Release 5.0.0

[SkymanOne]

Summary

This is a release addressing the rest of the severities described in the OpenZeppelin security review of ink! and cargo-contract.
One of the notable addressed issues is the proxy selector clashing attack.
As of this release, ink! only allows exactly one other message with a well-known reserved selector to be defined.
You can read more about the change in the #1827 and #2031.

ink! 5.0.0 features a significant number of new features:

• We have introduced a new API based on the calculated or specified selectors for the event definition. This allows events to be defined in separate files and modules, and be shared across multiple ink! contracts - #1827 and #2031.
• @pmikolajczyk41 has introduced an alternative E2E testing framework, DRink!, that support quasi-testing model, it allows the test simulate a running node as part of the E2E test while improving debugging experience such as allowing to set breakpoint and step through each stage of execution cycle.
• Following improvements in E2E, we have added a call builder API that allows to easily build calls while significantly reducing boilerplate code - #1917 and #2075
• Another notable introduction in 5.0.0 release is the support for multiple chain extensions that empower developers
  to build even more sophisticated and advanced contracts for supported chains - #1958.
• To further address our consideration of the intrinsic security of ink! smart contracts,
  we have disallowed unchecked arithmetic expressions. cargo-contract will fail to compile the contract with the raw arithmetic operation - #1831.

These are the main features we have introduced in this release. We also encourage developers to have a look at more detailed changelog entries to find out about any breaking changes that may affect the development of new ink! contracts.

We have created a migration guide from ink! 4 to ink! 5. It also contains an overview over all breaking changes and newly added features.
You can view it here.

Compatability

• Rust: >=1.70
• cargo-contract: >=4.0.0
• polkadot-sdk: >= 0.9.3, but if using the new functions introduced in #2123 and #2077 >= 1.8.0.
• polkadot-js/api and polkadot-js/api-contract: >=10.12.1
• substrate-contracts-node: >= 0.39.0

Changelog

Added

• instantiate_v2 with additional limit parameters #2123
• Custom signature topic in Events - #2031
• [Linter] non_fallible_api lint - #2004
• [Linter] Publish the linting crates on crates.io - #2060
• [E2E] Added create_call_builder for testing existing contracts - #2075
• call_v2 cross-contract calls with additional limit parameters - #2077
• delegate_dependency api calls - #2076
• Allow mutable parameters in messages - #2004
• Clean E2E configuration parsing - #1922
• Make set_code_hash generic - #1906
• Provide a StorageVec datastructure built on top of Lazy - #1995
• Add fallible methods for Mapping and Lazy - #1910
• [E2E] Allow testing with live-chain state - #1949
• [E2E] Call builders and extra gas margin option - #1917
• [Linter] storage_never_freed lint - #1932
• [Linter] strict_balance_equality lint - #1914
• [Linter] no_main lint - #2001
• Reexport scale dependencies, introduce #[ink::scale_derive] - #1890
• Upgradeable contracts example - #1889
• Persist static buffer size in metadata - #1880
• Modify static buffer size via environmental variables - #1869
• Added sr25519_verify function to ink_env #1840
• Events 2.0 - #1827
• Add set_block_number to off-chain test api Engine - #1806
• Stabilize call_runtime ‒ #1749
• Schema generation - #1765
• Restrict wildcard selectors to have exactly one other message - #1708
• [Linter] Warn when primitive number is annotated as event topic - #1837
• [Drink backend] allow for arbitrary runtime - #1892
• [Drink backend] support runtime call - #1891
• [Drink backend] Make tests generic E2EBackend trait - #1867
• [Drink backend] Backend choice ‒ #1864
• [Drink backend] Backend traits - #1857
• [Drink backend] Abstract error and result structs - #1844

Changed

• Use name-only syntax for anonymous ink! event item configuration argument - #2140
• Restrict syntax for setting default ink! e2e test runtime-only emulator - #2143
• Restrict syntax for setting ink! e2e test node to auto - #2146
• Bump Substrate crates - #2141
• Minor fixes - #2144, #2137, #2132
• Bump metadata version to 5 #2126
• Use MaxEncodedLen for output buffer size #2128
• Mapping: Reflect all possible failure cases in comments ‒ #2079
• [E2E] Rename .call to .call_builder ‒ #2078
• Improve syntax for ink! e2e runtime_only attribute argument - #2083
• [E2E] Remove additional_contracts parameter #2098
• [E2E] change node url backend config - #2101
• Messages return TypeSpec directly - #1999
• Fail when decoding from storage and not all bytes consumed - #1897
• Support multiple chain extensions - #1958
  • New example of how to use multiple chain extensions in one contract.
  • Affects the usage of the #[ink::chain_extension] macro and the definition of the chain extension.
• Split up ink_linting to mandatory and extra libraries - #2032
• [E2E] resolve DispatchError error details for dry-runs - #1994
• [E2E] update to new drink API - #2005
• Reexport scale dependencies, introduce #[ink::scale_derive] ‒ #1890
• Use of workspace dependencies and properties - #1835
• Remove of unchecked arithmetic - #1831
• Use decode_all for decoding cross contract call result - #1810
• [E2E] build contracts at runtime instead of during codegen - #1881
• [E2E] crate refactoring - #1830
• [E2E] improve call API, remove build_message + callback - #1782

Fixed

• Fix alignment in allocator #2100
• Fix the StorageVec type by excluding the len_cached field from its type info - #2052
• Fix panic in approve_for in the ERC-721 example - #2092
• ERC-721: transfer_token_from now ensures the token owner is correct - #2093
• RootLayout::new() is generic again to allow using ink_metadata in pure PortableForm contexts - #1989

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 0% with 13 lines in your changes are missing coverage. Please review.

Project coverage is 53.65%. Comparing base (cd9927a) to head (a6a0fae).

❗ Current head a6a0fae differs from pull request most recent head 8625f32. Consider uploading reports for the commit 8625f32 to get more accurate results

Files	Patch %	Lines
crates/e2e/src/drink_client.rs	0.00%	11 Missing ⚠️
crates/e2e/macro/src/config.rs	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2133      +/-   ##
==========================================
- Coverage   53.75%   53.65%   -0.10%     
==========================================
  Files         224      225       +1     
  Lines        7084     7095      +11     
  Branches     3129     3129              
==========================================
- Hits         3808     3807       -1     
- Misses       3276     3288      +12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

🦑 📈 ink! Example Contracts ‒ Changes Report 📉 🦑

These are the results when building the integration-tests/* contracts from this branch with cargo-contract and comparing them to ink! master:

Contract	Upstream Size (kB)	PR Size (kB)	Diff (kB)	Diff (%)	Change
call-builder-return-value	9.249	9.249	0	0	➖
call-runtime	2.071	2.071	0	0	➖
combined-extension	2.149	2.132	-0.017	-0.791066	📉
conditional-compilation	1.502	1.502	0	0	➖
contract-storage	7.58	7.58	0	0	➖
contract-terminate	1.369	1.369	0	0	➖
contract-transfer	1.731	1.731	0	0	➖
cross-contract-calls	7.732	7.732	0	0	➖
cross-contract-calls/other-contract	1.595	1.595	0	0	➖
custom-allocator	7.787	7.787	0	0	➖
custom-environment	2.158	2.158	0	0	➖
dns	7.355	7.355	0	0	➖
e2e-call-runtime	1.32	1.32	0	0	➖
e2e-runtime-only-backend	1.901	1.901	0	0	➖
erc1155	14.345	14.345	0	0	➖
erc20	6.955	6.955	0	0	➖
erc721	10.044	10.044	0	0	➖
events	5.27	5.27	0	0	➖
flipper	1.651	1.651	0	0	➖
incrementer	1.516	1.516	0	0	➖
lang-err-integration-tests/call-builder-delegate	2.65	2.65	0	0	➖
lang-err-integration-tests/call-builder	5.571	5.571	0	0	➖
lang-err-integration-tests/constructors-return-value	1.997	1.997	0	0	➖
lang-err-integration-tests/contract-ref	5.062	5.062	0	0	➖
lang-err-integration-tests/integration-flipper	1.827	1.827	0	0	➖
lazyvec-integration-test	4.66	4.66	0	0	➖
mapping-integration-tests	8.036	8.036	0	0	➖
mother	12.753	12.753	0	0	➖
multi-contract-caller	6.654	6.654	0	0	➖
multi-contract-caller/accumulator	1.388	1.388	0	0	➖
multi-contract-caller/adder	1.922	1.922	0	0	➖
multi-contract-caller/subber	1.942	1.942	0	0	➖
multisig	21.871	21.871	0	0	➖
payment-channel	5.742	5.742	0	0	➖
psp22-extension	7.083	7.083	0	0	➖
rand-extension	2.977	2.977	0	0	➖
sr25519-verification	1.154	1.154	0	0	➖
static-buffer	2.578	2.578	0	0	➖
trait-dyn-cross-contract-calls	2.899	2.899	0	0	➖
trait-dyn-cross-contract-calls/contracts/incrementer	1.557	1.557	0	0	➖
trait-erc20	7.331	7.331	0	0	➖
trait-flipper	1.502	1.502	0	0	➖
trait-incrementer	1.626	1.626	0	0	➖
upgradeable-contracts/delegator	3.96	3.96	0	0	➖
upgradeable-contracts/delegator/delegatee	1.641	1.641	0	0	➖
upgradeable-contracts/delegator/delegatee2	1.641	1.641	0	0	➖
upgradeable-contracts/set-code-hash-migration	1.755	1.755	0	0	➖
upgradeable-contracts/set-code-hash-migration/migration	1.462	1.462	0	0	➖
upgradeable-contracts/set-code-hash-migration/updated-incrementer	1.909	1.909	0	0	➖
upgradeable-contracts/set-code-hash	1.755	1.755	0	0	➖
upgradeable-contracts/set-code-hash/updated-incrementer	1.733	1.733	0	0	➖
wildcard-selector	2.858	2.858	0	0	➖

Link to the run | Last update: Tue Mar 12 19:23:43 CET 2024

[smiasojed]

I think it would make sense to add to the release notes information about compatibility between Ink, rustc, pallet_contracts, and cargo-contract. WDYT?

[SkymanOne]

I think it would make sense to add to the release notes information about compatibility between Ink, rustc, pallet_contracts, and cargo-contract. WDYT?

Good idea. Will do

[ascjones]

We definitely need #2132 in here @pgherveou

[pgherveou]

We definitely need #2132 in here @pgherveou

this also depends on the drink PR use-ink/drink#110.

[smiasojed]

• cargo-contract: >=4.0.0-rc.3

I think
cargo-contract: >=4.0.0-rc.3, >=5.0.0

[SkymanOne]

• cargo-contract: >=4.0.0-rc.3

I think cargo-contract: >=4.0.0-rc.3, >=5.0.0

Where does >=5.0.0 come from? We are also releasing c-c 4.0.0 which is backward compat with 4.0.0-rc.3

[smiasojed]

My mistake, it should be >=4.0.0-rc.3, >=4.0.0
I remember that in semantic versioning, pre-release version ranges like >=4.0.0-rc.3 do not match stable release versions like 4.0.0. I think that to correctly express the dependencies, we should have >=4.0.0-rc.3, >=4.0.0. But this is a minor issue.

[ascjones]

LGTM 🚀

[cmichi]

🚢