Parity's ink! to write smart contracts.
ℹ️ We have created a migration guide from ink! 4 to ink! 5. It also contains an overview over all breaking changes and newly added features. You can view it here.
This release addresses the rest of the severities described in the OpenZeppelin security review of ink! and cargo-contract
.
One of the notable addressed issues is the proxy selector clashing attack.
As of this release, ink! only allows exactly one other message with a well-known reserved selector to be defined.
You can read more about the change in the #1827 and #2031.
ink! 5.0.0 features a significant number of new features:
cargo-contract
will fail to compile the contract with the raw arithmetic operation - #1831.These are the main features we have introduced in this release. We also encourage developers to have a look at more detailed changelog entries to find out about any breaking changes that may affect the development of new ink! contracts.
See the compatibility section of our migration guide for a detailed description. On a high level:
>= 1.70
cargo-contract
: >= 4.0.0
polkadot-js/api
and polkadot-js/api-contract
: >= 10.12.1
substrate-contracts-node
: >= 0.39.0
instantiate_v2
with additional limit parameters #2123
non_fallible_api
lint - #2004
create_call_builder
for testing existing contracts - #2075
call_v2
cross-contract calls with additional limit parameters - #2077
delegate_dependency
api calls - #2076
set_code_hash
generic - #1906
StorageVec
datastructure built on top of Lazy
- #1995
Mapping
and Lazy
- #1910
storage_never_freed
lint - #1932
strict_balance_equality
lint - #1914
no_main
lint - #2001
scale
dependencies, introduce #[ink::scale_derive]
- #1890
sr25519_verify
function to ink_env
#1840
2.0
- #1827
set_block_number
to off-chain test api Engine
- #1806
call_runtime
‒ #1749
E2EBackend
trait - #1867
anonymous
ink! event item configuration argument - #2140
MaxEncodedLen
for output buffer size #2128
Mapping
: Reflect all possible failure cases in comments ‒ #2079
.call
to .call_builder
‒ #2078
runtime_only
attribute argument - #2083
additional_contracts
parameter #2098
TypeSpec
directly - #1999
#[ink::chain_extension]
macro and the definition of the chain extension.ink_linting
to mandatory and extra libraries - #2032
drink
API - #2005
scale
dependencies, introduce #[ink::scale_derive]
‒ #1890
decode_all
for decoding cross contract call result - #1810
build_message
+ callback - #1782
StorageVec
type by excluding the len_cached
field from its type info - #2052
approve_for
in the ERC-721 example - #2092
transfer_token_from
now ensures the token owner is correct - #2093
RootLayout::new()
is generic again to allow using ink_metadata
in pure PortableForm
contexts - #1989
non_fallible_api
lint - #2004
create_call_builder
for testing existing contracts - #2075
call_v2
cross-contract calls with additional limit parameters - #2077
Mapping
: Reflect all possible failure cases in comments ‒ #2079
.call
to .call_builder
‒ #2078
runtime_only
attribute argument - #2083
additional_contracts
parameter #2098
This is a release candidate for ink! 5.0. Notable changes include:
StorageVec
structure that allows access vector data efficiently - #1995
storage_never_freed
lint - #1932
strict_balance_equality
lint - #1914
no_main
lint - #2001
set_code_hash
generic - #1906
StorageVec
datastructure built on top of Lazy
- #1995
TypeSpec
directly - #1999
drink
API - #2005
#[ink::chain_extension]
macro and the definition of the chain extension.The preview release of the ink! 5.0.0 release. This release addresses the majority of issues raised in the OpenZeppelin audit in particular, we addressed the proxy selector clashing attack. As of this release, ink! only allows exactly one other message with a well-known reserved selector to be defined. You can read more about the change in the PR
There are also other notable changes:
delegate_call
cargo-contract
will fail compiling the contract with raw arithmetic operations.You can see a more detailed log of changes below:
scale
dependencies, introduce #[ink::scale_derive]
- #1890
E2EBackend
trait - #1867
sr25519_verify
function to ink_env
#1840
2.0
- #1827
set_block_number
to off-chain test api Engine
- #1806
call_runtime
‒ #1749
scale
dependencies, introduce #[ink::scale_derive]
‒ #1890
[ink_e2e]
build contracts at runtime instead of during codegen - #1881
build_message
+ callback - #1782
This release is to fix compatibility of ink_e2e
with newer (> 1.69) versions of Rust,
which produce signext
instructions, and older versions of pallet_contracts
which do
not yet support these instructions.
contract-build
to 3.2.0
to include signext
lowering, and update
subxt
to remove incompatible wasmi-instrument
transient dependency ‒ #1884
This release contains a low-severity security related fix. Users of the 4.x
series of releases are advised to update.
Note that this release contains a breaking change since the API of ink_env::invoke_contract_delegate
and CallBuilder::try_invoke
now return an extra ink_primitives::MessageResult
which must be handled.
We decided to release this breaking change as a PATCH
release to ensure that affected users are upgrading to the fixed API.
See the published advisory for more info.
LangError
from DelegateCall