Skip to content

Releases: celo-org/celo-monorepo

CLI 0.0.59

24 Oct 00:03
e22f1c0
Compare
Choose a tag to compare

Commits included

This release was published on October 23rd, 2020 and includes commits from 49ea377cd99c7d9baaa902a10bbe1db4aa04ddc6 to fb4ea1e5dc1891a996f40a4865f38ddeb10da61b inclusive.

Features

  • Add jsonTransactions flag to governance:show for use in the (contract release process)[https://docs.celo.org/community/release-process/smart-contracts] - ( #5111 )

Bug Fixes

  • Fix attestation service test delivering false negatives - #5336
  • Fix error when listing contract addresses and include some missing new contracts - #5301

Other Changes

  • Convert default log output color from red to yellow - #5517

Valora 1.2.0

16 Oct 20:09
Compare
Choose a tag to compare

Summary

Relative to the 1.1.0 release, this update improves the verification experience by allowing the user to request more invite codes, adds more information about withdrawals to the "Add and Withdraw" screen, and improves the design of the home transaction feed. Other improvements include bug fixes around restoring accounts with non-English Account Keys, withdrawing CELO, and the phone number verification process.

Commits included

This release was cut from master on September 28, 2020 from 5b949c6 and contains additional cherry-picked commits.
See release branch: https://github.com/celo-org/celo-monorepo/tree/release/wallet/1.2.0

Features

  • Add graphics to the "Add and Withdraw" screen (#5046)
  • Add performance logging for iOS devices (#5076)
  • Group activity feed items by date (#5106)
  • Update clipboard practices for iOS 14 changes (#5121)
  • Allow users to resend verification texts (#5134)
  • Add exchange options to the "Add and Withdraw" screen (#5195)

Bug fixes

  • Prevent the mobile device from sleeping during phone number verification (#5007)
  • Fix CELO withdrawals failing when user has no cUSD balance (#5042)
  • Removed unused style properties (#5151)
  • Fix account importing when mnemonic language is not English (#5198)
  • Fix crash that occurs when language package is called before it's loaded (#5299)

Security

  • Known dependency issue: Universal XSS in Android Webview (react-native-webview). Given Valora does not provide the ability to access user inputted URLs, this was deemed a non-blocking issue. The team will monitor for updates and apply a patch when available.
  • Ran static analysis with MobSF on production iOS and Android builds, reviewed results with security team to confirm no blocking issues

Testing

  • End-to-end iOS and Android tests run locally
  • Sanity testing on Galaxy J2 Core and iPhone XS Max
  • Ongoing smoke testing with Ankit and his Lodestone QA team
  • Ongoing internal testing

Core Contracts Release 1

25 Sep 19:57
da72e7e
Compare
Choose a tag to compare

Release Notes:

As the first upgrade to the Celo core smart contracts, this release debuts a new release process that will enable the community to translate governance proposals and CIPs into actual changes on mainnet.

OpenZeppelin Audit Report:

https://blog.openzeppelin.com/celo-contracts-audit/#phase-3

OpenZeppelin audited all core Celo contracts and found no “critical” or “high” severity issues. Three “medium” issues were found in contracts outside the scope of this release. One was in TransferWhitelist which has been obsolete since CELO transfers were enabled and two were in MetaTransactionWallet which is not set for release. The remaining “light” recommendations included using SafeMath everywhere, keeping interfaces perfectly consistent with their implementations, and updating all native transfer operations to be fully compatible with the Istanbul fork. Some “light” suggestions have been left unaddressed to maintain backwards compatibility. For example, the reentrancy guard could be made more gas efficient but it would require redeploying all proxy contracts.

Key updates in this release:

#3806 Slot-based downtime slashing

The existing mechanism for verifying that a validator should be slashed for downtime costs excessive gas to execute when the downtime interval is sufficiently large and can even exceed the block gas limit (#3664). To fix this, the DowntimeSlasher contract now verifies downtime in ‘slots’ rather than a single large interval. This allows verification to be split up into multiple transactions, avoiding the block gas limit.

#4461 Wiggle Room for validator LockedGold requirements

Voting with CELO in the LockedGold contract can lead to a 1 wei rounding error (#3843). This has presented a problem for validators who lock up and vote with exactly 10k CELO, and then find themselves 1 wei short of the staking requirement. Furthermore, groups that are short of the staking requirement may not distribute epoch rewards (#3959). To resolve this, the Validators contract has added ‘wiggle room’ of 10 wei to the staking requirement.

#4298 Allow signer to withdraw attestation fees

Previously, fees earned by running the attestations service could only be withdrawn from the Attestations contract by the validator address that earned them. In many cases, this address is a ReleaseGold contract that has no function for withdrawing from the Attestations contract, leaving validators unable to withdraw their attestation fees (#4296). To resolve this, the withdrawal function has been modified to be called by the attestation signer address, which is an externally owned account controlled by the validator.

#4580 Add sell/buy functions to Exchange.sol

Replaces the exchange(...) function with buy(..., maxPrice) and sell(..., minPrice). Previously, the exchange(...) function only allowed you to set a minimum price and had the same functionality as sell(...).

Related CIP: celo-org/celo-proposals#26

#4583 Allow transferring of attestations

Enables the transfer of phone number attestations to a new address. A new mapping is added to the Attestations contract that records transfer approvals. Users write to this mapping to approve the transfer of their phone number attestations to a new address, and that new address can then complete the approved attestations transfer to assume the user’s phone number.

Other changes:

Also included in this release are many small changes such as the addition of several require(...) statements to improve input verification, and the removal of unnecessary imports. Some contracts were extended to include a getVersionNumber(...) function in order to support the new versioning scheme.

Attestation Service 1.0.5

01 Oct 20:51
b5fc545
Compare
Choose a tag to compare

This is a feature release targeted at operators running multiple validators. Other validators need not upgrade.

Documentation

Full documentation is here.

Upgrading

Validator operators are advised to test first on Baklava before deploying changes on Mainnet.

Deploy the Docker image identified as follows:

  • us.gcr.io/celo-testnet/celo-monorepo:attestation-service-1-0-5
  • us.gcr.io/celo-testnet/celo-monorepo@sha256:e529904b6f5d2c95cb8ee4140a794d45c02deaff25002fcf0bc82f6da5ccf21a

Existing configurations should work as is. New configuration options are described in the documentation.

Changes

Support for High Availability setups

Deployments of multiple Attestation Service instances sharing a single database are now supported and the documentation has been updated. All delivery state is now persisted in the database, so an SMS can be sent by one instance, and an other instance can receive a matching delivery status failure and proceed to retry.

Testing of specific providers

The test attestation endpoint now accepts provider parameter to force provider to test:

tim@Tims-MacBook-Pro attestation-service % curl -H "Content-Type: application/json" -d '{ "phoneNumber":"+1415xxxxxxx","message":"hello","signature":"", "provider":"nexmo"}' localhost:3000/test_attestations

{"success":true,"identifier":"0xfc992dad242cca0dd8607aad3cab6ff4e2f9e47b0cd5c34df1ca19d7d641a373","account":"0xxxx","issuer":"0xxxx","attempt":0,"countryCode":"US","status":"Sent","salt":"9f68a7c35c9d2b04cbb39a714096d66c927132edb72f4be93dd92b919c8db47a","provider":"nexmo"}

It also randomly generates a "salt" so that tests can be stored alongside regular attestations in the database, so they can share more code and be accessible via get_attestations.

Delivery re-requests

A requester can make the same attestation request again, which now has the effect of assuming the previous send failed (even if a delivery receipt was received indicating the send was successful. If there are additional retries available, the next provider is selected, and another SMS is sent. If no retries are available, the endpoint returns 422.

Delivery status endpoint

A new endpoint /get_attestations allows the original requester to retrieve delivery info.

The celocli identity:test-attestation-service command in its next release will also use the /get_attestations endpoint to await a delivery receipt, so that validators have another way of testing that receipts are configured correctly.

tim@Tims-MacBook-Pro attestation-service % curl -i -H "Content-Type: application/json"  'localhost:3000/get_attestations?account=0xxxx&issuer=0xxxx&phoneNumber=%2B1415xxxxxxx&salt=9f68a7c35c9d2b04cbb39a714096d66c927132edb72f4be93dd92b919c8db47a'
HTTP/1.1 200 OK
X-Powered-By: Express
X-Request-Id: ba5f9a0c-dc47-40dd-a6b9-df8c2b31caeb
X-RateLimit-Limit: 50
X-RateLimit-Remaining: 48
Date: Tue, 08 Sep 2020 23:01:13 GMT
X-RateLimit-Reset: 1599606076
Content-Type: application/json; charset=utf-8
Content-Length: 278
ETag: W/"116-lQIpekV90rYPlJEkNfRYo95+NcA"
Connection: keep-alive

{"success":true,"identifier":"0xfc992dad242cca0dd8607aad3cab6ff4e2f9e47b0cd5c34df1ca19d7d641a373","account":"0xxxx","issuer":"0xxxx","attempt":0,"countryCode":"US","status":"Delivered","provider":"nexmo","duration":2274}

Delivery info includes time taken to final delivery success or failure, in ms.

Delivery reliability

Delivery attempts are now striped across providers, i.e try other provider next before retry with same provider. The default config has been fixed to refer to the MAX_DELIVERY_ATTEMPTS setting.

If an attestation is not found on-chain, the request retries up to 10 secs to avoid the case where the full node is running behind a block or two (not if the attestation is found on-chain but is complete)

Metrics

A new metric attestation_service_healthy for overall service health has been added. It is strongly recommended to monitor this metric.

A new metric attestation_requests_rerequest counts re-requests.

Metrics attestation_requests_believed_delivered_sms and attestation_requests_failed_to_deliver_sms have been fixed.

Other changes

  • Parameter DB_RECORD_EXPIRY_MINS to set db record expiry, and now done on a timer, not when attestations happen
  • Setting NODE_ENV=dev allows signature and other checks to be skipped (do not run in production)

Valora 1.1.0

25 Sep 16:35
5abc0c2
Compare
Choose a tag to compare

Summary

Relative to the 1.0.1 release, this update improves the verification experience, reduces the invite code redemption time, adds a daily limit to CELO withdrawals, supports BRL and CVE currencies and includes redesigned DAppKit screens. Other improvements include bug fixes around payment requests, p2p discovery of full nodes, better performance in Data Saver mode and better Spanish translations.

Commits included

This release was cut from master on September 3, 2020 from 861fae1 and contains additional cherry-picked commits.
See release branch: https://github.com/celo-org/celo-monorepo/tree/release/wallet/1.1.0

Features

  • Add deactivated debug mode message (#4794)
  • Hide CTAs with verification when insufficient balance (#4850)
  • Implement a wallet that wraps the GethBridge to operate in Valora without starting geth (#4640)
  • Reduce invite redemption time (#4780)
  • Add daily limit to CELO withdrawals (#4903)
  • DAppkit Redesign (#4793)
  • Split doVerification saga and UI changes to verification (#4920)
  • Add button spinner to Send Amount screen when loading (#4924)
  • Update TOS Link to be a parameter from brandingConfig (#4938)
  • Send Amount Loading Spinner pt 2 (#4956)
  • Mobile discovery (#4680)
  • Use new celo-blockchain build in mobile for 64 bit fix (#4967)
  • Send attestation messages sequentially on Android (#4990)
  • Add link to additional funding options (#5028)
  • Add BRL and CVE local currencies (#5037)

Bug fixes

  • Fix revoke verification and add back dev settings for it (#4875)
  • Make the dismiss Gold Education button work (#4859)
  • Fix QR scan for requests (#4885)
  • Prevent getting stuck on PIN screen (#4858)
  • Fix linking errors on iOS with latest @celo/client and release builds (#4904)
  • Only paste addresses on Withdraw CELO flow (#4931)
  • Add Copy Fixes to Spanish per requested typos (#4945)
  • Fix blank license screen on iOS (take 2) (#4927)
  • Payment requests must use lowercase addresses (#4973)
  • Fix payment request comments decryption (#4979)
  • Fix incorrect verification screen buttons in some cases (#4982)
  • Fix bug to allow users to skip invite redemption after canceling (#4977)
  • Fix user seeing the enter invite code screen after upgrading to 1.1.0 (#5000)
  • Add migration to set redeemComplete to true if account exists (#5002)
  • Fix SendAmount Activity Indicator bug (#5012)
  • Fix escrow failing randomly with local currency (#5039)
  • Fix unable to send transactions after upgrading to 1.1.0 on Android (internal) (#5062)
  • Bug fix for QR scan of Secure Send (#5090)
  • Fixing fatal error when escrow gas estimation fails (#5092)

Security

  • Audited yarn dependencies to confirm no high severity issues
  • Ran static analysis with MobSF on production iOS and Android builds, reviewed results with security team to confirm no blocking issues

Testing

  • End-to-end iOS and Android tests run locally
  • Sanity testing on Nexus 5 and iPhone X
  • Ongoing smoke testing with Ankit and his Lodestone QA team
  • Ongoing internal testing

Attestation Service 1.0.4

10 Sep 23:55
781396d
Compare
Choose a tag to compare

This is a feature release bringing a number of changes. It is recommended that all validators deploy this version on baklava then upgrade on mainnet.

Documentation

Full documentation is here.

Upgrading

Validator operators are advised to test first on Baklava before deploying changes on Mainnet.

Deploy the Docker image identified as follows:

  • us.gcr.io/celo-testnet/celo-monorepo:attestation-service-1-0-4
  • us.gcr.io/celo-testnet/celo-monorepo@sha256: d315dc8ec4981bdf60c34f296623f101b77ed0fc0ca28e2b7fe1884ad8d59097

Existing configurations should work as is. New configuration options are described in the documentation.

Changes

  • This release supports Nexmo applications so that multiple validators can share a single Nexmo billing account but use different callback URLs.

Attestation Service 1.0.3

30 Aug 22:38
ca0fe30
Compare
Choose a tag to compare

This release contains minor bug fixes.

Documentation

Full documentation is here.

Upgrading

All validators are advised to test first on Baklava before deploying changes on Mainnet.

Deploy the Docker image identified as follows:

  • us.gcr.io/celo-testnet/celo-monorepo:attestation-service-1-0-3
  • us.gcr.io/celo-testnet/celo-monorepo@sha256:bbeaae0a728801e24abbaa6e15903ad120ce529e676b82d6a816cb3d4ba622d8

Existing configurations should work as is.

Changes

  • Allow Twilio delivery receipts to be received by Attestation Service instances running behind proxies that rewrite protocol or host (e.g. CloudFlare)
  • Fix an issue responding to certain failed health checks under /healthz

Valora 1.0.1

27 Aug 21:34
Compare
Choose a tag to compare

This is a patch to Valora 1.0.0(15) that includes a single change to better handle zero-balance users who attempt to verify.

Security

While no dependencies have changed in this patch, to formally follow the release process, I have audited yarn dependencies to confirm no high severity issues. I have not rerun static analysis with MobSF on production iOS and Android builds, these results are unchanged and in the original release were reviewed with security team to confirm no blocking issues

Testing

The feature affected by this patch was tested by @jeanregisser confirming expected behavior for these cases. Additionally:

  • End-to-end iOS and Android tests run locally
  • Sanity testing on Pixel 2
  • Ongoing smoke testing with Ankit and his Lodestone QA team
  • Ongoing internal testing
    For more details on the ongoing testing that will be confirmed before promotion to public release, see the Wallet Release Process.

Commits included

  • Adding odis balance check (improved UX for zero-balance verification) #4729
  • Updating build number to 1.0.1

Version scheme

Note that while we wanted to have the first public release version use 1.0.0, in order to keep the existing 1.0.0(15) in the App Store approved and ready for release while this version processes, we had to use a different version number so we used the normal version scheme for a patch, bumping to 1.0.1.

Attestation Service 1.0.2

28 Aug 00:20
e1a6a10
Compare
Choose a tag to compare

This release contains a number of changes to Attestation Service to better support multiple providers, add delivery receipts, and provide insight into failures.

Documentation

Full documentation is here.

Upgrading

All validators are advised to test first on Baklava before deploying changes on Mainnet.

Deploy the Docker image identified as follows:

  • us.gcr.io/celo-testnet/celo-monorepo:attestation-service-1-0-2
  • us.gcr.io/celo-testnet/celo-monorepo@sha256:d58b43eb16d287a574a2d16a10a929777de1bade6a2f51a6be3f897d66dc7519

New configuration options are described in the documentation. Existing configs should work as is, but validators are advised to set up a Nexmo account and test delivery receipts.

Changes

  • Interface for providers to support delivery receipts, and support added to receive them for Twilio and Nexmo
  • Better support for using multiple providers
  • Provider configs can be specified per country code like SMS_PROVIDERS_US=twilio,nexmo
  • SMS send retry logic made generic for all providers:
    ** use country specific provider order, then filtered by unsupported regions
    ** retry send for each provider with backoff (then moving on to next provider)
    ** if a delivery report comes back with a failure, that causes a retry to happen
  • Renamed BLACKLIST config options params to UNSUPPORTED_REGIONS though existing configs are backwards compatible and will work unchanged
  • If VERIFY_CONFIG_ON_STARTUP option set, service startup now verifies account and signer key match, that metadata is available, and that attestation claim is made, to reduce chance of misconfiguration
  • Off-by-default NEXMO_ACCOUNT_BALANCE_METRIC option to expose Nexmo balance as a metric so it can be alerted on to prevent validators running out of funds
  • New metrics:
    ** Counts by provider, country code, and delivery status: attestation_attempts_delivery_status
    ** Counts by provider, country code, and error code: attestation_attempts_delivery_error_codes
    ** Eventual delivery success (or timeout without a delivery report): attestation_requests_believed_delivered_sms
    ** Eventual delivery report of failure: attestation_requests_failed_to_deliver_sms
    ** attestation_requests_unable_to_serve now broken down by country code
  • Health check now detects a full node not syncing but running behind

Valora 1.0.0(15)

25 Aug 23:31
Compare
Choose a tag to compare

This release represents the first public release of Valora

Security

  • Audited yarn dependencies to confirm no high severity issues
  • Ran static analysis with MobSF on production iOS and Android builds, reviewed results with security team to confirm no blocking issues

Testing

  • End-to-end iOS and Android tests run locally
  • Sanity testing on Pixel 2 and iPhone Xs
  • Ongoing smoke testing with Ankit and his Lodestone QA team
  • Ongoing internal testing

For more details on the ongoing testing that will be confirmed before promotion to public release, see the Wallet Release Process.

Commits included

This build was cut from master on August 18, and includes cherry-picked fixes for:

  • Withdraw CELO QR scan fixes (bug fix) #4740
  • Add ‘Confirm Phone Number’ option to settings #4744
  • Make invitation links use vlra.app domain #4733
  • Salt was renamed to pepper (bug fix) #4756
  • Add back trigger for enabling dev mode in setting menu (regression fix) #4760
  • Fix ODIS url in mainnet bug from rename (bug fix) #4772
  • Show correct app icon on older Android devices (bug fix) #4774

Due to an issue only occurring in production iOS releases (#4781), #4723 was reverted to downgrade @celo/client 0.0.315 back to the stable 0.0.309, but celo branding changes and an transfer end-to-end test fix in this PR were kept. Note that these test related changes (9a17cf2 , 9f6e19e, adfd67d) have no effect on the build.

Features included

Relative to the last internal release, this update adds CELO transfers, logout, and a new vlra.app domain for invitation links. Other improvements include performance tracking metrics for Android and bug fixes for accounts with no balance.

Version code

Moving forward, we will use a normal version scheme, ie 1.0.1 for a patch. We chose to use the scheme 1.0.0(15) so that our first public release could be 1.0.0 🥇