Commits included

This release was published on January 20th, 2021 and includes commits from 6148646a29e5e719df9a1b32d1580ea7e6e61be8 to d532d06f60999e0ed951839cc0cff9e0abf4d505 inclusive. See this blogpost for more details.

Features

• Moved into SDK directory, and made compatible with SDK modularization changes - #4790
• Added ability to specify per token expiry in sorted oracles - #6125
• Adds metrics to ODIS - #5749
• ODIS Client Update - #5621]
• Extend SortedOraclesWrapper to support reporting for arbitrary currency pairs - #6401
• IP712 signature over attestation security code - #6209
• Enable 8 digit code verification and ignore attestation services below 1.1.0 - #6437
• Handle revert flag from web3 for contract calls - #6515
• CIP-21: Governable LookbackWindow Smart Contract changes - #4747

Bug Fixes

• Reverted PR #5709, "Add CUSD transfer to MTW" - #5982
• Removes unnecessary check in vote function - #6056
• Treat null receipt in Connection.getTransactionReceipt - #6178
• Add id field to eth_sign and eth_signTypedData calls - #6264
• Pin our version of secp256k1 - #6432
• Updated ContractKit's README.md #6450
• Fix @ledgerhq package version in CK and CLI - #6496

Other Changes

• Added ability to withdraw attestation rewards via CLI - #6176
• Autogenerated documentation for all new sdk packages - #6199
• Update homepage and repository for sdk packages in documentation - #5998
• Add Portuguese in wallet - #5945
• Mnemonic validation flexibility within Valora - #6372
• Show the international format when displaying phone numbers in Valora #6350
• Modified version of #6474: Fix dependencies to work on standalone installations and in environments without Git #6516

Commits included

This release was published on January 20th, 2021 and includes commits from d4ae6eccc2cfc760818b9132a57c6da67c10b561 to d532d06f60999e0ed951839cc0cff9e0abf4d505 inclusive.

Features

• Pass through oclif table flags to commands which output tables - #5618
• CIP 8 Encryption - #5091
• Add authorized signers to release gold show - #5596
• Extract governance:build-proposal command - #5847
• Add downtime slashing commands - #5632
• Add ability to withdraw attestation rewards via CLI #6176
• Mnemonic validation flexibility within Valora - #6372
• Write transfer and transferFrom commands for MultiSig contract - #6425

Bug Fixes

• Fix param order on account:new internal call - #6319
• Remove broken header links in generated CLI docs - #6415
• Fix @ledgerhq package version in CK and CLI - #6496
• Fix call to set gas currency in CLI base - #6505

Other Changes

• KomenciKit - #5436
• Update base and utils package versions #5655
• Parallelize and simplify fetching of comprensive registry address map - #5568
• Add readability to (big) number and timestamp/duration outputs in CK and CLI - #5584
• Rename build-proposal flag - #5885
• Compatibility with Sdk Modularization - #4790
• Adjust how CLI docs are generated - #5882
• Add install instructions for CLI readme - #6466

This is a feature release for all validators.

Documentation

Full documentation is here.

Upgrading

Validator operators are advised to test first on Baklava before deploying changes on Mainnet.

Deploy the Docker image identified as follows:

us.gcr.io/celo-testnet/celo-monorepo:attestation-service-v1.2.0
us.gcr.io/celo-testnet/celo-monorepo@sha256:4416fc61b0941de7f0299fc0ccdb0fe6c47112eb165484b1d6b702fba3e04a4d

Existing configurations should work as is.

Changes

Support for 8 digit security codes

Attestation Service 1.2.0 adds support for 8 security codes, this is a quality of life improvement for end users and entails no operational changes.

Relevant pull request #6209

Support for MessageBird Provider

It is recommended that validators sign up and add MessageBird as an additional SMS provider. From internal testing, MessageBird has performed better in some regions than the current providers, notably Ghana (where the network has observed high traffic). It is recommended that validators configure it as one of their SMS_PROVIDERS and set SMS_PROVIDERS_GH to use MessageBird first. As more validator adopt the new provider, better recommendations for provider+country performance can be made.

Relevant pull request #5616

Optional Random Provider Configuration

Added SMS_PROVIDERS_RANDOMIZED configuration. This enables randomizing the provider used for an incoming request in the default use-case. The ordered per-country provider lists are never shuffled. This balances the load to all providers so that better data on provider+country success rates can be collected. It is suggested that validators enable this feature.

Relevant pull request #5880

Max Age of Blocks for Health Check Configuration

Adding a MAX_AGE_LATEST_BLOCK_SECS config option which makes the maximum age of the latest block at which the health check fails to be configurable. Previously, we saw issues in baklava where slow blocks were causing spewing of Attestation Service alerts. It is recommended that validators experiencing this issues on baklava to extend the block age.

Relevant pull request #5880

Summary

Just using this to capture changes since 1.7.1 We will probably aggregate all the changes into one release note when this release goes public.

Commits included

This release was cut from master on December 22, 2020 from https://github.com/celo-org/celo-monorepo/commit/d9cea78963c7a53a53ddf9a49f19dadadb9e5119. See release branch: https://github.com/celo-org/celo-monorepo/tree/release/wallet/1.7.2

Bug fixes

• Fix last alert banner redisplayed on re-render (#6325)
• Don't allow going back after wallet is imported successfully (#6279)

Testing

• End-to-end iOS and Android tests run locally.
• Sanity testing on physical devices for iOS and Android.

Summary

This is a bug fix release on top of 1.7.0.

Commits included

This release was cut from master on December 21, 2020 from https://github.com/celo-org/celo-monorepo/commit/51f643db9c05c97f26f91d5920f360f5ff1e0e0b. See release branch: https://github.com/celo-org/celo-monorepo/tree/release/wallet/1.7.1

Bug fixes

• Fix redux store persistence (#6317)
• Upgrade react-native-sms-retriever to fix multiple SMS imports (#6263)

Testing

• End-to-end iOS and Android tests run locally.
• Sanity testing on physical devices for iOS and Android.

Summary

This release is focused on stability. The aim is to minimize crashes and bugs. A few major components such as react native, animation and navigation libraries and hermes-engine have been updated.

Commits included

This release was cut from master on December 20, 2020 from https://github.com/celo-org/celo-monorepo/commit/296f60860d8d4cd4ebf28a20a401ae30c49b1dfd. No PRs have been cherry-picked. See release branch: https://github.com/celo-org/celo-monorepo/tree/release/wallet/1.7.0

Features

• Enable forno as default network setting (#6257)

Bug fixes

• Remove a bunch of unused strings (#6285)
• Upgrade sentry/react-native to 2.1.0 (#6280)
• Change redux storage implementation to file system (#6273)
• Show more descriptive errors when gas estimation fails after QR scan (#6240)
• Allow import to continue if wallet exists in Geth keystore (#6237)
• Fix "Shake-to-Contact" triggered while app is in background #6230
• Handle back button when entering PIN (#6002)
• Upgrade detox, react-native, hermes in order to fix common crashes (#5967)

Security

• Upgrades the react native webview package to fix SSL issue (#6259)

Testing

• End-to-end iOS and Android tests run locally.
• Sanity testing on physical devices for iOS and Android.

Release Notes:

This is the second release of the Celo Core Contracts. It follows the release process per the docs.

Audit Report:

https://blog.openzeppelin.com/celo-contracts-audit/#phase-5

This release's audit scope will cover the verification tooling that has been built to allow Celo stakeholders to have confidence in the safety and correctness of a Celo Core Contract Upgrade Release Proposal.

Key updates in this release:

After the sizable initial release 1, release 2 is much lighter in scope and reflects the core developer's intention to ship smaller changes more frequently as opposed to fewer, but larger changes.

• Update Signatures.sol with EIP-712 support #5122:

The Signatures library was updated with EIP-712 support to allow contracts to easily verify EIP-712 signatures. The prime consumer of this new functionality is the MetaTransactionWallet that was added as part of the audit scope (while not deployed as a Core Contract). As a result, per the versioning docs, this means that consuming contracts (Accounts, Attestations, AttestationsTest, LockedGold, Escrow) have been incremented in their patch versions.

• Per token report expiry in SortedOracles #6125

For the upcoming tBTC integration, SortedOracles may be reused to report CELO/BTC prices. However reporting might happen on different frequencies, thus this change allows Governance to specify separate expirations for different tokens.

• MetaTransactionWallet #4587

As part of fee-less onboarding, also known as Komenci, MetaTransactionWallet was built to support submitting transactions on behalf of another account. While MetaTransactionWallet (and MetaTransactionWalletDeployer) are not a Celo Core Contract (as they are not owned by Governance), they nonetheless are part of the audit scope and thus will be reflected as part of these release reports.

• Unlock-while-voting-invariant bug fix #6368

After cutting for release 2, a bug was reported that under narrow circumstances could allow for a malicious user to vote on the same governance proposal twice. You can find the incident report on the forum. The fix was pulled in to ensure safety after deployment of release 2.

Other changes:

Minor changes have been made, partially in response to an intermediary audit by OpenZeppelin (that will be part of this release's audit report).

Specific Version Updates:

Core Contracts:

• Accounts: 1.1.1.0 => 1.1.1.1
• Attestations: 1.1.1.0 => 1.1.1.1
• AttestationsTest: 1.1.1.0 => 1.1.1.1
• LockedGold: 1.1.1.0 => 1.1.1.1
• Escrow: 1.1.1.0 => 1.1.1.1
• SortedOracles: 1.1.1.0 => 1.1.2.0
• MetaTransactionWallet: new 1.1.0.1
• MetaTransactionWalletDeployer: new 1.1.0.0

Libraries:

• Signatures: 1.1.1.0 => 1.1.2.0

Summary

Relative to the 1.5.5 release, this update includes an improved restore account experience with different languages and adds Australian dollar support. It also addresses bugs causing some crashes on Android.

Commits included

This release was cut from master on November 25, 2020 from https://github.com/celo-org/celo-monorepo/commit/1275eb0ad85f842c97317925c5402c6eb9dd274dand contains additional cherry-picked commits. See release branch: https://github.com/celo-org/celo-monorepo/tree/release/wallet/1.6.0

Features

#5862 Add AUD in Valora
#5825 Restore mnemonics in any language if default fails
#5925 Add support for 8 digits verification code (hidden behind a feature flag)
#5941 Update Account Key backup prompt

Bug fixes

#5963 Dismiss keyboard on PIN code screen
#5900 Fix Cancel and Edit buttons on withdraw when coming from Deep Link
#5905 Do not update Valora balance if balance query was unsuccessful
#5926 Fix decimals keyboard in some Samsung devices
#5960 Update proguard rules to fix a crash at startup for release builds
#5896 Upgrade react-navigation libraries to fix Android crashes
#5911 Fix yarn dev:ios with iOS 14 by updating react native cli version

Security

• Known react native webview vulnerability, approved by security team in a past release

Testing

• Full QA process through Lodestone

Summary

Relative to the 1.3.0 release, this update enables buying cUSD using Simplex, makes verification faster and more reliable, improves deep links handling and includes a "Shake-to-Contact" feature to easily get in touch with our support team. Other improvements include showing the CELO balance in the menu, bug fixes around CELO withdrawal and connectivity issues. It also restricts CP-DOTO for users in the Philippines and Japan.

Note: this release was abandoned and replaced by the v1.5 release. It was never published publicly on the Play Store or App Store.

Commits included

This release was cut from master on November 5, 2020 from 7bb077594e5b08be6fb646d090f50adb9c528e25.
See release branch: https://github.com/celo-org/celo-monorepo/tree/release/wallet/1.4.0

Features

• Add fee estimation for Withdrawing CELO and pay for Withdrawing and Selling CELO fees in CELO (#5345)
• Country feature flags and changes for countries where CP-DOTO is restricted (#5613)
• Don't allow phone numbers from sanctioned countries (#5662)
• Simplex cUSD integration in Valora (#5678)
• Report to analytics reveal statuses from validators (#5315)
• Update copy on the onboarding screens (#5675)
• Allows wallet users to be able to withdraw CELO from Valora using a deep link (#5515)
• Add Japan to restricted CP-DOTO countries (#5708)
• Changes to work with Xcode 12 (#5670)
• Add shake to Contact screen (#5690)
• Use hard-coded gas values in the verifications flow (#5679)
• Show a message on the verification screen to encourage not closing the app (#5702)

Bug fixes

• Display currency of payment request without changing local currency settings (#5112)
• Use CELO to pay for gas when selling CELO (#5572)
• Mitigate transaction timeout issues due to backgrounding and slow networks (#5620)
• Fix handling deep links (#5591)
• Don't start transactions until the PIN is correctly input (#5396)
• Retry if geth fails to init because of no internet (#5700)
• Add correct decimal separator on CELO Withdrawal (#5701)
• Fix account timeout issue during verification (#5656)
• Remove force unlock from initial onboarding flow (#5734)

Testing

• End-to-end iOS and Android tests run locally
• Sanity testing on Nexus 5 and iPhone X
• Ongoing smoke testing with Ankit and his Lodestone QA team
• Ongoing internal testing

Summary

Relative to the 1.4.0 release, this update enables feeless verification. This allows users to verify their phone numbers without paying fees for SMS messages. Also it enables users to invite their friends using Invite functionality and brings redesign to Cash In Cash Out flows.

Commits included

This release was cut from master on November 10, 2020 from https://github.com/celo-org/celo-monorepo/commit/e7818bf02f376222e1fc98858e1afc9150447288. All subsequent PRs been cherry-picked onto release branch from master. See release branch: https://github.com/celo-org/celo-monorepo/tree/release/wallet/1.5.0

Features

• Change Invite Send flow and add invite to drawer (#5660) (#5839)
• Add text explaining exchange rate estimates (#5746)
• Add Komenci (feeless attestations) (#5622) (#5663) (#5742) (#5833) (#5881)
• UI changes for Cash In Cash Out (#5757) (#5775)

Bug fixes

• Switch Valora escrow expiry to 1 hour (#5732)
• Fix translation of Home text in Spanish (#5766)
• Update some Spanish texts (#5769)
• Remove name in invite text (#5767)
• Upgrades the react native webview package to fix SSL issue (#5774)
• Fix empty verification code for komenci (#5781)
• Fix payments to unverified numbers (#5827)
• Fix bug causing users to get stuck on Contact Matching screen (#5826)
• Change Simplex whitelist for blacklist (#5851)
• Spanish copy update (#5857)
• Fix check of previously verified accounts when in feeless flow (#5854)
• Changes to Simplex cash in (#5855)
• Upgrade lib to fix pixel email issue (#5837)
• Change the method used to get account addresses from phone numbers (#5877)
• Use Set instead of Array for Secure Send + don't allow re-verification if an EOA is verified (#5889)

Security

• Upgrade our bip39 to TS version (#5697)
• Upgrades the react native webview package to fix SSL issue (#5774)
• Update known issues file (#5858)

Testing

• End-to-end iOS and Android tests run locally.
• Sanity testing on physical devices for iOS and Android.

Summary

The 1.3.0 update saves names from scanned QR codes and shows them on the transaction feed, adds support for push notifications that open an URL and improves the phone verification experience. Other changes include bug fixes around exchanging CELO to avoid failures and connectivity improvements.

Commits included

This release was cut from master on October 16, 2020 from 57eca5206104e213893dd588276a10c236380591 and contains additional cherry-picked commits.
See release branch: https://github.com/celo-org/celo-monorepo/tree/release/wallet/1.3.0

Features

• Include phone number in DappKit auth (#5263)
• Adding Geth connectivity checks as part of getContractKit (#5094)
• Add display names of scanned QRs to cache (#5154)
• Support push notifications with an "open url" semantic (#5413)

Bug fixes

• Deleting unused Valora assets and deprecating components from the old app design (#5176)
• Removing some dead code from Valora (#5302)
• Fix fetching verification state during onboarding (#5292)
• Fix empty completed Attestations (#5290)
• Allow up to 1% difference on exchange rate for exchanging CELO (#5415)
• Allow skipping verification if ODIS is down (#5438)
• Prevent exiting force update screen (#5430)

Security

• Ran static analysis with MobSF on production iOS and Android builds, reviewed results with security team to confirm no blocking issues

Testing

• End-to-end iOS and Android tests run locally.
• Sanity testing on physical devices for iOS and Android.
• Smoke testing with Ankit and his Lodestone QA team.
• Internal testing by volunteers on both platforms.

Commits included

This release was published on October 23rd, 2020 and includes commits from e22f1c02f1d60bae7f12bee0abe3e81e12d244df to aaaf01be40ba88fe074c4e1410fb7bc3f74c705e inclusive.

Bug Fixes

• Uses the most up-to-date version of @celo/utils (0.1.21) & fixes backward compatibility issues from the last release

Commits

This release was published on October 23rd, 2020 and includes commits from e22f1c02f1d60bae7f12bee0abe3e81e12d244df to aaaf01be40ba88fe074c4e1410fb7bc3f74c705e inclusive.

Bug Fixes

• Uses the most up-to-date version of @celo/contractkit (0.4.17) & fixes backward compatibility issues from the last release
• Actually call toString in oracle report CLI - #5594

Other Changes

• Support the use of scientific notation for the deposit of a governance proposal - #5326
• Require --force with account:claim-attestation-service-url for non-TLS urls #5599

This is a feature release for all validators.

Documentation

Full documentation is here.

Upgrading

Validator operators are advised to test first on Baklava before deploying changes on Mainnet.

Deploy the Docker image identified as follows:

• us.gcr.io/celo-testnet/celo-monorepo:attestation-service-v1.1.0
• us.gcr.io/celo-testnet/celo-monorepo@sha256:7c5791c69b16f1f727e9b708828ea6fb7e1be1c236b22e89049b09b427d1c306

Existing configurations should work as is. New configuration options are described in the documentation.

Changes

Support for security codes

Attestation Service 1.1.0 adds support for security codes. This entails no operational changes.

For clients, the flow is as follows:

• Client calls the /attestations endpoint with a securityCodePrefix parameter (whose value is a single digit number intended to allow the client to disambiguate different senders) and an optional language parameter.
• Attestations Service then sends an SMS with an explanation in the requested language, the security code prefix and a random 7 digit security code, concatenated to appear as a single 8 digit numeric code. The SMS does not include the full signed attestation message.
• The client receives the SMS, extracts the prefix to determine which Attestation Service sent it, then passes the remainder of the code in the securityCode parameter to the /get_attestations endpoint. If the security code supplied is as recorded, the attestation service response will include the signed attestation message.

Other changes

• Fixed an issue where if the Celo node fails and is restarted, the connection to the node was not always re-established.

Commits included

This release was published on October 23rd, 2020 and includes commits from 49ea377cd99c7d9baaa902a10bbe1db4aa04ddc6 to fb4ea1e5dc1891a996f40a4865f38ddeb10da61b inclusive.

Features

• Add jsonTransactions flag to governance:show for use in the (contract release process)[https://docs.celo.org/community/release-process/smart-contracts] - ( #5111 )

Bug Fixes

• Fix attestation service test delivering false negatives - #5336
• Fix error when listing contract addresses and include some missing new contracts - #5301

Other Changes

• Convert default log output color from red to yellow - #5517

Commits included

This release was published on October 23rd, 2020 and includes commits from 49ea377cd99c7d9baaa902a10bbe1db4aa04ddc6 to 7e8622f10cda8452b9639419037641eea3b2d394 inclusive.

Features

• Select static node based on region resolved from timezone - #5266
• Add wrapper for MetaTransactionWallet contract - #5156
• Add proxy initializeImplementation calldata parameter decoding to block explorer - #5507
• Implement signTypedData across all different wallets/signers - #5311

Bug Fixes

• Handle errors when fetching contract addresses from registry - #5301
• Decode proxy contract function calls properly in block explorer - #5449
• Allow AWS HSM signing from AWS user/role without DescribeKey permission for all keys - #5337

Other Changes

• Filter out MetaTransactionWallet from registered contracts #5523
• Enable non-singletons in web3/wrapper contract caches #5518, #5507
• AwsHsmSigner and AwsHsmWallet moved from default exports to named exports - #5337
• Added PROXY_SET_IMPLEMENTATION_SIGNATURE - #5111
• Add blockchain parameters to network config - #5319
• Make initialization of the proxy part of the governance proposal - #5481

Summary

Relative to the 1.1.0 release, this update improves the verification experience by allowing the user to request more invite codes, adds more information about withdrawals to the "Add and Withdraw" screen, and improves the design of the home transaction feed. Other improvements include bug fixes around restoring accounts with non-English Account Keys, withdrawing CELO, and the phone number verification process.

Commits included

This release was cut from master on September 28, 2020 from 5b949c6dbbe6ce6f5ba9d46ff77609f1db0defeb and contains additional cherry-picked commits.
See release branch: https://github.com/celo-org/celo-monorepo/tree/release/wallet/1.2.0

Features

• Add graphics to the "Add and Withdraw" screen (#5046)
• Add performance logging for iOS devices (#5076)
• Group activity feed items by date (#5106)
• Update clipboard practices for iOS 14 changes (#5121)
• Allow users to resend verification texts (#5134)
• Add exchange options to the "Add and Withdraw" screen (#5195)

Bug fixes

• Prevent the mobile device from sleeping during phone number verification (#5007)
• Fix CELO withdrawals failing when user has no cUSD balance (#5042)
• Removed unused style properties (#5151)
• Fix account importing when mnemonic language is not English (#5198)
• Fix crash that occurs when language package is called before it's loaded (#5299)

Security

• Known dependency issue: Universal XSS in Android Webview (react-native-webview). Given Valora does not provide the ability to access user inputted URLs, this was deemed a non-blocking issue. The team will monitor for updates and apply a patch when available.
• Ran static analysis with MobSF on production iOS and Android builds, reviewed results with security team to confirm no blocking issues

Testing

• End-to-end iOS and Android tests run locally
• Sanity testing on Galaxy J2 Core and iPhone XS Max
• Ongoing smoke testing with Ankit and his Lodestone QA team
• Ongoing internal testing

This is a feature release targeted at operators running multiple validators. Other validators need not upgrade.

Documentation

Full documentation is here.

Upgrading

Validator operators are advised to test first on Baklava before deploying changes on Mainnet.

Deploy the Docker image identified as follows:

• us.gcr.io/celo-testnet/celo-monorepo:attestation-service-1-0-5
• us.gcr.io/celo-testnet/celo-monorepo@sha256:e529904b6f5d2c95cb8ee4140a794d45c02deaff25002fcf0bc82f6da5ccf21a

Existing configurations should work as is. New configuration options are described in the documentation.

Changes

Support for High Availability setups

Deployments of multiple Attestation Service instances sharing a single database are now supported and the documentation has been updated. All delivery state is now persisted in the database, so an SMS can be sent by one instance, and an other instance can receive a matching delivery status failure and proceed to retry.

Testing of specific providers

The test attestation endpoint now accepts provider parameter to force provider to test:

tim@Tims-MacBook-Pro attestation-service % curl -H "Content-Type: application/json" -d '{ "phoneNumber":"+1415xxxxxxx","message":"hello","signature":"", "provider":"nexmo"}' localhost:3000/test_attestations

{"success":true,"identifier":"0xfc992dad242cca0dd8607aad3cab6ff4e2f9e47b0cd5c34df1ca19d7d641a373","account":"0xxxx","issuer":"0xxxx","attempt":0,"countryCode":"US","status":"Sent","salt":"9f68a7c35c9d2b04cbb39a714096d66c927132edb72f4be93dd92b919c8db47a","provider":"nexmo"}

It also randomly generates a "salt" so that tests can be stored alongside regular attestations in the database, so they can share more code and be accessible via get_attestations.

Delivery re-requests

A requester can make the same attestation request again, which now has the effect of assuming the previous send failed (even if a delivery receipt was received indicating the send was successful. If there are additional retries available, the next provider is selected, and another SMS is sent. If no retries are available, the endpoint returns 422.

Delivery status endpoint

A new endpoint /get_attestations allows the original requester to retrieve delivery info.

The celocli identity:test-attestation-service command in its next release will also use the /get_attestations endpoint to await a delivery receipt, so that validators have another way of testing that receipts are configured correctly.

tim@Tims-MacBook-Pro attestation-service % curl -i -H "Content-Type: application/json"  'localhost:3000/get_attestations?account=0xxxx&issuer=0xxxx&phoneNumber=%2B1415xxxxxxx&salt=9f68a7c35c9d2b04cbb39a714096d66c927132edb72f4be93dd92b919c8db47a'
HTTP/1.1 200 OK
X-Powered-By: Express
X-Request-Id: ba5f9a0c-dc47-40dd-a6b9-df8c2b31caeb
X-RateLimit-Limit: 50
X-RateLimit-Remaining: 48
Date: Tue, 08 Sep 2020 23:01:13 GMT
X-RateLimit-Reset: 1599606076
Content-Type: application/json; charset=utf-8
Content-Length: 278
ETag: W/"116-lQIpekV90rYPlJEkNfRYo95+NcA"
Connection: keep-alive

{"success":true,"identifier":"0xfc992dad242cca0dd8607aad3cab6ff4e2f9e47b0cd5c34df1ca19d7d641a373","account":"0xxxx","issuer":"0xxxx","attempt":0,"countryCode":"US","status":"Delivered","provider":"nexmo","duration":2274}

Delivery info includes time taken to final delivery success or failure, in ms.

Delivery reliability

Delivery attempts are now striped across providers, i.e try other provider next before retry with same provider. The default config has been fixed to refer to the MAX_DELIVERY_ATTEMPTS setting.

If an attestation is not found on-chain, the request retries up to 10 secs to avoid the case where the full node is running behind a block or two (not if the attestation is found on-chain but is complete)

Metrics

A new metric attestation_service_healthy for overall service health has been added. It is strongly recommended to monitor this metric.

A new metric attestation_requests_rerequest counts re-requests.

Metrics attestation_requests_believed_delivered_sms and attestation_requests_failed_to_deliver_sms have been fixed.

Other changes

• Parameter DB_RECORD_EXPIRY_MINS to set db record expiry, and now done on a timer, not when attestations happen
• Setting NODE_ENV=dev allows signature and other checks to be skipped (do not run in production)

Release Notes:

As the first upgrade to the Celo core smart contracts, this release debuts a new release process that will enable the community to translate governance proposals and CIPs into actual changes on mainnet.

OpenZeppelin Audit Report:

https://blog.openzeppelin.com/celo-contracts-audit/#phase-3

OpenZeppelin audited all core Celo contracts and found no “critical” or “high” severity issues. Three “medium” issues were found in contracts outside the scope of this release. One was in TransferWhitelist which has been obsolete since CELO transfers were enabled and two were in MetaTransactionWallet which is not set for release. The remaining “light” recommendations included using SafeMath everywhere, keeping interfaces perfectly consistent with their implementations, and updating all native transfer operations to be fully compatible with the Istanbul fork. Some “light” suggestions have been left unaddressed to maintain backwards compatibility. For example, the reentrancy guard could be made more gas efficient but it would require redeploying all proxy contracts.

Key updates in this release:

#3806 Slot-based downtime slashing

The existing mechanism for verifying that a validator should be slashed for downtime costs excessive gas to execute when the downtime interval is sufficiently large and can even exceed the block gas limit (#3664). To fix this, the DowntimeSlasher contract now verifies downtime in ‘slots’ rather than a single large interval. This allows verification to be split up into multiple transactions, avoiding the block gas limit.

#4461 Wiggle Room for validator LockedGold requirements

Voting with CELO in the LockedGold contract can lead to a 1 wei rounding error (#3843). This has presented a problem for validators who lock up and vote with exactly 10k CELO, and then find themselves 1 wei short of the staking requirement. Furthermore, groups that are short of the staking requirement may not distribute epoch rewards (#3959). To resolve this, the Validators contract has added ‘wiggle room’ of 10 wei to the staking requirement.

#4298 Allow signer to withdraw attestation fees

Previously, fees earned by running the attestations service could only be withdrawn from the Attestations contract by the validator address that earned them. In many cases, this address is a ReleaseGold contract that has no function for withdrawing from the Attestations contract, leaving validators unable to withdraw their attestation fees (#4296). To resolve this, the withdrawal function has been modified to be called by the attestation signer address, which is an externally owned account controlled by the validator.

#4580 Add sell/buy functions to Exchange.sol

Replaces the exchange(...) function with buy(..., maxPrice) and sell(..., minPrice). Previously, the exchange(...) function only allowed you to set a minimum price and had the same functionality as sell(...).

Related CIP: celo-org/celo-proposals#26

#4583 Allow transferring of attestations

Enables the transfer of phone number attestations to a new address. A new mapping is added to the Attestations contract that records transfer approvals. Users write to this mapping to approve the transfer of their phone number attestations to a new address, and that new address can then complete the approved attestations transfer to assume the user’s phone number.

Other changes:

Also included in this release are many small changes such as the addition of several require(...) statements to improve input verification, and the removal of unnecessary imports. Some contracts were extended to include a getVersionNumber(...) function in order to support the new versioning scheme.

Summary

Relative to the 1.0.1 release, this update improves the verification experience, reduces the invite code redemption time, adds a daily limit to CELO withdrawals, supports BRL and CVE currencies and includes redesigned DAppKit screens. Other improvements include bug fixes around payment requests, p2p discovery of full nodes, better performance in Data Saver mode and better Spanish translations.

Commits included

This release was cut from master on September 3, 2020 from 861fae182457b0c029808ec7cc64fd9958f30f14 and contains additional cherry-picked commits.
See release branch: https://github.com/celo-org/celo-monorepo/tree/release/wallet/1.1.0

Features

• Add deactivated debug mode message (#4794)
• Hide CTAs with verification when insufficient balance (#4850)
• Implement a wallet that wraps the GethBridge to operate in Valora without starting geth (#4640)
• Reduce invite redemption time (#4780)
• Add daily limit to CELO withdrawals (#4903)
• DAppkit Redesign (#4793)
• Split doVerification saga and UI changes to verification (#4920)
• Add button spinner to Send Amount screen when loading (#4924)
• Update TOS Link to be a parameter from brandingConfig (#4938)
• Send Amount Loading Spinner pt 2 (#4956)
• Mobile discovery (#4680)
• Use new celo-blockchain build in mobile for 64 bit fix (#4967)
• Send attestation messages sequentially on Android (#4990)
• Add link to additional funding options (#5028)
• Add BRL and CVE local currencies (#5037)

Bug fixes

• Fix revoke verification and add back dev settings for it (#4875)
• Make the dismiss Gold Education button work (#4859)
• Fix QR scan for requests (#4885)
• Prevent getting stuck on PIN screen (#4858)
• Fix linking errors on iOS with latest @celo/client and release builds (#4904)
• Only paste addresses on Withdraw CELO flow (#4931)
• Add Copy Fixes to Spanish per requested typos (#4945)
• Fix blank license screen on iOS (take 2) (#4927)
• Payment requests must use lowercase addresses (#4973)
• Fix payment request comments decryption (#4979)
• Fix incorrect verification screen buttons in some cases (#4982)
• Fix bug to allow users to skip invite redemption after canceling (#4977)
• Fix user seeing the enter invite code screen after upgrading to 1.1.0 (#5000)
• Add migration to set redeemComplete to true if account exists (#5002)
• Fix SendAmount Activity Indicator bug (#5012)
• Fix escrow failing randomly with local currency (#5039)
• Fix unable to send transactions after upgrading to 1.1.0 on Android (internal) (#5062)
• Bug fix for QR scan of Secure Send (#5090)
• Fixing fatal error when escrow gas estimation fails (#5092)

Security

• Audited yarn dependencies to confirm no high severity issues
• Ran static analysis with MobSF on production iOS and Android builds, reviewed results with security team to confirm no blocking issues

Testing

• End-to-end iOS and Android tests run locally
• Sanity testing on Nexus 5 and iPhone X
• Ongoing smoke testing with Ankit and his Lodestone QA team
• Ongoing internal testing