Features
Services v0.36.0 adds the following functionality:
- Add tracking of property changes for hollow account completion (#4647)
- Adding support for Redirect Token Calls fro evm-module (#4880)
- Update FileSignTool (#4988)
- Adding block number tool (#4997)
- Add client.workflow.operations and test with workflows (#5053)
- update hedera-services to use FSTS CLI instead of system properties
- 6166: Migrate VirtualMap data from JasperDB to MerkleDb data sources
- Implementation of current network functionality in new, modularized application architecture: consensus operations, query workflow, and various preHandle implementations
Security Updates: Hedera Smart Contract Service Security Model Changes
Changes from services v0.35.2 have also been ported to v0.36.0.
- After the security incident on March 9th, the engineers conducted a thorough analysis of the Smart Contract Service and the Hedera Token Service system contracts.
- As part of this exercise, we did not find any additional vulnerabilities that could result in an attack that that which we witnessed on March 9th.
- The team also looked for any disparities between the expectations of a typical smart contract developer who is used to working with the Ethereum Virtual Machine (EVM) or ERC token APIs and the behaviors of the Hedera Token Service system contract APIs. Such differences in behavior could be used by a malicious smart contract developer in unexpected ways.
- In order to eliminate the possibility of these behavioral differences being utilized as attack vectors in the future, the consensus node software will align the behaviors of the Hedera Smart Contract Service token system contracts with those of EVM and typical token APIs such as ERC 20 and ERC 721.
- As a result, the following changes are made as of the mainnet 0.35.2 release on March 31st:
- An EOA (externally owned account) will have to provide explicit approval/allowance to a contract if they want the contract to transfer value from their account balance.
- The behavior of
transferFromsystem contract will be exactly the same as that of the ERC 20 and ERC 721 spectransferFromfunction. - For HTS specific token functionality (e.g. Pause, Freeze, or Grant KYC), a contract will be authorized to perform the associated token management function only if the ContractId is listed as a key on the token (i.e. Pause Key, Freeze Key, KYC Key respectively).
- The
transferTokenandtransferNFTAPIs will behave astransferin ERC20/721 if the caller owns the value being transferred, otherwise it will rely on approve spender allowances from the token owner. - The above model will dictate entity (EOA and contracts) permissions during contract executions when modifying state. Contracts will no longer rely on Hedera transaction signature presence, but will instead be in accordance with EVM, ERC and ContractId key models noted.
- As part of this release, the network will include logic to grandfather in previous contracts.
- Any contracts created from this release onwards will utilize the stricter security model and as such will not have considerations for top-level signatures on transactions to provide permissions.
- Existing contracts deployed prior to this upgrade will be automatically grandfathered in and continue to use the old model that was in place prior to this release for a limited time to allow for DApp/UX modification to work with the new security model.
- The grandfather logic will be maintained for an approximate period of 3 months from this release. In a future release in July 2023, the network will remove the grandfather logic, and all contracts will follow the new security model.
- Developers are encouraged to test their DApps with new contracts and UX using the new security model to avoid unintended consequences. If any DApp developers fail to modify their applications or upgrade their contracts (as applicable) to adhere to the new security model, they may experience issues in their applications.
Property Changes
- Disable chatter on previewnet (#4815)
- Enable prometheus scrape endpoint in previewnet and testnet (#4813)
- Update autoRenew.targetTypes=CONTRACT (#4822)
- Enable HIP-583 features on testnet and mainnet (#4868)
- Disable contract expiry (#5027)
Bug Fixes
- Еxplicit redirectForToken call fix (#4752)
- Fix : Fix nftsOwned for Treasury when NFTs are returned back to treasury
- Clean up block number/record file relationship (#4924)
- Fix : Fix SigRequirements for NFT Transfer using alias (#4886)
- Remove logic that auto assigns alias on CryptoCreate with ECDSA key (#4921)
- Fix created contract ids after hollow account creation (#4973)
Test Improvements
- Minimal inline record validator (#4794)
- Add a test for validating auto-renew behavior (#4882)
- test: create a smart contract, verify it showed up in the record stream
- Reduce itest and e2e test logging to ERROR or above (#4977)
- Add basic validator for validating renewal and expiry records (#4888)
- Improve RecordStreamAccess and EventualRecordStreamAssertion (#4898)
- 4838 d contract expiry specs (#4881)
- Add BlockNoValidator (#4932)
Repository improvements
- Restructuring of repo, including removing old files and moving
docs/,docker/,test-clients/folders underneathhedera-node - Added Snyk scanning
- Updated code style enforcement and configuration (#4980)
- Minor refactorings throughout
Dependency Updates
Documentation Updates
Deprecations
- com.hedera.node.app.config.ConfigurationAdaptor
Contributors
We'd like to thank all the contributors who worked on this release!
@artemananiev
@beeradb
@david-bakin-sl
@dimitar-dinev
@georg-getz
@hendrikebbers
@isavov
@iwsimon
@JeffreyDallas
@jeromy-cannon
@kimbor
@lukelee-sl
@mhess-swl
@MiroslavGatsanoga
@Nana-EC
@nathanklick
@Neeharika-Sompalli
@netopyr
@nikolovyanko
@povolev15
@qnswirlds
@randered
@rbair23
@stoqnkpL
@stoyan-lime
@swirlds-automation
@tannerjfco
@tdermendzhievv
@tinker-michaelj