Update doc, comment in Solidity files and add missing tests detected …

…by coverage
CMTA · Sep 20, 2023 · a68378a · a68378a
1 parent 166fe25
commit a68378a
Show file tree

Hide file tree

Showing 132 changed files with 10,550 additions and 9,616 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,52 @@
 
 Please follow <https://changelog.md/> conventions.
 
+## v2.3.1
+
+### Summary
+**Architecture**
+- The directory `mandatory` is renamed in `core` ([#222](https://github.com/CMTA/CMTAT/pull/222))
+- The directory `optional` is renamed in `extensions` ([#222](https://github.com/CMTA/CMTAT/pull/222))
+- Creation of a directory `controller` which for the moment contains only the ValidationModule ([#222](https://github.com/CMTA/CMTAT/pull/222))
+- Rename contract and init function for ERC20BurnModule, ERC20MintModule, ERC20SnapshotModule to clearly indicate the inheritance from ERC20 interface ([#226](https://github.com/CMTA/CMTAT/pull/226))
+
+**Gas optimization**
+- Add a batch version for the burn, mint and transfer functions (see [#51](https://github.com/CMTA/CMTAT/pull/51))
+- Use custom error instead of string error message ([#217](https://github.com/CMTA/CMTAT/pull/217))
+
+
+**Other**
+- Add ERC20 decimals as an argument of the initialize function ([#213](https://github.com/CMTA/CMTAT/pull/213))
+Until now, the number of decimal was set inside the code to the value 0
+This release changes this behavior to use instead a parameter supplied by the deployer inside the function initialize.
+- Add a constant VERSION to indicate the current version of the token ([#229](https://github.com/CMTA/CMTAT/pull/229))
+- Implement an alternative to the kill function ([#221](https://github.com/CMTA/CMTAT/pull/221))
+--Add a boolean isDeactivated
+--A new function `deactivateContract` , restricted to the admin, can be used to deactivate the contract
+This function set the variable `isDeactivated` to true.
+In standalone mode, this operation is irreversible, it is not possible to rollback.
+With a proxy, it is still possible to rollback by deploying a new implementation.
+This function puts also the contract in the pause state
+The variable `isDeactivated` has also an impact on the function `unpause`. This one will revert if the previous variable is set to true, thus the contract is in the pause state forever.
+
+**Tools**
+
+- Update the Solidity version to 0.8.20, which is a requirement for the new OpenZeppelin version (5.0.0)
+- Run tests with Hardhat instead of Truffle since Truffle does not support custom errors ([#217](https://github.com/CMTA/CMTAT/pull/51))
+- _Update OpenZeppelin to the version 5.0.0_ (not yet done)
+
+**Security**
+- Add new control on the DEFAULT_ADMIN_ROLE by inheriting `AccessControlDefaultAdminRules` ([#220](https://github.com/CMTA/CMTAT/pull/220))
+This contract implements the following risk mitigations on top of [AccessControl](https://docs.openzeppelin.com/contracts/4.x/api/access#AccessControl):
+
+Only one account holds the DEFAULT_ADMIN_ROLE since deployment until it’s potentially renounced.
+
+Enforces a 2-step process to transfer the DEFAULT_ADMIN_ROLE to another account.
+
+Enforces a configurable delay between the two steps, with the ability to cancel before the transfer is accepted.
+
+- Add a function `transferadminshipDirectly` ([#226](https://github.com/CMTA/CMTAT/pull/226))
+
 ## 2.3.0 - 20230609
 
 - Add Truffle CI workflow (Contributor: [diego-G](https://github.com/diego-G) / [21.co](https://github.com/amun))

diff --git a/FAQ.md b/FAQ.md
@@ -5,30 +5,27 @@ development.
 
 ## Toolkit support
 
-> Why do you continue using Truffle instead of migrating to HardHat or Foundry?
+> Which is the main development tool you use ?
 
-Regarding [Hardhat](https://hardhat.org/):
+Until the version v.2.3.1, we used `Truffle` with `web3js` as our main development tool and testing library. Since this version, we use *custom errors* to generate errors inside our smart contracts and this type of errors are not supported by `Truffle` for testing.
 
-- Our tests are not working with Hardhat so to migrate to hardhat, we will have to update our tests which will require a lot of works.
-- Moreover, we do not see a use case where hardhat will be better than Truffle.
-- Hardhat has a lot of plugins, but for example, for the coverage, we can run the coverage without be fully compatible with Hardhat.
+Therefore, we use `Hardhat` with `web3js` to run our tests, but you can compile the contracts with Truffle or Hardhat.
 
 Regarding [Foundry](https://book.getfoundry.sh/):
 
 -  The plugin "upgrades plugin" by OpenZeppelin is not available with Foundry and it is a very good tool to check the proxy implementation and perform automatic tests. See [https://docs.openzeppelin.com/upgrades-plugins/1.x/](https://docs.openzeppelin.com/upgrades-plugins/1.x/)
 -  The tests for the gasless module (MetaTx) would be difficult to write
    in Solidity, as Foundry requires, see [https://github.com/CMTA/CMTAT/blob/master/test/common/MetaTxModuleCommon.js](https://github.com/CMTA/CMTAT/blob/master/test/common/MetaTxModuleCommon.js)
 - The OpenZeppelin libraries that we use have their tests mainly written in JavaScript, which provides a good basis for our tests
-- Performance wise, we observed that Foundry is superior to Truffle, notably to test the Snapshot module
 - We have a repository [CMTA/CMTAT-Foundry](https://github.com/CMTA/CMTAT-foundry) that provides experimental support for Foundry, but it does not provide complete support and testing for the latest CMTAT version.
 
 
 >  Do you plan to fully support Foundry in the near future? 
 
-For the foreseeable future, we plan to keep Truffle as the main
+For the foreseeable future, we plan to keep Hardhat/Truffle as the main
 development and testing suite.
 
-We have not planned to export all the tests from the Truffle suite to
+We have not planned to export all the tests from the Truffle/Hardhat suite to
 their Solidity version equivalent suitable to Foundry, though some tests
 are already available.
 
@@ -37,9 +34,11 @@ documented in its
 [README](https://github.com/CMTA/CMTAT-Foundry/blob/main/README.md#cmtat---using-the-foundry-suite).
 
 
->  Can Hardhat be used to run tests?
+>  Can Truffle be used to run tests?
 
-No, please use Truffle to run the tests.
+No. Since the version v.2.31 and the use of `custom errors`, the tests no longer work with Truffle.
+
+You can only run the tests with `Hardhat`.
 
 
 ## Modules
@@ -84,7 +83,7 @@ implementation*.
 If you remove the Validation module and want to use the Pause or the
 Enforcement module, you have to call the functions of modules inside the
 main contracts. It was initially the case but we have changed this
-behaviour when addressing an issue reported by a security audit.
+behavior when addressing an issue reported by a security audit.
 Here is an old version:
 [https://github.com/CMTA/CMTAT/blob/ed23bfc69cfacc932945da751485c6472705c975/contracts/CMTAT.sol#L205](https://github.com/CMTA/CMTAT/blob/ed23bfc69cfacc932945da751485c6472705c975/contracts/CMTAT.sol#L205),
 and the relevant Pull [Request](https://github.com/CMTA/CMTAT/pull/153).

diff --git a/README.md b/README.md
@@ -74,7 +74,15 @@ The `kill()` function will therefore not behave as it used to once Cancun is dep
 
 Here the list of the differents modules with the links towards the documentation and the main file.
 
-### Mandatory
+### Controller
+
+| Name             | Documentation                                                | Main File                                                    |
+| ---------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
+| ValidationModule | [validation.md](doc/modules/presentation/optional/validation.md) | [ValidationModule.sol](./contracts/modules/wrapper/optional/SnapshotModule.sol) |
+
+### Core
+
+Generally, these modules are required to be compliant with the CMTA specification.
 
 | Name              | Documentation                                                | Main File                                                    |
 | ----------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
@@ -85,24 +93,24 @@ Here the list of the differents modules with the links towards the documentation
 | MintModule        | [mint.md](doc/modules/presentation/mandatory/mint.md)        | [MintModule.sol](./contracts/modules/wrapper/mandatory/MintModule.sol) |
 | PauseModule       | [pause.md](doc/modules/presentation/mandatory/pause.md)      | [PauseModule.sol](./contracts/modules/wrapper/mandatory/PauseModule.sol) |
 
-### Optional
+### Extensions
+
+Generally, these modules are not required to be compliant with the CMTA specification.
 
 | Name              | Documentation                                                | Main File                                                    |
 | ----------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
 | MetaTxModule      | [metatx.md](doc/modules/presentation/optional/metatx.md)     | [MetaTxModule.sol](./contracts/modules/wrapper/optional/MetaTxModule.sol) |
 | SnapshotModule*   | [snapshot.md](doc/modules/presentation/optional/snapshot.md) | [SnapshotModule.sol](./contracts/modules/wrapper/optional/SnapshotModule.sol) |
-| ValidationModule  | [validation.md](doc/modules/presentation/optional/validation.md) | [ValidationModule.sol](./contracts/modules/wrapper/optional/SnapshotModule.sol) |
 | creditEventModule | [creditEvents.md](doc/modules/presentation/optional/Debt/creditEvents.md) | [CreditEventsModule.sol](./contracts/modules/wrapper/optional/DebtModule/CreditEventsModule.sol) |
 | DebtBaseModule    | [debtBase.md](doc/modules/presentation/optional/Debt/debtBase.md) | [DebtBaseModule.sol](./contracts/modules/wrapper/optional/DebtModule/DebtBaseModule.sol) |
 
 *not imported by default
 
 ### Security
 
-| Name                   | Documentation                                                | Main File                                                    |
-| ---------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
-| AuthorizationModule    | [authorization.md](./doc/modules/presentation/security/authorization.md) | [AuthorizationModule.sol](./contracts/modules/security/AuthorizationModule.sol) |
-| OnlyDelegateCallModule | [onlyDelegateCallModule.md](./doc/modules/presentation/security/onlyDelegateCallModule.md) | [OnlyDelegateCallModule.sol](./contracts/modules/security/OnlyDelegateCallModule.sol) |
+| Name                | Documentation                                                | Main File                                                    |
+| ------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
+| AuthorizationModule | [authorization.md](./doc/modules/presentation/security/authorization.md) | [AuthorizationModule.sol](./contracts/modules/security/AuthorizationModule.sol) |
 
 
 
@@ -153,7 +161,7 @@ The report is available in [ABDK_CMTA_CMTATRuleEngine_v_1_0.pdf](doc/audits/ABDK
 
 ### Tools
 
-You will find the report produced by [Slither](https://github.com/crytic/slither) in [slither-report.md](doc/audits/tools/slither-report.md). 
+You will find the report produced by [Slither](https://github.com/crytic/slither) in [v2.3.1-slither-report.md](doc/audits/tools/v2.3.1-slither-report.md). 
 
 
 ### Test