v4.0.2

Backported ACL hotfix from v4.4.0 to reduce contract changes between the old and hotfixed ACLs deployed on mainnet.

See notes in v4.4.0.

v4.3.0

This release updates DepositableDelegateProxy for Istanbul contexts.

Due to EIP-1884's gas increases, previous versions of the proxies will no longer accept direct ETH transfers from contracts using .transfer() or .send().

Fixes

• Optimize DepositableDelegateProxy for EIP-1884 (#551) @izqui
• Add safe total supply to SafeERC20 (#543) @facuspagnuolo

Chores

• Add gas check report in CI (#547) @cgewecke
• Upgrade solidity-coverage to v0.6+ (#541) @sohkai

v4.2.1

Special thanks to @haythem96 for helping make this release possible 🎉

This is a patch release to include a new forwarding interface, IForwarderFee.

IForwarderFee: allowing forwarders to declare they require fees

IForwarderFee is an optional interface that can be implemented by Forwarders (IForwarder) to declare that their forwarding action requires a fee be paid.

This is used by frontends to assess whether a forwarding path has additional requirements to succeed:

• A "pretransaction" to approve tokens for the first forwarder requiring fees
• An ETH transfer to the first forwarder

---

Changes:

• Interfaces:
  • Add IForwarderFee (#536) @sohkai
• Testing improvements:
  • Tests: Refactors and enhancements (#525) @facuspagnuolo
  • Tests: Add DAO factory unit tests (#524) @facuspagnuolo
  • Helpers: Fix assert revert helper (#522) @facuspagnuolo
  • cosmetic: re-organize some library tests (#519) @sohkai
  • Organize mocks and test files (#517) @facuspagnuolo
  • Testing improvements (#513) @sohkai
• Project maintenance:
  • Add development network to truffle config (#529) @haythem96
  • Added probot bots (#530) @luisivan

v4.2.0

Special thanks to @gregzaitsev for helping make this release possible 🎉

ReentrancyGuard: making sure your function can't re-enter

This release includes a generic ReentrancyGuard that comes available with AragonApp. You can safely upgrade to using it, because it utilizes unstructured storage under the hood.

Using the new reentrancy guard is as simple as:

contract App is AragonApp {
    function appLogic() external nonReentrant {
    }
}

ConversionHelpers: know when you live dangerously

ConversionHelpers has been exposed as a generic utility for some of the more dangerous casts you may perform. Most of the time you don't want these, or they're already handled internally by aragonOS, but maybe you just want to live on the edge.

It currently exposes two conversions: uint256[] memory to bytes memory and back. These modify the memory in-place, so you should never re-use the old variable once you've done the cast. They're named dangerously (dangerouslyCastUintArrayToBytes() and dangerouslyCastBytesToUintArray()), to help you spot these!

---

Changes:

• Stronger sanity checking for arguments of type bytes, and ensuring all returned bytes are in allocated memory (d92e53f, 446653d, b6823b5, 009e0f5)
• Modify radspec strings (9cce83c, 2bfd50a, thanks @gregzaitsev!)
• A few other testing related or clean up chores

v4.1.0

🎊 Special thanks to @ianbrt and @gregzaitsev for helping make this release possible 🎉

SafeERC20: helping you work with tokens, even when Solidity doesn't want to

Interacting with token contracts can be a tricky process when you can't trust their implementation. A number of buggy tokens have been identified on the Ethereum mainnet, with especially high-profile ones deployed having the "no return" bug.

SafeERC20 smooths out interactions with these buggy or otherwise potentially malicious tokens.

A set of "safe" functions, safeTransfer(), safeTransferFrom(), safeApprove(), are available that handle the "no return" bug and enforce boolean returns (such that no reverts are ever thrown).

A further set of staticcall utilities, staticBalanceOf() and staticAllowance(), are available to enforce the view guarantees of these interfaces on Solidity pragmas pre-0.5.

Using SafeERC20 is as simple as:

contract TokenInteraction {
    using SafeERC20 for ERC20;

    function transferTo(ERC20 _token, address _to, uint256 _amount) external {
        require(_token.safeTransfer(_to, _amount));
    }
}

---

Changes:

• KernelProxy: emit SetApp event on construction (8982e33): Allows frontends to verify the chain of Kernel upgrades from their creation
• feat: Add SafeERC20 (e94109f)
• VaultRecoverable: emit event on successful recovery (ac4e4a3): Makes it easier for frontends to detect when the token recovery functionality was used
• Modify radspec strings (47cc48a, 3ad9a79, thanks @gregzaitsev!)
• Create CONTRIBUTING.md (8e2ab29, thanks @ianbrt!)
• A few other testing related or clean up chores

v4.0.1

Inject web3 to deploy scripts so they can be used from outside.

v4.0.0

🦅 aragonOS 4.0.0 has been released into the wild!

aragonOS 4.0.0 has completed audits from two independent security firms and is now being used by hundreds of Aragon organizations on the Ethereum mainnet.

See the release blog post and migration guide for all the new features and concepts.

🚨aragonOS 4.0 introduces several breaking changes in storage from aragonOS 3.0, so deployed contracts cannot be safely upgraded.

v4.0.0-rc.1

The first release candidate of aragonOS 4.0!

Several changes have been made since beta.2, related to findings from audits, deployments, and improvements from general use.

We do not anticipate any further changes to the contracts.

🚨aragonOS 4.0 introduces several breaking changes in storage from aragonOS 3.0, so deployed contracts cannot be safely upgraded.

v4.0.0-beta.2

Second beta release of aragonOS 4.0.

This is a candidate for audits.

🚨aragonOS 4.0 introduces several breaking changes in storage from aragonOS 3.0, so deployed contracts cannot be safely upgraded.

v4.0.0-beta.1

First beta release of aragonOS 4.0.

This is a candidate for audits (see beta.2 instead)

🚨aragonOS 4.0 introduces several breaking changes in storage from aragonOS 3.0, so deployed contracts cannot be safely upgraded.