespace #272](#272)

v2.4.0

Main goals of this release

• Improve the flexibility of the CMTAT
• Reduce the actual code size
• Reduce gas deployment through factory

New architecture for the RuleEngine #250

• A new function operateOnTransfer is added and used inside the ValidationModule.
• Contrary to validateTransfer, operateOnTransfer has to be protected by an access control (if not implemented as view or pure)
• This function can be used to perform operation which modifies the state of the blockchain (storage) by the RuleEngine.
• The RuleEngine inherits now from IRuleEngine which contains in its interface the function operateOnTransfer + IERC-1404
• The function validateTransfer is still available to verify a transfer without performing operation. The behavior is the same than with the previous CMTAT version.
• Add new interfaces IERC1404EnumCode to only contain restriction code, in order to be used in the RuleEngine

SnapshotModule #256

• Create an interface ICMTATSnapshot with the main public functions to simplify the calls to a contract with a snapshotModule, for example useful for debt payment.
• Imported by default again since the whole code can no longer be considered as "audited" now
• Split the snapshotModuleInternal in two parts: one with the inheritance with ERC-20 and the other part with the base function and does not inherit from ERC-20.
  Thus, if we want to build a snapshotModule with the RuleEngine, we can use the base contract to avoid the inheritance with ERC-20.
• Add twos functions to reduce number of call when computing debt payment
  --SnapshotInfo to get a user's balance and the total supply
  --SnapshotInfoBatch to get several user's balances and the total supply
  --SnapshotInfoBatch to get several user's balances and the total supply for several different times

ERC20BaseModule (Done)
-- Add a function balanceInfo to get the balance for two addresses and the total supply
Useful to perform transfer restriction based on the user's balance.

AuthorizationEngine #254

• Add the AuthorizationEngine. With that, it is possible to add supplementary check on the functions grantRole and revokeRolewithout modifying the CMTAT.
• Remove inheritance with AccessControlDefaultAdminRulesUpgradeable, introduces in the version 2.3.1, from OpenZeppelin since this contract is difficult to manage and increases also the smart contract code size.

BurnModule

• rename forceBurn and forceBurnBatch toburn and burnBatch
• Add a function burnFrom with a specific role (useful for bridge) for compatibility with CCIP #260
• Add a function burnAndMint to perform a burn/mint operation atomically.

ValidationModule
Create an internal function _validateTransferByModule which performs check with others module (PauseModule & EnforcementModule)

Gas optimization

• Add factory contract for deployment with transparent and beacon proxy #259
• Remove useless init function in internal modules (Done) #237

Other

• Remove custom approval function #225
• Upgrade some JS libraries
• Upgrade OpenZeppelin to the version v5.0.2

v2.4.0-rc2

The modifications between the version v2.3.0 and this version are not audited !!

• Add a second function SnapshotInfoBatch to get several user's balances and the total supply for several different times.
• Add new interfaces IERC1404EnumCode to only contain restriction code, in order to be used in the RuleEngine.

v2.4.0-rc1

The modifications between the version v2.3.0 and this version are not audited !!!

This intermediate release adds mainly functions to retrieve information from the snapshotModule or the ERC20BaseModule in batch for gas optimization. It is useful for:
-Dividend payment based on the user's balance (snapshot)
-Transfer restriction bases on the user's balance (vesting rule or partial lock)

snapshotModule

• Create an interface ICMTATSnapshot with the main public functions for the SnapshotModule to make easier the calls to a contract including a snapshotModule, useful e.g. for debt payment.
• Replace getSnapshotInfoBatch by SnapshotInfo. This function gets a user's balance specified in parameter and the total supply.
• Add a new function SnapshotInfoBatch to get several user's balances and the total supply.

ERC20BaseModule
Add a function balanceInfo to get the balance for a list of addresses and the total supply
Useful to perform transfer restriction based on the user's balance (e.g vesting rule or partial lock).

ValidationModule
Create an internal function _validateTransferByModule which performs check with others module (PauseModule & EnforcementModule)

Other

• Upgrade OpenZeppelin to the version [v5.0.2](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/releases/tag/v5.0.2)
• Upgrade Solidity to the version [0.8.22](https://soliditylang.org/blog/2023/10/25/solidity-0.8.22-release-announcement/) in the truffle and hardhat config files. Remove useless uncheck optimization since the version 0.8.22 introduces an overflow check optimization.

v2.4.0-rc0

New architecture for the RuleEngine [#250](#250)

• A new function operateOnTransfer is added and use inside the ValidationModule.
• Contrary to validateTransfer, this function has to be protected by an access control (if not implemented as view or pure)
• This function can be used to perform operation which modifies the state of the blockchain (storage) by the RuleEngine.
• The RuleEngine inherits now from IRuleEngine wich contains in its interface the function operateOnTransfer + IERC-1404
• The function validateTransfer is still available to verify a transfer without performing operation. The behavior is the same than with the previous CMTAT version.

snapshotModule [#256](#256)

• Split the snapshotModuleInternal in two parts : one with the inheritance with ERC-20 and the other part with the base function and does not inherit from ERC-20.
  Thus, if we want to build a snapshotModule with the RuleEngine, we can use the base contract to avoid the inheritance with ERC-20.
• Add a function getSnapshotInfoBatch to avoid multiple calls when computing debt payment

AuthorizationEngine [#254](#254)

• Add the AuthorizationEngine. With that, it is possible to add supplementary check on the functions grantRole and revokeRolewithout modifying the CMTAT.

BurnModule

• rename forceBurn and forceBurnBatch in burn and burnBatch
• Add a function burnFrom with a specific role (useful for bridge) for compatibility with CCIP [Ccip #260](#260)
• Add a function burnAndMint to perform a burn/mint operation atomically.

Gas optimization

• Add factory contract for deployment with Transparent and beacon proxy [Contract factory #259](#259)
• Remove useless init function in internal modules (Done) [remove init functions in wrapper modules #237](#237)

Other

• Remove custom approval function [Remove custom function allowance #225](#225) (Done)
• upgrade some JS libraries
• Upgrade OpenZeppelin to the version [v5.0.1](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/releases/tag/v5.0.1)

v2.3.1

The modifications between the version v2.3.0 and this version are not audited !!!

• Remove useless functions init in wrapper modules #230
• Add missing tests in EnforcementModule #239
• Use calldata instead of memory #224
• Upgrade OpenZeppelin to the version v5.0.0

v2.3.1-rc.0

The modification between the version v2.3.0 and this version are not audited !!!

Summary

Architecture

• The directory mandatory is renamed in core (#222)
• The directory optional is renamed in extensions (#222)
• Creation of a directory controllers which for the moment contains only the ValidationModule (#222)
• Rename contract and init function for ERC20BurnModule, ERC20MintModule, ERC20SnapshotModule to clearly indicate the inheritance from ERC20 interface (#226)

Gas optimization

• Add a batch version for the burn, mint and transfer functions (see #51)
• Use custom error instead of string error message (#217)
  See Defining Industry Standards for Custom Error Messages
• Optimize the SnapshotModule
  A big thanks to mariogutval and diego-G from 21.co for their contribution to the two last improvements.

Other

• Add ERC20 decimals as an argument of the initialize function (#213)
  Until now, the number of decimal was set inside the code to the value 0
  This release changes this behavior to use instead a parameter supplied by the deployer inside the function initialize.
• Add a constant VERSION to indicate the current version of the token (#229)
• Implement an alternative to the kill function (#221)

The alternative function is the function deactivateContract inside the PauseModule, to deactivate the contract. This function set a boolean state variable isDeactivated to true and puts the contract in the pause state. The function unpauseis updated to revert if the previous variable is set to true, thus the contract is in the pause state "forever".

The consequences are the following:

In standalone mode, this operation is irreversible, it is not possible to rollback.

With a proxy, it is still possible to rollback by deploying a new implementation.

Tools

• Update the Solidity version to 0.8.20, which is a requirement for the new OpenZeppelin version (5.0.0)
• Run tests with Hardhat instead of Truffle since Truffle does not support custom errors (#217)
• Update OpenZeppelin to the version v5.0.0-rc.0

Security

• Add new control on the DEFAULT_ADMIN_ROLE by inheriting AccessControlDefaultAdminRules (#220)
  This contract implements the following risk mitigations on top of AccessControl:

Only one account holds the DEFAULT_ADMIN_ROLE since deployment until it’s potentially renounced.

Enforces a 2-step process to transfer the DEFAULT_ADMIN_ROLE to another account.

Enforces a configurable delay between the two steps, with the ability to cancel before the transfer is accepted.

• Add a function transferadminshipDirectly (#226)
• Remove the module OnlyDelegateCallModule since it was used to protect the function kill, which has been removed in this version (#221).

v2.3.0

An audit was performed by ABDK on the version 2.2 and this version contains the different improvement suggested by the report

• Add Truffle CI workflow
  A big thank you to diego-G / 21.co for his contribution
• Add Truffle plugin eth-gas-reporter
• Add security policy

See also v2.3.0-rc0 for more details

1.0.1

This release contains two modifications of the CMTAT 1.0

• Lock the implementation contract at deployment

  constructor(){
    // Disable the possibility to initialize the implementation
    _disableInitializers();
  }

• Forbid to call the kill function directly on the implementation contract.

This release can be only used to perform an upgrade of the CMTAT 1.0.

This release contains also a modification of the OpenZeppelin library, precisely this file : utils/Initializable.sol#L56

    function _disableInitializers() internal virtual {
        _initialized = true;
    }