Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ Document model note:

## Who uses CMTAT?

CMTAT is used in production by major financial institutions including **UBS**, **Taurus SA**, **Zand Trust **, **Daura**, **Obligate**, and **Syz Group** to tokenize equities, artwork, bonds, structured products, money market funds, and stablecoins.
CMTAT is used in production by major financial institutions including **UBS**, **Taurus SA**, **Zand Trust**, **Daura**, **Obligate**, and **Syz Group** to tokenize equities, artwork, bonds, structured products, money market funds, and stablecoins.

### Example Per Use Case

Expand Down
2 changes: 1 addition & 1 deletion contracts/mocks/engine/CMTATDocumentEngineModuleMock.sol
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,5 @@ contract CMTATDocumentEngineModuleMock is CMTATBaseCore, DocumentEngineModule {
__DocumentEngineModule_init_unchained(documentEngine_);
}

function _authorizeDocumentManagement() internal virtual override(DocumentEngineModule) onlyRole(DOCUMENT_ROLE) {}
function _authorizeDocumentManagement() internal virtual override(DocumentEngineModule) onlyRole(DOCUMENT_ENGINE_ROLE) {}
}
2 changes: 1 addition & 1 deletion contracts/modules/wrapper/options/DocumentEngineModule.sol
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import {IDocumentEngineModule} from "../../../interfaces/modules/IDocumentEngine
*/
abstract contract DocumentEngineModule is Initializable, IDocumentEngineModule {
/* ============ ERC-7201 ============ */
bytes32 public constant DOCUMENT_ROLE = keccak256("DOCUMENT_ROLE");
bytes32 public constant DOCUMENT_ENGINE_ROLE = keccak256("DOCUMENT_ENGINE_ROLE");
// keccak256(abi.encode(uint256(keccak256("CMTAT.storage.DocumentEngineModule")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant DocumentEngineModuleStorageLocation = 0xbd0905600c85d707dc53eba2e146c1c2527cd32ac3ff6b86846155151b3e2700;
/* ==== ERC-7201 State Variables === */
Expand Down
47 changes: 21 additions & 26 deletions doc/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

> To use the CMTAT, we recommend the latest audited version, from the [Releases](https://github.com/CMTA/CMTAT/releases) page. Currently, it is the version [v3.0.0](https://github.com/CMTA/CMTAT/releases/tag/v3.0.0).
>
> PDF files of README are available here: [CMTATSpecificationV3.0.0.pdf](./specification/CMTATSpecificationV3.0.0.pdf), [CMTATSpecificationV3.1.0.pdf](./specification/CMTATSpecificationV3.1.0.pdf)
> PDF files of README are available here: [CMTATSpecificationV3.0.0.pdf](./specification/CMTATSpecificationV3.0.0.pdf), [CMTATSpecificationV3.2.0.pdf](./specification/CMTATSpecificationV3.2.0.pdf)

## Introduction

Expand Down Expand Up @@ -37,7 +37,7 @@ CMTAT has been built with five main goals:
- Technicals: [ERC-2771](https://eips.ethereum.org/EIPS/eip-2771) (MetaTx/Gasless), [ERC-7201](https://eips.ethereum.org/EIPS/eip-7201), [ERC-7802](https://eips.ethereum.org/EIPS/eip-7802),...

4. Security by undergoing audits from trusted firms like [ADBK](https://abdk.consulting) and [Halborn](https://www.halborn.com), and by implementing a range of industry best practices.
- Strong code statements coverage(~99.43%) with 3078 automated tests executed
- Strong code statements coverage(~99.43%) with 5630 automated tests executed
- Run static analyzer ([Aderyn](https://github.com/Cyfrin/aderyn), [Slither](https://github.com/crytic/slither/tree/master)), as well as AI Auditing tools ([Nethermind Audit Agent](https://auditagent.nethermind.io), [Wake Arena](https://ackee.xyz)), before and after the audits
- RBAC Access Control to clearly separates the different roles and permissions

Expand Down Expand Up @@ -197,27 +197,6 @@ CMTAT comes with several different deployment versions to meet specific use case
| MetaTx/Gasless with ERC-2771 | All deployment version, except Debt, DebtEngine, Permit & Light version |
| ERC-2612 Permit + [ERC-6357 Multicall](https://eips.ethereum.org/EIPS/eip-6357)<br />(gas sponsorship approval & batch transaction) | CMTAT Permit (Standalone / Upgradeable) |

##### Contract sizes

Measured with `solc 0.8.34`, optimizer enabled (200 runs). EVM deployed bytecode limit: **24.576 KiB**.

The deployed size is identical between standalone and upgradeable for the same variant; the initcode is larger for standalone contracts since it embeds the full constructor logic rather than a proxy initializer.

| Deployment version | Deployed (KiB) | Initcode standalone (KiB) | Initcode upgradeable (KiB) |
| ------------------ | -------------- | ------------------------- | -------------------------- |
| CMTAT Standard | 22.243 | 25.635 | 22.569 |
| CMTAT Snapshot | 22.067 | 25.459 | 22.394 |
| CMTAT Light | 11.298 | 13.048 | 11.507 |
| CMTAT Allowlist | 19.879 | 23.056 | 20.205 |
| CMTAT Debt | 23.187 | 26.301 | 23.396 |
| CMTAT DebtEngine | 23.791 | 26.905 | 24.000 |
| CMTAT ERC-7551 | 22.807 | 26.198 | 23.133 |
| CMTAT ERC-1363 | 23.805 | 27.238 | 24.131 |
| CMTAT Permit | 23.268 | 26.557 | 23.477 |
| CMTAT UUPS | 23.544 | — | 23.896 |

All variants are within the deployed bytecode limit.

#### CMTAT for stablecoins

Here is a comparison between the features present in major custodian stablecoin and the library CMTAT.
Expand Down Expand Up @@ -2466,7 +2445,7 @@ To deploy CMTAT without a proxy, in standalone mode, you need to use the contrac

Here is the surya inheritance schema:

![surya_inheritance_CMTAT_STANDALONE.sol](./schema/surya_inheritance/surya_inheritance_CMTATStandalone.sol.png)
![surya_inheritance_CMTAT_STANDALONE.sol](./schema/surya_inheritance/surya_inheritance_CMTATStandardStandalone.sol.png)

### Upgradeable (with a proxy)

Expand All @@ -2491,7 +2470,7 @@ See the OpenZeppelin [Upgrades plugins](https://docs.openzeppelin.com/upgrades-p



![surya_inheritance_CMTAT_PROXY.sol](./schema/surya_inheritance/surya_inheritance_CMTATUpgradeable.sol.png)
![surya_inheritance_CMTAT_PROXY.sol](./schema/surya_inheritance/surya_inheritance_CMTATStandardUpgradeable.sol.png)

#### Implementation details

Expand Down Expand Up @@ -3188,8 +3167,24 @@ Alternatively, you can install Hardhat [globally](https://v2.hardhat.org/hardhat
npm run-script size
```

Measured with `solc 0.8.34`, optimizer enabled (200 runs). EVM deployed bytecode limit: **24.576 KiB**.

The deployed size is identical between standalone and upgradeable for the same variant; the initcode is larger for standalone contracts since it embeds the full constructor logic rather than a proxy initializer.

| Deployment version | Deployed (KiB) | Initcode standalone (KiB) | Initcode upgradeable (KiB) |
| ------------------ | -------------- | ------------------------- | -------------------------- |
| CMTAT Standard | 22.243 | 25.635 | 22.569 |
| CMTAT Snapshot | 22.067 | 25.459 | 22.394 |
| CMTAT Light | 11.298 | 13.048 | 11.507 |
| CMTAT Allowlist | 19.879 | 23.056 | 20.205 |
| CMTAT Debt | 23.187 | 26.301 | 23.396 |
| CMTAT DebtEngine | 23.791 | 26.905 | 24.000 |
| CMTAT ERC-7551 | 22.807 | 26.198 | 23.133 |
| CMTAT ERC-1363 | 23.805 | 27.238 | 24.131 |
| CMTAT Permit | 23.268 | 26.557 | 23.477 |
| CMTAT UUPS | 23.544 | — | 23.896 |

![contract-size](./general/contract-size.png)
All variants are within the deployed bytecode limit.

---

Expand Down
4 changes: 2 additions & 2 deletions doc/SUMMARY.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
- **Snapshot** (`CMTATStandaloneSnapshot` / `CMTATUpgradeableSnapshot`) - Same as standard + SnapshotEngine support
- **Light** - Minimal for stablecoins
- **Allowlist** - Whitelist-based transfers (KYC)
- **Debt** - Bond-specific fields (maturity, coupon)
- **Debt** - Bond-specific fields (maturity, coupon) + SnapshotEngine support
- **DebtEngine** - Debt with external engine + SnapshotEngine support
- **ERC-7551** - German eWpG compliance
- **ERC-1363** - transferAndCall support
Expand All @@ -27,7 +27,7 @@

```
Level 0 (independent mixins):
CMTATBaseCommon - Core ERC20 + Mint + Burn + Validation + Access Control
CMTATBaseCommon - Core ERC20 + Mint + Burn + ERC20Enforcement (partial freeze) + ExtraInformation (no RBAC, no pause, no address freeze, no transfer validation)
CMTATBaseCore - Core modules only (light variant)
CMTATBaseGeneric - Non-ERC20 modules only
CMTATBaseSnapshot - Pure mixin: ERC20Upgradeable + SnapshotEngineModule (_update hook)
Expand Down
17 changes: 17 additions & 0 deletions doc/modules/base/0_CMTATBaseCore.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,23 @@ This document defines the CMTAT Base Core Module for the CMTA Token specificatio

[TOC]

## Hierarchy Context

`CMTATBaseCore` sits at **level 0** in the CMTAT inheritance hierarchy. It is the self-contained base used exclusively by the **Light** deployment variants (`CMTATStandaloneLight`, `CMTATUpgradeableLight`).

Unlike `CMTATBaseCommon` (also level 0), `CMTATBaseCore` bundles access control, pause, full validation (`ValidationModule`, `ValidationModuleAllowance`), and enforcement into a single compact base:

| Feature | `CMTATBaseCore` | `CMTATBaseCommon` |
|---|---|---|
| ERC-20 (mint, burn, base) | ✓ | ✓ |
| `AccessControlModule` (RBAC, concrete `_authorize*` overrides) | ✓ | — |
| `PauseModule` + `EnforcementModule` + `ValidationModule` | ✓ | — |
| `ValidationModuleAllowance` (approve/permit checks) | ✓ | — |
| `ERC20EnforcementModule` (partial freeze, forced transfer) | — | ✓ |
| `ExtraInformationModule` | — | ✓ |

`CMTATBaseCommon` is intended to be composed further up the hierarchy (through `CMTATBaseAccessControl` at level 2), where RBAC, enforcement, and extension modules are layered on separately. `CMTATBaseCore` collapses that into one level for the Light case, where only core operations (mint, burn, pause, freeze, `forcedBurn`) are needed.

## Schema

![CMTATBaseCore](../../schema/uml/CMTATBaseCoreUML.png)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

| File Name | SHA-1 Hash |
|-------------|--------------|
| ./modules/0_CMTATBaseCommon.sol | 07c0f430a12b113d1a6ead1e9a4918e10a105662 |
| ./modules/0_CMTATBaseCommon.sol | ef3159d406b8c61dbc2520fb37c0c29c5827d2bc |


### Contracts Description Table
Expand All @@ -15,28 +15,17 @@
|:----------:|:-------------------:|:----------------:|:----------------:|:---------------:|
| └ | **Function Name** | **Visibility** | **Mutability** | **Modifiers** |
||||||
| **CMTATBaseCommon** | Implementation | VersionModule, ERC20MintModule, ERC20BurnModule, ERC20BaseModule, SnapshotEngineModule, ERC20EnforcementModule, DocumentEngineModule, ExtraInformationModule, AccessControlModule, IBurnMintERC20, IERC5679 |||
| └ | __CMTAT_commonModules_init_unchained | Internal 🔒 | 🛑 | onlyInitializing |
| **CMTATBaseCommon** | Implementation | VersionModule, ERC20MintModule, ERC20BurnModule, ERC20BaseModule, ERC20EnforcementModule, ExtraInformationModule, IBurnMintERC20, IERC5679 |||
| └ | decimals | Public ❗️ | |NO❗️ |
| └ | name | Public ❗️ | |NO❗️ |
| └ | symbol | Public ❗️ | |NO❗️ |
| └ | supportsInterface | Public ❗️ | |NO❗️ |
| └ | transfer | Public ❗️ | 🛑 |NO❗️ |
| └ | transferFrom | Public ❗️ | 🛑 |NO❗️ |
| └ | burnAndMint | Public ❗️ | 🛑 |NO❗️ |
| └ | _checkTransferred | Internal 🔒 | 🛑 | |
| └ | _update | Internal 🔒 | 🛑 | |
| └ | _mintOverride | Internal 🔒 | 🛑 | |
| └ | _burnOverride | Internal 🔒 | 🛑 | |
| └ | _minterTransferOverride | Internal 🔒 | 🛑 | |
| └ | _authorizeERC20AttributeManagement | Internal 🔒 | 🛑 | onlyRole |
| └ | _authorizeMint | Internal 🔒 | 🛑 | onlyRole |
| └ | _authorizeBurn | Internal 🔒 | 🛑 | onlyRole |
| └ | _authorizeDocumentManagement | Internal 🔒 | 🛑 | onlyRole |
| └ | _authorizeExtraInfoManagement | Internal 🔒 | 🛑 | onlyRole |
| └ | _authorizeERC20Enforcer | Internal 🔒 | 🛑 | onlyRole |
| └ | _authorizeForcedTransfer | Internal 🔒 | 🛑 | onlyRole |
| └ | _authorizeSnapshots | Internal 🔒 | 🛑 | onlyRole |


### Legend
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

| File Name | SHA-1 Hash |
|-------------|--------------|
| ./modules/0_CMTATBaseCore.sol | 8a4a5979a8c928967f5316539ff24ff15b509a4b |
| ./modules/0_CMTATBaseCore.sol | 6e879243185b8c9f76fcedb367b2aee8b27ba60e |


### Contracts Description Table
Expand All @@ -15,7 +15,7 @@
|:----------:|:-------------------:|:----------------:|:----------------:|:---------------:|
| └ | **Function Name** | **Visibility** | **Mutability** | **Modifiers** |
||||||
| **CMTATBaseCore** | Implementation | Initializable, ContextUpgradeable, VersionModule, ERC20MintModule, ERC20BurnModule, ValidationModuleCore, ERC20BaseModule, AccessControlModule, IForcedBurnERC20, IBurnMintERC20, IERC7551ERC20EnforcementEvent, IERC5679 |||
| **CMTATBaseCore** | Implementation | Initializable, ContextUpgradeable, VersionModule, ERC20MintModule, ERC20BurnModule, ValidationModuleAllowance, ERC20BaseModule, AccessControlModule, IForcedBurnERC20, IBurnMintERC20, IERC7551ERC20EnforcementEvent, IERC5679, IERC7943FungibleTransferError |||
| └ | initialize | Public ❗️ | 🛑 | initializer |
| └ | __CMTAT_init | Internal 🔒 | 🛑 | onlyInitializing |
| └ | __CMTAT_openzeppelin_init_unchained | Internal 🔒 | 🛑 | onlyInitializing |
Expand All @@ -25,6 +25,7 @@
| └ | symbol | Public ❗️ | |NO❗️ |
| └ | supportsInterface | Public ❗️ | |NO❗️ |
| └ | transfer | Public ❗️ | 🛑 |NO❗️ |
| └ | approve | Public ❗️ | 🛑 |NO❗️ |
| └ | transferFrom | Public ❗️ | 🛑 |NO❗️ |
| └ | burnAndMint | Public ❗️ | 🛑 |NO❗️ |
| └ | forcedBurn | Public ❗️ | 🛑 | onlyERC20ForcedBurnManager |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

| File Name | SHA-1 Hash |
|-------------|--------------|
| ./modules/0_CMTATBaseGeneric.sol | e6a7560e642a8d9cf0793b42515b73b9b767f5f5 |
| ./modules/0_CMTATBaseGeneric.sol | 2db1ecb2c69ee4f60e17917ff565907e44da1daf |


### Contracts Description Table
Expand All @@ -15,7 +15,7 @@
|:----------:|:-------------------:|:----------------:|:----------------:|:---------------:|
| └ | **Function Name** | **Visibility** | **Mutability** | **Modifiers** |
||||||
| **CMTATBaseGeneric** | Implementation | Initializable, ContextUpgradeable, ValidationModule, VersionModule, DocumentEngineModule, ExtraInformationModule, AccessControlModule |||
| **CMTATBaseGeneric** | Implementation | Initializable, ContextUpgradeable, ValidationModule, VersionModule, DocumentERC1643Module, ExtraInformationModule, AccessControlModule |||
| └ | __CMTAT_init | Internal 🔒 | 🛑 | onlyInitializing |
| └ | __CMTAT_openzeppelin_init_unchained | Internal 🔒 | 🛑 | onlyInitializing |
| └ | __CMTAT_modules_init_unchained | Internal 🔒 | 🛑 | onlyInitializing |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

| File Name | SHA-1 Hash |
|-------------|--------------|
| ./modules/2_CMTATBaseDebt.sol | e426d5e5e529f32ab738f8f40eb3365b1c359b65 |
| ./modules/0_CMTATBaseSnapshot.sol | a6d54586c8a7ed63bffceed0c7bd1abe35b5e5cd |


### Contracts Description Table
Expand All @@ -15,8 +15,8 @@
|:----------:|:-------------------:|:----------------:|:----------------:|:---------------:|
| └ | **Function Name** | **Visibility** | **Mutability** | **Modifiers** |
||||||
| **CMTATBaseDebt** | Implementation | CMTATBaseRuleEngine, DebtEngineModule |||
| └ | _authorizeDebtManagement | Internal 🔒 | 🛑 | onlyRole |
| **CMTATBaseSnapshot** | Implementation | ERC20Upgradeable, SnapshotEngineModule |||
| └ | _update | Internal 🔒 | 🛑 | |


### Legend
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
## Sūrya's Description Report

### Files Description Table


| File Name | SHA-1 Hash |
|-------------|--------------|
| ./modules/1_CMTATBaseDocument.sol | 6d9a534014f54d5736d99d1dc3f7e6d4ba7cb93d |


### Contracts Description Table


| Contract | Type | Bases | | |
|:----------:|:-------------------:|:----------------:|:----------------:|:---------------:|
| └ | **Function Name** | **Visibility** | **Mutability** | **Modifiers** |
||||||
| **CMTATBaseDocument** | Implementation | DocumentERC1643Module |||


### Legend

| Symbol | Meaning |
|:--------:|-----------|
| 🛑 | Function can modify state |
| 💵 | Function is payable |
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
## Sūrya's Description Report

### Files Description Table


| File Name | SHA-1 Hash |
|-------------|--------------|
| ./modules/2_CMTATBaseAccessControl.sol | cf934aa8b26c9bdc2aeb336391b3c4098da70c18 |


### Contracts Description Table


| Contract | Type | Bases | | |
|:----------:|:-------------------:|:----------------:|:----------------:|:---------------:|
| └ | **Function Name** | **Visibility** | **Mutability** | **Modifiers** |
||||||
| **CMTATBaseAccessControl** | Implementation | AccessControlModule, CMTATBaseCommon, CMTATBaseDocument |||
| └ | __CMTAT_commonModules_init_unchained | Internal 🔒 | 🛑 | onlyInitializing |
| └ | supportsInterface | Public ❗️ | |NO❗️ |
| └ | _authorizeERC20AttributeManagement | Internal 🔒 | 🛑 | onlyRole |
| └ | _authorizeMint | Internal 🔒 | 🛑 | onlyRole |
| └ | _authorizeBurn | Internal 🔒 | 🛑 | onlyRole |
| └ | _authorizeDocumentManagement | Internal 🔒 | 🛑 | onlyRole |
| └ | _authorizeExtraInfoManagement | Internal 🔒 | 🛑 | onlyRole |
| └ | _authorizeERC20Enforcer | Internal 🔒 | 🛑 | onlyRole |
| └ | _authorizeForcedTransfer | Internal 🔒 | 🛑 | onlyRole |


### Legend

| Symbol | Meaning |
|:--------:|-----------|
| 🛑 | Function can modify state |
| 💵 | Function is payable |
Loading