1.0.1

This release contains two modifications of the CMTAT 1.0

• Lock the implementation contract at deployment

  constructor(){
    // Disable the possibility to initialize the implementation
    _disableInitializers();
  }

• Forbid to call the kill function directly on the implementation contract.

This release can be only used to perform an upgrade of the CMTAT 1.0.

This release contains also a modification of the OpenZeppelin library, precisely this file : utils/Initializable.sol#L56

    function _disableInitializers() internal virtual {
        _initialized = true;
    }

2.3.0-rc.0

The release 2.3 contains mainly the different fixes and improvements related to the audit performed on the version 2.2.

Documentation

• Update the documentation for the release
• Add slither & coverage reports
• Install hardhat in order to use the solidity-coverage plugin

General modifications

• Rename contract CreditEvents to CreditEventsModule(pull/168)

• DebtBaseModule: the function setDebttakes an argument of type DebtBase(struct) instead of individual parameters to avoid issues with some compilers (pull/175).

• The interfaces ERC1404 & ERC1404Wrapper were renamed in IEIP1404 & EIP1404Wrapper since the proposition of standard ERC/EIP 1404 have never been approved (pull/166).

• Improve rule engine architecture: the RuleEngine to be used with the CMTAT has to implement the interface IEIP1404Wrapper (pull/166)

It is no longer necessary to implement the interface RuleEngine, which was moved inside the mock directory

• When a contract is deployed, the admin address put in parameter has to be different from zero (pull/162).
• Remove snapshot module from default import since the snapshotModule is not audited (pull/163)

Audit report

This version also includes improvements suggested by the audit report, addressing the following findings:

• CMTAT deployement (pull/152).

CVF-2: Create two main contracts: one for a deployment with a proxy, and one for a standalone deployment

• ValidationModule & EnforcementModule (pull/153)

CVF-1: The control was made in CMTAT.sol. We have moved this inside the ValidationModule

CVF-3 : return a defined error message if the rule engine is not set.

CVF-20: defined two different messages to indicate which address is frozen

CVF-29: defined a list of valid restriction code in ERC1404Wrapper

• Access Control (pull/154)

CVF-10: override the function hasRole to give all roles to the default admin

CVF-11: remove the function transferContractControl

• Burn (pull/155)

CVF-5: add a reason argument in the function + event as recommended

Other

CVF-4, CVF-13, CVF-18, CVF-23: CVF related to events (pull/159)

CVF-14: ValidationModule: Move the return statement inside the else branch as recommended (pull/157)

CVF-16, CVF-17, CVF-19, CVF-22, CVF-25: related to events (pull/158)

CVF-21: remove the redundant part in the path (pull/156)

2.2

2.2 - 20230122

This version is not audited

This version contains breaking changes with the version 2.1.

OpenZeppelin

Updated OpenZeppelin contracts upgradeable to the version v4.8.1, precisely this commit

Modules

• Add the module Debt ([pull/118](#118), [pull/141](#141) )

• Add the module CreditEvents ([pull/135](#135))

• SnapshotModule: use a sorted array instead of an unsorted array as suggested in the audit report ([pull/123](#123))

• baseModule: add field information & flag ([pull/134](#134))

• Access Control ([pull/130](#130)):

  • Move AuthorizationModule from wrapper/optional to security
  • Move the different calls of grantRoleinside of the function AuthorizationModule_init_unchained
  • Add a function transferAdminship in AuthorizationModule

• Improve and update tests of the different modules

Audit report

This version also includes improvements suggested by the audit report, addressing the following findings:

• SnapshotModule / CVF-3, CVF-8, CVF-13, CVF-17: [pull/123](#123)
• CVF-21: change the type of the Event RuleEngineSet to IRuleEngine
• CVF-28: call to the Validation_init_unchained function in __CMTAT_init
• CVF-54: add the reason parameter in events Freeze and Unfreeze
• CVF-24, CVF-25, CVF-26: no change in the code, but a comment was added to explain the requirement.

2.1

2.1 - 20221216

This version is not audited

This version contains breaking changes with the version 2.0.

This version is not proxy compatible with the CMTAT version 2.0. You can not upgrade a proxy contract using the version CMTAT 2.0 as implementation contract to point towards a contract CMTAT 2.0. Same for version 1.0

• BurnModule

  • Replace the function burnFrom by the function forceBurn to permit the issuer (BURNER_ROLE) to burn tokens.
  • The versions CMTAT 1.0 and 2.0 do not strictly respect the CMTAT specification because you can only burn tokens if the sender (with the BURNER_ROLE) has the allowance on the tokens.
  • CMTAT 2.0 does not strictly respect the CMTAT specification because you can not force transfer or make an equivalent operation (burn tokens, then mint tokens to a new address).

• Proxy

  • Add a boolean to indicate if the contract is deployed with or without a proxy.
  • Add a call to the function disableInitializers to prevent the implementation contract from being used.
  • Add a protection on the function kill by adding the module OnlyDelegateCallModule.

Others changes

• Proxy

  • Add initializers function in all contracts when they miss.

  • Add storage gaps in all contracts when they miss.

• OpenZeppelin

  • Updated OpenZeppelin contracts upgradeable to the version v4.8.0, precisely this commit.

  • Replace setupRole (deprecated) by grantRole in the function CMTAT_init_unchained.

• Improve the modularity of the architecture

  • Separate internal implementation from wrappers.
  • Separate mandatory and optional modules.
  • Move the BaseModule inside the mandatory directory.
  • Separate ERC20 functions from BaseModule by creating a specific module ERC20BaseModule.
  • Move the functions kill, setTokenId, setTerms from CMTAT.sol to BaseModule.
  • Move the functions pause & unpause from CMTAT.sol to PauseModule.
  • Move the functions freeze & unfreeze from CMTAT.sol to EnforcementModule.

• Improve tests and their documentation of AuthorizationModule, BaseModule, BurnModule, EnforcementModule, MintModule and ValidationModule.

This version also includes improvements suggested by the audit report, addressing the following findings:

• CVF-2, CVF-46, CVF-49, CVF-53, CVF-57, CVF-60, CVF-62: indicate the OpenZeppelin version in the file USAGE.md (Commit).

• CVF-29: perform a call to the ERC165_init_unchained (commit).

• CVF-30: call ERC20_init_unchained before Base_init_unchained (commit).

• CVF-35: specify which base contract is called instead of using the keyword super (commit 1, commit 2).

• CVF-47: define the functions PauseModule_init & PauseModule_init_unchained (commit).

• CVF-51: define the functions Authorization_init & Authorization_init_unchained (commit).

• CVF 52: move the mint functionality inside the MintModule (commit).

• CVF-61: second part, define the functions BurnModule_init & BurnModule_init_unchained (commit).

2.0

2.0 - 20221104

This version is not fully ready to be used with a proxy, see issues 58 and 66

This version is not proxy compatible with the CMTAT version 1.0. You can not upgrade a proxy contract using the version CMTAT 1.0 to point towards a contract CMTAT 2.0.

This version contains breaking changes with the version CMTAT 1.0

• Updated OpenZeppelin contracts upgradeable to the version v4.7.3, precisely this commit.
• Solidity version updated to ^0.8.17.
• Updated all libraries in package.json, exception for eth-sig-util which has not been updated.
• Set the trustedForwarder as immutable to be compatible with OpenZeppelin (commit)
• Each test is performed with and without a proxy (commit).
• Improved documentation by adding a summary of the audit, a description
  of the access control, an UML diagram of the project.

This version also includes improvements suggested by the audit report, addressing the following findings:

• CVF-7, CVF-9 and CVF-10: removed useless return value in _unscheduleSnapshot, _rescheduleSnapshot, _scheduleSnapshot
  (commit CVF-7, commit CVF-9, commit CVF-10).
• CVF-27, 48, 55: used an enum to store the restriction code (commit).
• CVF-40: defined event for setTokenId and setTerms (commit).
• Fix CVF-56: renamed message for the constant
  TEXT_TRANSFER_REJECTED_FROZEN(commit).
• CVF-66, CVF-69, CVF-70, CVF-72, which created two new interfaces:
  IERC1404 and IERC1404Wrapper(commit).

1.0

• Added CMTAT equity token core functionalities
• Added support for OpenGSN gasless transactions
• Added support for proxy deployment
• Added ABDK security audit report
• Added initial API documentation

0.9.0

Release before CMTAT 1.0.
Contains a fix for the gasless