Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Releases: CMTA/CMTAT

v3.3.0-rc1

v3.3.0-rc1 Pre-release
Pre-release

Choose a tag to compare

@rya-sge rya-sge released this 21 May 18:10
580d477

Note: This version has not been audited.

Smart contract

Added

  • New base contract CMTATBaseDocument:
    • Introduced as contracts/modules/1_CMTATBaseDocument.sol.
    • Isolates document-management authorization (_authorizeDocumentManagement) from CMTATBaseAccessControl.
    • Composes DocumentERC1643Module on top of the rule-engine base path.
  • Stateful RuleEngine transfer hook support (testing/mocks):
    • Added IRuleTransferHook (contracts/mocks/RuleEngine/interfaces/IRuleTransferHook.sol) to allow rules to update rule-local state on transfer callbacks.
    • Added RuleTokenHolderTracker (contracts/mocks/RuleEngine/RuleTokenHolderTracker.sol) to track holder balances/list in rule storage.
    • RuleEngineMock now wires the holder-tracker rule and executes transfer hooks in transferred(...) paths.

Changed

  • ERC-1643 document identifier format aligned to bytes32 (breaking API change for document functions):
    • Previous CMTAT variant (e.g. v3.2.0) used string for document names in IERC1643 (getDocument(string), getAllDocuments() -> string[]).
    • Current implementation uses bytes32 document names (getDocument(bytes32), getAllDocuments() -> bytes32[]) and exposes setDocument(bytes32,string,bytes32) / removeDocument(bytes32) with associated events.
    • CMTAT terms remain on the modified CMTAT structure: IERC1643CMTAT.DocumentInfo still uses string name for tokenization terms metadata (setTerms path).
  • Base hierarchy refactor (strict dependency-order levels):
    • CMTATBaseDocument at level 1 (contracts/modules/1_CMTATBaseDocument.sol).
    • CMTATBaseAccessControl at level 2 (contracts/modules/2_CMTATBaseAccessControl.sol) and now inherits CMTATBaseDocument.
    • CMTATBaseAllowlist and CMTATBaseRuleEngine at level 3.
    • CMTATBaseDebt and CMTATBaseERC1404 at level 4.
    • CMTATBaseERC20CrossChain at level 5.
    • CMTATBaseERC2612, CMTATBaseERC2771, CMTATBaseDebtEngine at level 6.
    • CMTATBaseERC2771Snapshot, CMTATBaseERC7551Enforcement at level 7.
    • CMTATBaseERC1363, CMTATBaseERC7551 at level 8.
  • CMTATBaseCommon no longer inherits DocumentERC1643Module.
  • CMTATBaseAccessControl now defines _authorizeDocumentManagement and enforces DOCUMENT_ROLE.
  • Updated impacted imports and deployment references to match the new module numbering/layout.
  • ERC20CrossChain burn-path cleanup (no external API change):
    • Removed redundant crosschainBurn override from CMTATBaseERC20CrossChain; level-5 now uses ERC20CrossChainModule.crosschainBurn directly.
    • Removed redundant sender-aware burn override from CMTATBaseERC20CrossChain; burn/burnFrom sender-aware flow now relies on the module implementation.
    • In ERC20CrossChainModule, simplified internal self-burn routing and renamed helper _burnWithSender to _burnFromOperator for clearer intent.
  • Meta-tx _msgData ERC1363 test path adjusted to avoid bytecode-size deployment failures:
    • Slimmed CMTATUpgradeableERC1363MsgDataMock.getMsgData() by removing event emission and using a view return path.
    • Reworked test/standard/modules/MetaTxMsgDataERC1363.test.js to validate trusted-forwarder calldata shape directly instead of relying on event parsing.

Fixed

  • Fixed compile-path inconsistencies caused by stale numbered imports after base-level refactor.
  • Restored full compilation after engine/mock alignment:
    • CMTATEngineInitializerMock no longer calls unavailable document-engine initializer on snapshot path.
    • DocumentEngineMock now implements IERC1643-compatible setDocument(bytes32,string,bytes32).

Documentation

Changed

  • Updated base-module hierarchy and file references in doc/README.md to reflect:
    • 1_CMTATBaseDocument.sol
    • 2_CMTATBaseAccessControl.sol
    • 3_CMTATBaseAllowlist.sol
    • 3_CMTATBaseRuleEngine.sol
    • 4_CMTATBaseDebt.sol
    • 4_CMTATBaseERC1404.sol
    • 5_CMTATBaseERC20CrossChain.sol
    • 6_CMTATBaseERC2612.sol
    • 6_CMTATBaseERC2771.sol
    • 6_CMTATBaseDebtEngine.sol
    • 7_CMTATBaseERC2771Snapshot.sol
    • 7_CMTATBaseERC7551Enforcement.sol
    • 8_CMTATBaseERC1363.sol
    • 8_CMTATBaseERC7551.sol
  • Updated doc/README.md ERC-1643 section to use current bytes32 API signatures (getDocument(bytes32), getAllDocuments() returns (bytes32[])) with compatibility note for IERC1643CMTAT.DocumentInfo.name (string).
  • Updated contracts tree file .claude/tree/contracts_tree.txt.
  • Added technical clarification for freeze-event semantics across standards:
    • doc/technical/erc-7943-uRWA-integration.md now explicitly documents that base Frozen(account, amount) is a normalized frozen-state update event (including unfreeze updates), while direction should be derived from ERC-3643/7551 directional events.
    • doc/technical/erc-3643-implementation.md now documents the event-layering model (Frozen base state update + TokensFrozen/TokensUnfrozen directional wrappers).

Testing

Added

  • Added dedicated stateful RuleEngine rule test coverage in test/standard/modules/RuleEngineMockStatefulRule.test.js:
    • verifies holder-balance tracking and holder-list transitions through transfer hook callbacks.
  • Added initializer edge-case tests for DocumentEngineModule and SnapshotEngineModule:
    • test/common/DocumentModule/DocumentModuleSetDocumentEngineCommon.js: covers zero-engine assignment and re-initialization revert paths.
    • test/common/SnapshotModuleCommon/SnapshotModuleSetSnapshotEngineCommon.js: covers zero-engine assignment and re-initialization revert paths.
  • Added standard initializer branch tests in test/deployment/deployment.test.js:
    • manual initialization path, initialization with rule engine, and double-initialize revert.
  • Added interface and initializer coverage across deployment test suites:
    • test/common/CMTATIntegrationCommon.js: extended integration paths.
    • test/deployment/erc721mock.test.js: ERC-721 generic initializer and interface paths.
    • Light/core, standard, permit, ERC-1363, snapshot, and document deployment suites.
  • Added edge-case coverage for core transfer and approve paths:
    • test/common/ERC20BaseModuleCommon.js: zero-value transfers and explicit approve coverage.
    • test/common/AllowlistModuleCommon.js: explicit canSend/canReceive matrix including zero-value transfers.
  • Extended test/common/AllowlistModuleCommon.js, test/common/DocumentModule/DocumentModuleCommon.js, and test/common/ERC20EnforcementModuleCommon.js with additional edge-case tests.

Fixed

  • Removed hardcoded gasLimit: 30_000_000 override from deployCMTATERC1363Standalone in test/deploymentUtils.js. The explicit override exceeded the Prague/Fusaka per-transaction gas cap (FUSAKA_TRANSACTION_GAS_LIMIT = 16,777,216) enforced by Hardhat ≥ 2.28, causing a ProviderError on every ERC-1363 standalone test run. Auto-estimated gas is well within the cap for this contract.

Documentation

Changed

  • Updated test count references in README.md and doc/README.md: 3,078 → 5,630 automated tests.
  • README.md: added hyperlinks to all ERC standard references in the features table; expanded the Supported Financial Instruments table (added Snapshot, DebtEngine, ERC-1363, and UUPS variants; clarified Allowlist entry); added Contract Sizes section with deployed/initcode sizes for all deployment variants; corrected UUPS standalone note.
  • SECURITY.md: expanded responsible disclosure policy.
  • doc/README.md and doc/SUMMARY.md: updated module-level documentation and surya reports to reflect current hierarchy and coverage results.
  • Updated code coverage reports in doc/test/coverage/ after full test run.

v3.2.0

Choose a tag to compare

@rya-sge rya-sge released this 20 Feb 14:49
49544f4

Note: This version has not been audited.

Issue

Smart contract

Added

  • Support of ERC-7943 (#337):
    • New functions setFrozenTokens and canTransact in the enforcement module.
    • New error ERC7943InsufficientUnfrozenBalance in ERC20EnforcementModule.
    • Emit ERC-7943 enforcement events (TokensFrozen, TokensUnfrozen).
    • ERC-7943 ERC-165 interface ID support.
  • New dedicated deployment variant with DebtEngine support (see Removed section for rationale).
  • IRuleEngine: ERC-165 support added (#342) to enable interface compliance checks.
    • New interface IRuleEngineERC1404 inheriting from both IERC1404Extend and IRuleEngine.
    • Library contracts RuleEngineInterfaceId and ERC1404ExtendInterfaceId to store ERC-165 interface IDs.
  • New base contract CMTATBaseAccessControl (#350).

Changed

  • Transfer now reverts with specific errors when the contract is paused or deactivated (#338) to improve error clarity.
  • The approve function now reverts when the contract is paused for all deployment variants except Light (#335).
  • ValidationModule: Optimized code size by removing useless boolean returns.
  • Updating contract address comparisons (Solidity v3.2.0).
  • Replaced CMTAT library errors with ERC-7943 specific errors.
  • Renamed custom errors for consistency.

Fixed

  • Wake Arena audit (M1/M2/M3): Removed redundant CMTATBaseRuleEngine._checkTransferred calls in CMTATBaseERC20CrossChain._mintOverride, _burnOverride, and _minterTransferOverride. The rule-engine compliance hook was being executed twice per operation; the single authoritative call in the CMTATBaseCommon parent overrides is now sufficient. #354
  • Wake Arena audit (I1): Corrected NatSpec comment in CMTATBaseERC20CrossChain._authorizeSelfBurn which incorrectly referenced BURNER_FROM_ROLE instead of BURNER_SELF_ROLE.

NatSpec / Comments

  • Wake Arena audit (L1): Added clarifying comment in ERC20BaseModule.transferFrom and updated IERC20Allowance.Spend event NatSpec to state that the event is not emitted when the allowance is infinite (type(uint256).max), as no deduction occurs in that case.
  • Wake Arena audit (L2): Added NatSpec warning on approve in CMTATBaseAllowlist documenting the standard ERC-20 allowance race condition and advising callers to set the allowance to zero before assigning a new non-zero value.

Removed

  • DocumentEngine and SnapshotEngine removed from constructors and initialization (#343) to simplify deployment and reduce bytecode size.
  • DebtDeployment: DebtEngine support removed and moved to a dedicated deployment variant (#339) to reduce contract size and enable additional modules in DebtEngine-based deployments.
  • CMTAT Errors library removed, errors are now defined in their respective interfaces.

Test / Doc / Script

Added

  • Missing ERC-2771 integration tests for MetaTx module.
  • Script to compute ERC-165 interface IDs (npm run erc165:interfaceId).

Changed

  • Update Solidity version to 0.8.34 in Hardhat config file.

Acknowledge

We would like to thank @amilazz, @Domson97, as well as CMTA Tech Comite for their valuable feedback and contributions to this release. Their input played an important role in improving the project, and we sincerely appreciate their support.

v3.2.0-rc2

v3.2.0-rc2 Pre-release
Pre-release

Choose a tag to compare

@rya-sge rya-sge released this 09 Feb 11:24
78e6e48

Patch

Fix constant value and name for ERC-165 interface

v3.2.0-rc1

v3.2.0-rc1 Pre-release
Pre-release

Choose a tag to compare

@rya-sge rya-sge released this 04 Feb 11:42
4cbc9f3

Smart contract

  • Improve comment
  • ValidationModule: Optimized code size by removing useless boolean returns
  • Updating contract address comparisons.
  • Add library to store interface id for RuleEngine and ERC-1404Extend

Test & Tools

  • Add missing test for ERC-2771 functions _msgData
  • Add script to compute ERC-165 interface for IRuleEngine and IERC1404Extend
  • Add Claude code files

Acknowledge
We would like to thank @amilazz, @Domson97, as well as CMTA Tech Comite for their valuable feedback and contributions to this release. Their input played an important role in improving the project, and we sincerely appreciate their support.

v3.2.0-rc0

v3.2.0-rc0 Pre-release
Pre-release

Choose a tag to compare

@rya-sge rya-sge released this 13 Jan 13:53
012ccc4

Note: This version has not been audited.

Added

  • Support of ERC-7943 (#337).
  • New dedicated deployment variant with DebtEngine support (see Removed section for rationale).
  • IRuleEngine: ERC-165 support added (#342) to enable interface compliance checks.
  • New base contract CMTATBaseAccessControl (#350).

Changed

  • Transfer now reverts with specific errors when the contract is paused or deactivated (#338) to improve error clarity.
  • The approve function now reverts when the contract is paused for all deployment variants except Light (#335).
  • Update Solidity version to 0.8.33 in Hardhat config file.

Removed

  • DocumentEngine and SnapshotEngine removed from constructors and initialization (#343) to simplify deployment and reduce bytecode size.
  • DebtDeployment: DebtEngine support removed and moved to a dedicated deployment variant (#339) to reduce contract size and enable additional modules in DebtEngine-based deployments.

v3.1.0

Choose a tag to compare

@rya-sge rya-sge released this 09 Dec 15:30
9c96c8e

This version is not audited

Known issue for this release:
M01. Double invocation of rule-engine compliance hook in cross-chain overrides #354
Operator/Spender Identity Lost in RuleEngine Hooks (burn/mint/cross-chain) (low)

Fixed

Added

  • New module CCIPModule with two functions getCCIPAdmin and setCCIPAdmin
    • Reason: it allows the CCIP admin to enable the CMTAT token in Chainlink CCIP, without the need of requesting assistance to Chainlink.
  • Add explicit support of ERC-5679 for minting and burning
    • Reason: this ERC was already supported in v3.0.0 but not through a dedicated interface and ERC-165 identifier.
    • Details: IERC7551Burn and IERC7551Mint will inherits from respectively the burn and mint part of ERC-5679.
  • In ERC7551Module, the function setTerms emits the Terms event
    • Reason: meet the specification of the draft ERC ERC-7551.
  • Create specific module ERC20CrossChain for cross-chain transfers (ERC-7802 and other burn/mint related function), code previously put in CMTATBaseCrossChain.

Changed

  • Rename BaseModule into VersionModule

    • Reason: This module contains only the CMTAT version. This avoid also the confusion with CMTAT Base modules.
  • Access control: in wrapper modules, all access control is made through internal functions. These functions must be now implemented in CMTAT base module

    • Reason: this allows to use a different access control (e.g. ownership or Access Manager) by implementing a new CMTAT Base module without the need of modifying wrapper modules.
  • Cross-Chain

Library

  • Update Openzeppelin standard and upgradeable version to v5.5.0

Documentation (README)

  • Reference the new draft version of ERC-7551
  • Reference ERC-5679 as supported ERC by CMTAT
  • Add section to explain cross-chain bridge support (Chainlink CCIP and ERC-7802 mainly)
  • Add summary tab for CMTAT framework functionalities to help build CMTAT version for other blockchains
  • Add audit reports made by Nethermind Audit Agents

Acknowledge
We would like to thank @amilazz, @Domson97, as well as CMTA Tech Comite for their valuable feedback and contributions to this release. Their input played an important role in improving the project, and we sincerely appreciate their support.

v3.0.0

Choose a tag to compare

@rya-sge rya-sge released this 28 Aug 13:47
69eecc9

Major release audited by Halborn

Known issues for this release:

Difference with v.3.0.0 rc version:

  • Improved comments and documentation
  • See changelogs of the rc versions for details.

Main changes with the last audited release (v2.3.0):

Added

Updated

  • Update Solidity (0.8.30) & OpenZeppelin version (v.5.4.0)
  • Update several function names to be compatible with ERC-3643

Acknowledge
We would like to thank @amilazz, as well as CMTA Tech Comite for their valuable feedback and contributions to this release. Their input played an important role in improving the project, and we sincerely appreciate their support.

v3.0.0-rc7

v3.0.0-rc7 Pre-release
Pre-release

Choose a tag to compare

@rya-sge rya-sge released this 04 Aug 15:47
305351b
  • Add missing compliance check (pause, address freeze and RuleEngine) for batchTransfer
    • Create a virtual function _minterTransferOverride in ERC20MintModule.
    • This function is then overridden in CMTATBaseCommon to perform the required check
  • Add the same check for batchMint/batchBurnfor CMTAT core (light) version by updating CMTATBaseCore
  • Add several tests to check these modification

v3.0.0-rc6

v3.0.0-rc6 Pre-release
Pre-release

Choose a tag to compare

@rya-sge rya-sge released this 31 Jul 13:08
bc207af
  • Perform recommendations from the audit report (Halborn)
  • Main change: add a new ERC-1404 code if the contract is deactivated

v3.0.0-rc5

v3.0.0-rc5 Pre-release
Pre-release

Choose a tag to compare

@rya-sge rya-sge released this 27 Jun 07:54
04dad82
  • Add & improve Solidity Natspec comment
    -- Few improvement as a result (e.g rename return variables)
  • Improve & update documentation