SDK/ContractKit 1.0.2

Commits included

This release was published on February 17th, 2021 and includes commits from 2f5b795a601375d41b67ca0afe47107f8448ff50 to ffcf304361ae18cd38d4bc45b635a9043bb55c7a inclusive.

Features

• Show owner in releasegold:show - #6608
• Metadata HTTPS Monitoring in identity:current-attestation-services - #6806
• Determine signing algorithm based on key type for Azure HSM - #6010

Bug Fixes

• Fix 8 digit codes for mainnet - #6663
• Fix Azure HSM Wallet PublicKey to Address conversion - #6829
• Shouldn't import from src folder in peer package - #7073
• Fix wallets-test #7094

Other Changes

• Small Docs Fixes related to CK1 release - #6576
• Simplify SortedOracles API by allowing consumers to report to arbitrary Addresses - #6898
• Updated DappKit README.md - #6957

Core Contracts Release 3

Release Notes:

This is the third release of the Celo Core Contracts. It follows the release process per the docs.

Audit Report:

OpenZeppelin Core Contracts Release 3 Audit

Key updates in this release:

Release 3 generalizes the stability protocol for the launch of cEUR (and others coming soon!) and implements multiple CIPs in an effort to incorporate community feedback. More information about the Celo Euro launch can be obtained in CIP-33.

• Update Reserve.sol with support for multiple exchanges to pull assets #6299:

For the upcoming launch of cEUR, the new exchange will need to spend CELO on behalf of the reserve for one side of CP-DOTO. A storage whitelist of exchange spenders was added while maintaining permission for the registered Exchange identifier to circumvent initializing new storage on the already initialized Reserve contract.

• Add ExchangeEUR.sol and StableTokenEUR.sol to the core contracts #6572:

The stability implementation for cEUR is identical to cUSD, and the new contracts simply inherit the implementation from the existing Exchange.sol and StableToken.sol. These contracts will be registered under the ExchangeEUR and StableTokenEUR registry identifiers and versioned independently. The initialization parameters are also included here.

• Permit registered exchange to expand/contract supply on StableToken.sol #6780

The new exchange also needs to be able to mint and burn cEUR on the new StableTokenEUR.sol. A storage registry identifier is used to give the stable token implementation knowledge of the corresponding exchange's address, and permit these sensitive operations.

• Update BlockchainParameters.sol with CIP-21 implementation #4747:

A validator's rewards in each epoch are affected proportionally by the percentage of blocks they provide signatures for, incentivizing uptime. This change makes the number of consecutive blocks which must be missed before the validator is considered down a governable parameter that the blockchain client reads from. The Donut hard fork specified in CIP-27 necessitates this change.

• Update Validators.sol with CIP-29 implementation #6287:

The validator uptime grace period was especially punitive and began punishing the validator group's future rewards after ~1 minute of continuous downtime. This change extends the grace period to ~10 minutes of continuous downtime to allow for routine maintenance and restarts.

Other changes:

• Update Governance.sol with small fix to getProposalStage external view #6502

Specific Version Updates:

Core Contracts:

Registry Identifier	Old	New
Reserve	1.1.1.0	1.1.2.0
StableTokenEUR		1.1.0.0
ExchangeEUR		1.1.0.0
BlockchainParameters	1.1.0.0	1.2.0.0
Validators	1.1.1.0	1.2.0.0
Governance	1.2.0.1	1.2.0.2

Valora 1.10.1

Summary

Relative to the 1.9.2 release, the 1.10.0 release allows users to upload profile pictures for their account, features an improved Consumer Incentives experience and the ability to request a daily withdrawal limit increase by contacting cLabs Support. It also addresses various minor bugs.

Commits included

This release was cut from master on February 4, 2021 from 4ff4741, with some additional translation strings added. See release branch: https://github.com/celo-org/celo-monorepo/tree/release/wallet/1.10.1

Features

#6501 Update radio button designs
#6216 Batch feeless verification transactions
#6488 Enable Flipper on iOS for debugging
#5970 Upload profile pictures
#6835 Allow updating daily limit from backend
#6848 Redesign Consumer Incentives screen

Bug fixes

#6786 Fix verification status
#6819 Disable keyboard suggestion when entering the account key
#6853 Fix Bidali view when number is not specified

Security

N/A

Testing

• Full QA process through Lodestone

CLI 1.0.3

Commits included

This release was published on January 25th, 2021 and includes commits from 2f5b795a601375d41b67ca0afe47107f8448ff50 to c8f675fb143862a00df2bbe9a8271abba0fd5f64 inclusive.

Bug Fixes

• Add missing lib in the shrinkwrap.json that avoids the usage of the package - #6671

Valora 1.9.0

Summary

Valora version 1.9 includes new ways to buy and spend cUSD, featuring cash in cUSD support with MoonPay and cash out with gift cards using Bidali. This release also features improvements to the CELO rewards program and addresses various minor display and navigation bugs.

Commits included

This release was cut from master on January 22nd, 2021 from 76eca55 and contains additional cherry-picked commits. See release branch: https://github.com/celo-org/celo-monorepo/tree/release/wallet/1.9.2

Features

#6458 Retry Firebase connection upon failure
#6493 Add dynamic download link to Valora invite texts
#6510 Add Bidali integration
#6512 Support remote images for Firebase controlled notifications
#6520 Allow deep linking into any screen from notifications
#6499 Add Moonpay cUSD cash in
#6546 Remote notification targeting specific app versions and countries
#6522 Add native screen for Consumer Incentives

Bug fixes

#6478 Ask PIN immediately on BackupForceScreen
#6479 Fix phone number search on Send Screen
#6338 Fix sporadic payment request hang
#6530 UI fix for Expandable component
#6506 Add loading indicator to WebViewScreen

Security

N/A

Testing

• Full QA process through Lodestone

CLI 1.0.2

Commits included

This release was published on January 22nd, 2021 and includes commits from 23b12644eda957ef87530845ff062e9f02358dd4 to f5241e11f158675b8f5cbce2feb2ac85cbb58d18 inclusive.

Bug Fixes

• Fixed Global Flag Parsing in CLI - #6619

Other Changes

• Add prepublish hook to generate the npm-shrinkwrap - #6575

ContractKit 1.0.1

Commits included

This release was published on January 20th, 2021 and includes commits from 6148646a29e5e719df9a1b32d1580ea7e6e61be8 to d532d06f60999e0ed951839cc0cff9e0abf4d505 inclusive. See this blogpost for more details.

Features

• Moved into SDK directory, and made compatible with SDK modularization changes - #4790
• Added ability to specify per token expiry in sorted oracles - #6125
• Adds metrics to ODIS - #5749
• ODIS Client Update - #5621]
• Extend SortedOraclesWrapper to support reporting for arbitrary currency pairs - #6401
• IP712 signature over attestation security code - #6209
• Enable 8 digit code verification and ignore attestation services below 1.1.0 - #6437
• Handle revert flag from web3 for contract calls - #6515
• CIP-21: Governable LookbackWindow Smart Contract changes - #4747

Bug Fixes

• Reverted PR #5709, "Add CUSD transfer to MTW" - #5982
• Removes unnecessary check in vote function - #6056
• Treat null receipt in Connection.getTransactionReceipt - #6178
• Add id field to eth_sign and eth_signTypedData calls - #6264
• Pin our version of secp256k1 - #6432
• Updated ContractKit's README.md #6450
• Fix @LedgerHQ package version in CK and CLI - #6496

Other Changes

• Added ability to withdraw attestation rewards via CLI - #6176
• Autogenerated documentation for all new sdk packages - #6199
• Update homepage and repository for sdk packages in documentation - #5998
• Add Portuguese in wallet - #5945
• Mnemonic validation flexibility within Valora - #6372
• Show the international format when displaying phone numbers in Valora #6350
• Modified version of #6474: Fix dependencies to work on standalone installations and in environments without Git #6516

CLI 1.0.1

Commits included

This release was published on January 20th, 2021 and includes commits from d4ae6eccc2cfc760818b9132a57c6da67c10b561 to d532d06f60999e0ed951839cc0cff9e0abf4d505 inclusive.

Features

• Pass through oclif table flags to commands which output tables - #5618
• CIP 8 Encryption - #5091
• Add authorized signers to release gold show - #5596
• Extract governance:build-proposal command - #5847
• Add downtime slashing commands - #5632
• Add ability to withdraw attestation rewards via CLI #6176
• Mnemonic validation flexibility within Valora - #6372
• Write transfer and transferFrom commands for MultiSig contract - #6425

Bug Fixes

• Fix param order on account:new internal call - #6319
• Remove broken header links in generated CLI docs - #6415
• Fix @LedgerHQ package version in CK and CLI - #6496
• Fix call to set gas currency in CLI base - #6505

Other Changes

• KomenciKit - #5436
• Update base and utils package versions #5655
• Parallelize and simplify fetching of comprensive registry address map - #5568
• Add readability to (big) number and timestamp/duration outputs in CK and CLI - #5584
• Rename build-proposal flag - #5885
• Compatibility with Sdk Modularization - #4790
• Adjust how CLI docs are generated - #5882
• Add install instructions for CLI readme - #6466

Core Contracts Release 2

Release Notes:

This is the second release of the Celo Core Contracts. It follows the release process per the docs.

Audit Report:

https://blog.openzeppelin.com/celo-contracts-audit/#phase-5

This release's audit scope will cover the verification tooling that has been built to allow Celo stakeholders to have confidence in the safety and correctness of a Celo Core Contract Upgrade Release Proposal.

Key updates in this release:

After the sizable initial release 1, release 2 is much lighter in scope and reflects the core developer's intention to ship smaller changes more frequently as opposed to fewer, but larger changes.

• Update Signatures.sol with EIP-712 support #5122:

The Signatures library was updated with EIP-712 support to allow contracts to easily verify EIP-712 signatures. The prime consumer of this new functionality is the MetaTransactionWallet that was added as part of the audit scope (while not deployed as a Core Contract). As a result, per the versioning docs, this means that consuming contracts (Accounts, Attestations, AttestationsTest, LockedGold, Escrow) have been incremented in their patch versions.

• Per token report expiry in SortedOracles #6125

For the upcoming tBTC integration, SortedOracles may be reused to report CELO/BTC prices. However reporting might happen on different frequencies, thus this change allows Governance to specify separate expirations for different tokens.

• MetaTransactionWallet #4587

As part of fee-less onboarding, also known as Komenci, MetaTransactionWallet was built to support submitting transactions on behalf of another account. While MetaTransactionWallet (and MetaTransactionWalletDeployer) are not a Celo Core Contract (as they are not owned by Governance), they nonetheless are part of the audit scope and thus will be reflected as part of these release reports.

• Unlock-while-voting-invariant bug fix #6368

After cutting for release 2, a bug was reported that under narrow circumstances could allow for a malicious user to vote on the same governance proposal twice. You can find the incident report on the forum. The fix was pulled in to ensure safety after deployment of release 2.

Other changes:

Minor changes have been made, partially in response to an intermediary audit by OpenZeppelin (that will be part of this release's audit report).

Specific Version Updates:

Core Contracts:

• Accounts: 1.1.1.0 => 1.1.1.1
• Attestations: 1.1.1.0 => 1.1.1.1
• AttestationsTest: 1.1.1.0 => 1.1.1.1
• LockedGold: 1.1.1.0 => 1.1.1.1
• Escrow: 1.1.1.0 => 1.1.1.1
• SortedOracles: 1.1.1.0 => 1.1.2.0
• MetaTransactionWallet: new 1.1.0.1
• MetaTransactionWalletDeployer: new 1.1.0.0

Libraries:

• Signatures: 1.1.1.0 => 1.1.2.0

Attestation Service v1.2.0

This is a feature release for all validators.

Documentation

Full documentation is here.

Upgrading

Validator operators are advised to test first on Baklava before deploying changes on Mainnet.

Deploy the Docker image identified as follows:

us.gcr.io/celo-testnet/celo-monorepo:attestation-service-v1.2.0
us.gcr.io/celo-testnet/celo-monorepo@sha256:4416fc61b0941de7f0299fc0ccdb0fe6c47112eb165484b1d6b702fba3e04a4d

Existing configurations should work as is.

Changes

Support for 8 digit security codes

Attestation Service 1.2.0 adds support for 8 security codes, this is a quality of life improvement for end users and entails no operational changes.

Relevant pull request #6209

Support for MessageBird Provider

It is recommended that validators sign up and add MessageBird as an additional SMS provider. From internal testing, MessageBird has performed better in some regions than the current providers, notably Ghana (where the network has observed high traffic). It is recommended that validators configure it as one of their SMS_PROVIDERS and set SMS_PROVIDERS_GH to use MessageBird first. As more validator adopt the new provider, better recommendations for provider+country performance can be made.

Relevant pull request #5616

Optional Random Provider Configuration

Added SMS_PROVIDERS_RANDOMIZED configuration. This enables randomizing the provider used for an incoming request in the default use-case. The ordered per-country provider lists are never shuffled. This balances the load to all providers so that better data on provider+country success rates can be collected. It is suggested that validators enable this feature.

Relevant pull request #5880

Max Age of Blocks for Health Check Configuration

Adding a MAX_AGE_LATEST_BLOCK_SECS config option which makes the maximum age of the latest block at which the health check fails to be configurable. Previously, we saw issues in baklava where slow blocks were causing spewing of Attestation Service alerts. It is recommended that validators experiencing this issues on baklava to extend the block age.

Relevant pull request #5880