d-bis/gru_emoney_token-factory
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
gru_emoney_token-factory/CHANGELOG.md
defiQUG e8ae376e90 Enhance API services with validation and error handling improvements 
- Integrated Zod validation schemas across various API routes to ensure input integrity and improve error handling.
- Updated `mapping-service`, `orchestrator`, `packet-service`, and `webhook-service` to utilize validation middleware for request parameters and bodies.
- Improved error handling in webhook management, packet generation, and compliance routes to provide clearer feedback on request failures.
- Added new validation schemas for various endpoints, enhancing overall API robustness and maintainability.
- Updated dependencies in `package.json` to include the new validation library.
2025-12-12 20:23:45 -08:00

4.7 KiB
Raw Permalink Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

1.1.0 - 2024-12-12

Security Fixes

  • CRITICAL: Fixed BridgeVault138.lock() logic order - policy check now happens before token transfer
  • Added ReentrancyGuard protection to BridgeVault138.lock() and unlock()
  • Added ReentrancyGuardUpgradeable protection to eMoneyToken.mint(), burn(), clawback(), and forceTransfer()
  • Implemented light client proof verification in BridgeVault138.unlock() (was placeholder)
  • Fixed TokenFactory138 code hash to include timestamp and block.number to prevent collisions

Improvements

  • Replaced all require() strings with custom errors for gas efficiency:
    • TokenErrors.sol - eMoneyToken errors
    • BridgeErrors.sol - BridgeVault138 errors
    • RegistryErrors.sol - Registry contract errors
    • FactoryErrors.sol - TokenFactory138 errors
  • Added TokenConfigured event to PolicyManager for better event tracking
  • Enhanced error messages with parameters for better debugging

Testing

  • Created MockLightClient for testing bridge unlock functionality
  • Added comprehensive BridgeVault138Test (11 tests)
  • Added ReentrancyAttackTest for all protected functions (6 tests)
  • Added UpgradeTest for storage layout and upgrade functionality (6 tests)
  • Updated all existing tests to use custom errors

Documentation

  • Added upgrade procedure documentation (docs/UPGRADE_PROCEDURE.md)
  • Created storage layout validation script (tools/validate-storage-layout.sh)
  • Added Architecture Decision Records:
    • ADR-001: Reentrancy Protection Strategy
    • ADR-002: Custom Errors for Gas Efficiency
  • Created upgrade scripts:
    • script/Upgrade.s.sol
    • script/VerifyUpgrade.s.sol
    • script/AuthorizeUpgrade.s.sol
  • Updated README with upgrade instructions

Technical Details

  • Updated to use OpenZeppelin v5 ReentrancyGuard (utils/ directory)
  • All custom errors use prefixed naming to prevent conflicts
  • Upgrade scripts support OpenZeppelin v5 upgradeToAndCall pattern

1.0.0 - 2024-12-12

Added

Core Contracts

  • ComplianceRegistry: Manages compliance status for accounts (allowed, frozen, risk tier, jurisdiction)
  • DebtRegistry: Manages liens (encumbrances) on accounts with hard expiry policy
  • PolicyManager: Central rule engine for transfer authorization across all tokens
  • eMoneyToken: Restricted ERC-20 token with policy-controlled transfers and lien enforcement
  • TokenFactory138: Factory for deploying new eMoneyToken instances as UUPS upgradeable proxies
  • BridgeVault138: Lock/unlock portal for cross-chain token representation

Features

  • Policy-controlled token transfers with multiple restriction layers
  • Two lien enforcement modes:
    • Hard Freeze: Blocks all outbound transfers when active lien exists
    • Encumbered: Allows transfers up to freeBalance = balance - activeLienAmount
  • Bridge-only mode for restricting transfers to bridge addresses
  • Callable/recallable functions: mint, burn, clawback, forceTransfer
  • UUPS upgradeable proxy pattern for token implementations
  • Role-based access control using OpenZeppelin's AccessControl

Testing

  • Comprehensive unit test suite
  • Integration tests for full system flow
  • Fuzz tests for DebtRegistry and transfer operations
  • Invariant tests for transfer logic and supply conservation

Documentation

  • README.md with project overview, installation, and usage
  • RUNBOOK.md with operational procedures
  • SECURITY.md with vulnerability disclosure policy
  • CONTRIBUTING.md with development guidelines
  • NatSpec documentation for all public/external functions

Deployment

  • Deploy.s.sol: Deployment script for all core contracts
  • Configure.s.sol: Post-deployment configuration script
  • VerifyDeployment.s.sol: Deployment verification script
  • EnvValidation.sol: Environment variable validation library
  • .env.example: Environment variable template

Infrastructure

  • Foundry configuration (foundry.toml)
  • OpenZeppelin Contracts v5 integration
  • Solidity 0.8.24 with IR-based code generation (via_ir)
  • Comprehensive .gitignore

Security

  • All privileged operations protected by role-based access control
  • Comprehensive input validation
  • Secure upgrade pattern (UUPS)
  • Hard expiry policy for liens (explicit release required)

Technical Details

  • ChainID 138 support
  • ERC-20 compatible with additional restrictions
  • Canonical reason codes for transfer blocking
  • Immutable registry addresses after deployment
Reference in New Issue View Git Blame Copy Permalink