Update beacon factory, add mythril report

CHANGELOG.md

@@ -2,6 +2,27 @@
 
 Please follow <https://changelog.md/> conventions.
 
+## Checklist
+
+> Before a new release, perform the following tasks
+
+- Code: Update the version name in the base core module, variable VERSION
+- Run linter
+
+> npm run-script lint:all:prettier
+
+- Documentation
+  - Perform a code coverage and update the files in the corresponding directory [./doc/general/test/coverage](./doc/general/test/coverage)
+  - Perform an audit with several audit tools (Mythril and Slither), update the report in the corresponding directory  [./doc/audits/tools](./doc/audits/tools)
+  - Update surya doc by running the 3 scripts in [./doc/script](./doc/script)
+
+  - Update changelog
+
+## 2.5.1 - 20241003
+
+- Beacon Factory: deploy an implementation inside the constructor if no implementation is provided
+- Run [myhtril](https://github.com/Consensys/mythril)
+
 ## 2.5.0 - 20240910
 
 - Change Solidity version to 0.8.27 (latest)

README.md

@@ -143,7 +143,7 @@ Here is the list of the different version available for each CMTAT version.
 
 | Name                    | RuleEngine                                                   |
 | ----------------------- | ------------------------------------------------------------ |
-| CMTAT 2.5.0 (unaudited) | RuleEngine >= [v2.0.3](https://github.com/CMTA/RuleEngine/releases/tag/v2.0.3) |
+| CMTAT 2.5.0 (unaudited) | RuleEngine >= [v2.0.3](https://github.com/CMTA/RuleEngine/releases/tag/v2.0.3) (unaudited) |
 | CMTAT 2.4.0 (unaudited) | RuleEngine >=v2.0.0<br />Last version: [v2.0.2](https://github.com/CMTA/RuleEngine/releases/tag/v2.0.2)(unaudited) |
 | CMTAT 2.3.0             | [RuleEngine v1.0.2](https://github.com/CMTA/RuleEngine/releases/tag/v1.0.2) |
 | CMTAT 2.0 (unaudited)   | [RuleEngine 1.0](https://github.com/CMTA/RuleEngine/releases/tag/1.0) (unaudited) |
@@ -254,6 +254,8 @@ Please see the OpenZeppelin [upgradeable contracts documentation](https://docs.o
 
 Please see the OpenZeppelin [Upgrades plugins](https://docs.openzeppelin.com/upgrades-plugins/1.x/) for more information about plugin upgrades in general.
 
+CMTAT also implements the [ERC-7201](https://eips.ethereum.org/EIPS/eip-7201) to manage the storage location.
+
 Note that deployment via a proxy is not mandatory, but is recommended by CMTA.
 
 ### Factory
@@ -324,15 +326,23 @@ The report is available in [ABDK_CMTA_CMTATRuleEngine_v_1_0.pdf](doc/audits/ABDK
 
 ### Tools
 
+#### Slither
+
 You will find the report produced by [Slither](https://github.com/crytic/slither) in 
 
 | Version      | File                                                         |
 | ------------ | ------------------------------------------------------------ |
-| Last version | [slither-report.md](doc/audits/tools/slither-report.md)      |
-| v2.3.0       | [v2.3.0-slither-report.md](doc/audits/tools/v2.3.0-slither-report.md) |
-| v2.3.1       | [v2.3.1-slither-report.md](doc/audits/tools/v2.3.1-slither-report.md) |
-| v2.4.0       | [v2.4.0-slither-report.md](doc/audits/tools/v2.4.0-slither-report.md) |
+| Last version | [slither-report.md](doc/audits/tools/slither//slither-report.md) |
+| v2.3.0       | [v2.3.0-slither-report.md](doc/audits/tools/slither/v2.3.0-slither-report.md) |
+| v2.3.1       | [v2.3.1-slither-report.md](doc/audits/tools/slither/v2.3.1-slither-report.md) |
+| v2.4.0       | [v2.4.0-slither-report.md](doc/audits/tools/slither/v2.4.0-slither-report.md) |
+| v2.5.0       | [v2.5.0-slither-report.md](doc/audits/tools/slither/v2.5.0-slither-report.md) |
+
+#### [Mythril](https://github.com/Consensys/mythril)
 
+| Version      | File                                                         |
+| ------------ | ------------------------------------------------------------ |
+| Last version | [mythril-report-standalone.md](doc/audits/tools/mythril/myth_standalone_report.md)<br />[mythril-report-proxy.md](doc/audits/tools/mythril/myth_proxy_report.md)<br /> |
 
 ### Test
 

contracts/deployment/CMTAT_BEACON_FACTORY.sol

@@ -13,7 +13,6 @@ import "./libraries/CMTATFactoryRoot.sol";
 * 
 */
 contract CMTAT_BEACON_FACTORY is AccessControl, CMTATFactoryRoot {
-    // public
     UpgradeableBeacon public immutable beacon;
     /**
     * @param implementation_ contract implementation
@@ -25,7 +24,8 @@ contract CMTAT_BEACON_FACTORY is AccessControl, CMTATFactoryRoot {
             revert  FactoryErrors.CMTAT_Factory_AddressZeroNotAllowedForBeaconOwner();
         }
         if(implementation_ == address(0)){
-            revert  FactoryErrors.CMTAT_Factory_AddressZeroNotAllowedForLogicContract();
+           // Forwarder is the zero address if no implementation provided
+           implementation_ = address(new CMTAT_PROXY(address(0)));
         }
         beacon = new UpgradeableBeacon(implementation_, beaconOwner);
     }

contracts/deployment/CMTAT_TP_FACTORY.sol

@@ -14,6 +14,11 @@ import "./libraries/CMTATFactoryBase.sol";
 */
 contract CMTAT_TP_FACTORY is CMTATFactoryBase {
 
+    /**
+    * @param logic_ contract implementation, cannot be zero
+    * @param factoryAdmin admin
+    * @param useCustomSalt_ custom salt with create2 or not
+    */
     constructor(address logic_, address factoryAdmin, bool useCustomSalt_) CMTATFactoryBase(logic_, factoryAdmin,useCustomSalt_){}
 
     /*//////////////////////////////////////////////////////////////

contracts/deployment/CMTAT_UUPS_FACTORY.sol

@@ -14,8 +14,9 @@ import "./libraries/CMTATFactoryBase.sol";
 */
 contract CMTAT_UUPS_FACTORY is CMTATFactoryBase {
     /**
-    * @param logic_ contract implementation
+    * @param logic_ contract implementation, cannot be zero
     * @param factoryAdmin admin
+    * @param useCustomSalt_ custom salt with create2 or not
     */
     constructor(address logic_, address factoryAdmin, bool useCustomSalt_) CMTATFactoryBase(logic_, factoryAdmin,useCustomSalt_){}
 

contracts/modules/wrapper/core/BaseModule.sol

@@ -10,7 +10,7 @@ abstract contract BaseModule is AuthorizationModule {
     * @notice 
     * Get the current version of the smart contract
     */
-    string public constant VERSION = "2.5.0";
+    string public constant VERSION = "2.5.1";
 
     /* ============ Events ============ */
     event Term(string indexed newTermIndexed, string newTerm);

doc/TOOLCHAIN.md

@@ -206,3 +206,22 @@ Slither is a Solidity static analysis framework written in Python3
 slither .  --checklist --filter-paths "openzeppelin-contracts-upgradeable|openzeppelin-contracts|@openzeppelin|test" > slither-report.md
 ```
 
+
+
+
+
+### [Mythril](https://github.com/Consensys/mythril)
+
+- Standalone
+
+```bash
+myth analyze contracts/CMTAT_STANDALONE.sol --solc-json solc_setting.json > myth_standalone_report.md
+```
+
+- With proxy
+
+```bash
+myth analyze contracts/CMTAT_PROXY.sol --solc-json solc_setting.json > myth_proxy_report.md
+```
+
+File path for `solc` is configured in `solc_setting.json`

doc/USAGE.md

@@ -101,3 +101,10 @@ For Solidity:
 npm run-script lint:sol  
 npm run-script lint:sol:fix
 ```
+
+## Compilation with solc
+
+```bash
+solc --base-path . --include-path ./node_modules/ contracts/CMTAT_STANDALONE.sol
+```
+

doc/audits/tools/mythril/myth_proxy_report.md

@@ -0,0 +1,2 @@
+The analysis was completed successfully. No issues were detected.
+

doc/audits/tools/mythril/myth_standalone_report.md

@@ -0,0 +1,2 @@
+The analysis was completed successfully. No issues were detected.
+