Skip to content

v2.3.1-rc.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@rya-sge rya-sge released this 25 Sep 14:13
· 109 commits to master since this release
v2.3.1-rc.0
0c23629
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

The modification between the version v2.3.0 and this version are not audited !!!

Summary

Architecture

  • The directory mandatory is renamed in core (#222)
  • The directory optional is renamed in extensions (#222)
  • Creation of a directory controllers which for the moment contains only the ValidationModule (#222)
  • Rename contract and init function for ERC20BurnModule, ERC20MintModule, ERC20SnapshotModule to clearly indicate the inheritance from ERC20 interface (#226)

Gas optimization

Other

  • Add ERC20 decimals as an argument of the initialize function (#213)
    Until now, the number of decimal was set inside the code to the value 0
    This release changes this behavior to use instead a parameter supplied by the deployer inside the function initialize.
  • Add a constant VERSION to indicate the current version of the token (#229)
  • Implement an alternative to the kill function (#221)

The alternative function is the function deactivateContract inside the PauseModule, to deactivate the contract. This function set a boolean state variable isDeactivated to true and puts the contract in the pause state. The function unpauseis updated to revert if the previous variable is set to true, thus the contract is in the pause state "forever".

The consequences are the following:

In standalone mode, this operation is irreversible, it is not possible to rollback.

With a proxy, it is still possible to rollback by deploying a new implementation.

Tools

  • Update the Solidity version to 0.8.20, which is a requirement for the new OpenZeppelin version (5.0.0)
  • Run tests with Hardhat instead of Truffle since Truffle does not support custom errors (#217)
  • Update OpenZeppelin to the version v5.0.0-rc.0

Security

  • Add new control on the DEFAULT_ADMIN_ROLE by inheriting AccessControlDefaultAdminRules (#220)
    This contract implements the following risk mitigations on top of AccessControl:

Only one account holds the DEFAULT_ADMIN_ROLE since deployment until it’s potentially renounced.

Enforces a 2-step process to transfer the DEFAULT_ADMIN_ROLE to another account.

Enforces a configurable delay between the two steps, with the ability to cancel before the transfer is accepted.

  • Add a function transferadminshipDirectly (#226)
  • Remove the module OnlyDelegateCallModule since it was used to protect the function kill, which has been removed in this version (#221).
Assets 3
Loading