v1.6.1

v1.6.1 Electra Timing Fix

Fixes a bug on EigenPods regarding partial withdrawals for Electra. Please read the explainer for a detailed description of the bug. No action is needed and no customer funds are at risk.

Release Manager

@ypatil12 @nadir-akhtar @gpsanant @antojoseph

Highlights

🐛 Bug Fixes

• Update the EigenPod.requestWithdrawal function to ensure that validators are pointed to the pod, matching the behavior of requestConsolidation

🔧 Improvements

• Update the EigenPod.verifyWithdrawalCredentials function to only accept beaconTimestamps that are after the latestCheckpointTimestamp. This enables the eigenpod state machine to be easier to be reasoned about

Full Changelog: v1.6.0...v1.6.1

v1.8.0-testnet-final: Multichain and Hourglass

v1.8.0-testnet-final

The below release notes cover the updated version release candidate for multichain and hourglass

Release Manager

@ypatil12 @eigenmikem @0xrajath

Multichain

Highlights

⛔ Breaking Changes

• The leaves of merkle trees used by the OperatorTableUpdater and BN254CertificateVerifier are now salted. The LeafCalculatorMixin is used by:
  • OperatorTableUpdater: To salt the operatorTableLeaf via calculateOperatorTableLeaf. This change is also reflected in the offchain transporter
  • BN254CertificateVerifier: To salt the operatorInfoLeaf via calculateOperatorInfoLeaf. BN254 OperatorSets MUST update their table calculators to use the new BN254TableCalculatorBase in the middleware repo
• Nonsigners in the BN254CertificateVerifier are now sorted by operator index. See PR #1615. All offchain aggregators MUST sort nonsigners by operator index
• The BN254CertificateVerifier now requires signatures over the referenceTimestamp via calculateCertificateDigest. See PR #1610

🛠️ Security Fixes

• The merkle library has been updated to address minor audit issues. No breaking changes. See PR #1606
• Audit fixes for the ReleaseManager. See PR #1608

🔧 Improvements

• Introspection for operatorSets with active generation reservations: hasActiveGenerationReservation. See PR #1589
• Clearer error messages/natspec:
  • PR #1602
  • PR #1587
  • PR #1585
  • PR #1562
  • PR #1567
• Require KeyType to be set when creating a generation reservation. See PR #1561

🐛 Bug Fixes

• Add pagination for querying active generation reservations. See PR #1569
• Fix race conditions on offchain table updates. See PR #1575
• Remove restrictive check on ECDSA certificates required to be confirmed against the latest referenceTimestamp. See PR #1582

Hourglass

Highlights

🔧 Improvements

• Support for signalling instant upgrades in ReleaseManager by setting upgradeByTime to 0. See PR #1608

🐛 Bug Fixes

• Added NoReleases() custom error to isValidRelease() and getLatestUpgradeByTime() in ReleaseManager when there are no releases for a given operator set. See PR #1608
• Added a MAX_TASK_SLA immutable to the TaskMailbox that will be set as DEALLOCATION_DELAY / 2 so that AVSs have half the Deallocation Delay to do any operator slashing in case of misbehavior. See PR #1604
• Checking that block.timestamp + taskConfig.taskSLA <= operatorTableReferenceTimestamp + maxStaleness in the TaskMailbox during taskCreation so that a task cannot be created if its max response time breaches the staleness period of the certificate. See PR #1604
• Updated the _validateBN254Certificate() check to only be for the (0,0) coordinate in the TaskMailbox. See PR #1604

What's Changed

• feat: multichain by @ypatil12 in #1494
• chore: add final moocow audit by @wadealexc in #1505
• fix: strategy manager gap by @0xClandestine in #1508
• test(redistribution-changes): passing by @0xClandestine in #1511
• docs(redistribution-changes): cleanup by @0xClandestine in #1513
• docs: update CHANGELOG by @0xClandestine in #1514
• release(redistribution): post audit changes by @0xClandestine in #1461
• refactor: remove unnecessary signature validation and change param name by @eigenmikem in #1509
• fix: remove unused constants and add gap by @8sunyuan in #1519
• feat: key data reverse lookup by @ypatil12 in #1520
• docs: add final audit reports by @antojoseph in #1523
• docs: clear up certificate verification by @ypatil12 in #1515
• refactor: cleaner reverts for ECDSACertificateVerifier by @ypatil12 in #1521
• fix: internal audit fixes by @ypatil12 in #1524
• docs: update README for v1.5.0 & v1.6.0 by @ypatil12 in #1526
• refactor: table calc interface by @ypatil12 in #1525
• fix: multichain clarity updates by @nadir-akhtar in #1527
• test: multichain integration tests by @eigenmikem in #1528
• fix: multichain deploy scripts by @ypatil12 in #1510
• chore: update v1.7.0 changelog by @ypatil12 in #1529
• fix: typo by @ypatil12 in #1530
• feat: invalid staleness period prevention by @ypatil12 in #1536
• feat: cleaner generator updates by @ypatil12 in #1537
• chore: symmetric BN254 and ECDSA checks by @ypatil12 in #1540
• feat: add calculateCertificateDigestBytes to ECDSA cert verifier (#1532) by @ypatil12 in #1542
• refactor: remove transport interface by @ypatil12 in #1512
• chore: clean up natspec round 1 by @ypatil12 in #1541
• fix: storage gap in CrossChainRegistry by @ypatil12 in #1544
• test: more integration test scenarios and checks file by @eigenmikem in #1548
• fix: prevent globalTableRoot certificate replay upon newly instantiated CertificateVerifiers/OperatorTables by @ypatil12 in #1547
• fix: Multichain (Pt 2) fixes by @nadir-akhtar in #1549
• chore: update foundry.toml to include forge lint config by @0xClandestine in #1539
• chore: KeyRegistrar clarifications by @ypatil12 in #1551
• chore: CertificateVerifier clarifications by @ypatil12 in #1552
• chore: CrossChainRegistry clarifications by @ypatil12 in #1553
• docs: update hoodi strat addresses by @ypatil12 in #1556
• fix: hardening workflows test by @anupsv in #1554
• docs: update for v1.6.0 and v1.5.0 by @ypatil12 in #1558
• chore: update bindings by @ypatil12 in #1565
• docs: multichain by @ypatil12 in #1567
• fix: Release Manager internal review fixes by @nadir-akhtar in #1571
• feat: hourglass by @0xrajath in #1576
• fix: multichain pt1 audit fixes by @ypatil12 in #1572
• feat: update generator script by @ypatil12 in #1581
• fix: remove unused imports by @0xClandestine in #1585
• fix: sp multichain audit fixes by @ypatil12 in #1598
• chore: clearer error message by @ypatil12 in #1602
• fix: multichain pt2 audit fixes by @ypatil12 in #1592
• fix(audit): merkle library audit fixes by @nadir-akhtar in #1606
• fix: hourglass part 1 and 2 au...

v1.8.0-rc.0 : Hourglass

v1.8.0 Hourglass

The Hourglass release consists of a framework that supports the creation of task-based AVSs. The task-based AVSs are enabled through a TaskMailbox core contract deployed to all chains that support a CertificateVerifier. Additionally AVSs deploy their TaskAVSRegistrar. The release has 3 components:

1. Core Contracts
2. AVS Contracts
3. Offchain Infrastructure

The below release notes cover Core Contracts. For more information on the end to end protocol, see our docs and core contract docs.

Release Manager

@0xrajath

Highlights

This hourglass release only introduces new contracts. As a result, there are no breaking changes or deprecations.

🚀 New Features

Destination Chain Contracts

• TaskMailbox: A core infrastructure contract that enables task-based AVS execution models. It provides a standardized way for AVSs to create tasks, have operators execute them, and submit verified results on-chain. The contract acts as a mailbox system where task creators post tasks with fees, and operators compete to execute and submit results with proper consensus verification.

Changelog

• fix: correct ecdsa message hash check PR #1563
• fix: missing assume in fuzz test
• fix: submitResult certificate checks PR #1557
• chore: forge fmt
• fix: certificate verifier interface changes
• feat: hourglass zeus script PR #1546
• fix: mock certificate verifiers PR #1545
• feat: hourglass (task-based AVS framework) PR #1534
• docs: changelog
• fix: hourglass release upgrade semver
• fix: deploy script

Full Changelog: v1.7.0-rc.4...v1.8.0-rc.0

v1.7.0-rc.4

Updates multichain release with bindings

Full Changelog: v1.7.0-rc.3...v1.7.0-rc.4

v1.6.0

v1.6.0 Moocow and ELIP5

Release Manager

@wadealexc @bowenli86

Highlights

🚀 New Features

• New APIs supporting Pectra's validator consolidation and withdrawal features: EigenPod.requestConsolidation(...) and EigenPod.requestWithdrawal(...)
• New getters to support Pectra APIs: EigenPod.getConsolidationRequestFee() and EigenPod.getWithdrawalRequestFee()
• Added 4 new events to EigenPod.sol to track consolidation and withdrawal requests
• Added 2 new events to Eigen.sol to track token wraps/unwraps with BackingEigen

📌 Deprecations

• Removed EigenPod.GENESIS_TIME() getter. This method, though public, has been unused for over a year.

🔧 Improvements

• When finalizing an EigenPod checkpoint (proofsRemaining == 0), the contract will store the finalized checkpoint in storage. This can be queried via EigenPod.currentCheckpoint(). Starting a new checkpoint will overwrite this previously-finalized checkpoint.
• Added semver to Eigen
• Signatures of a few EigenPod events are changed to match the rest events and take validator pubkey hash instead of validator index, which standardized EigenPod events signature

🐛 Bug Fixes

• For Hoodi, updates fixes ethPOS deposit contract to point to 0x00000000219ab540356cBB839Cbe05303d7705Fa

Changelog

• feat: merge Moocow and ELIP5 into main PR #1425
• docs: proper markdown PR #1435
• docs: update readme
• chore: update testnet addresses for redistribution PR #1428
• chore: remove User_M2.t.sol
• feat: update EIGEN binding
• chore: resolve conflicts in upgrade.json
• chore: update harness class formatting
• chore: complete v1.6.0 changelog
• chore: changelog and bindings
• test: add more script tests for Eigen and standardize semver
• feat: add semver to eigen PR #1371
• feat: add TokenWrapped and TokenUnwrapped events in Eigen for observability PR #1356
• feat: change eigenpod events to use pubkeyHash over index
• feat: release scripts for moocow and elip5
• feat: currentCheckpoint now returns finalized checkpoint
• feat: implement consolidation and withdrawal requests
• chore: update eigenpod and eigen impls addresses in holesky and hoodi by @bowenli86 in #1448
• chore: add multisend parser to scripts directory by @nadir-akhtar in #1486
• docs: update version matrix by @ypatil12 in #1491
• chore: MOOCOW audit fixes by @wadealexc in #1496

Full Changelog: v1.5.0...v1.6.0

v1.7.0-rc.3: Multichain

v1.7.0-rc.3: Multichain

The below release notes cover the updated version release candidate for multichain

Note: v1.7.0-rc.1 is the final redistribution release on top of multichain. v1.7.0-rc.2 is the final MOOCOW release on top of multichain.

Release Manager

@ypatil12 @eigenmikem

Highlights

🚀 New Features

• The ECDSACertificateVerifier and BN254CertficateVerifier have new storage/introspection for checking a reference timestamp: isReferenceTimestampSet

⛔ Breaking Changes

• The preprod/testnet contracts have been redeployed with fresh addresses since this upgrade is not upgrade safe from v1.7.0-rc.0
• CrossChainRegistry: All references to AVSs setting transport destinations have been removed. OperatorSets will be transported to all supported chains. See PR #1512
  • createGenerationReservation no longer takes in a list of chainIDs
  • addTransportDestinations and removeTransportDestinations have been removed
  • getActiveTransportReservations and getTransportDestinations(operatorSet) have been removed
• ECDSACertificateVerifier
  • getTotalStakes has been renamed to getTotalStakeWeights
  • signedStakes has been renamed to totalSignedStakeWeights
• KeyRegistrar
  • checkKey has been deprecated in favor of isRegistered

🛠️ Security Fixes

• In the OperatorTableCalculator, we now hard-code the Generator's table root and reference timestamp. See PR #1537

🔧 Improvements

• The ECDSACertificateVerifier now has a calculateCertificateDigestBytes, which returns the non-hashed bytes of the digest. See PR #1542
• Clarify stakes are stake weights and update natspec for clarity. See PR #1541
• Add getTotalStakeWeights and getTotalStakeWeights to BN254CertificateVerifier. See PR #1552

🐛 Bug Fixes

• Allow 0 staleness periods for the ECDSACertificateVerifier. See PR #1540
• Allow ECDSA certificates to be valid even if not on the latest reference timestamp to match BN254 certificates. See PR #1540
• Added a new parameter: TableUpdateCadence to the CrossChainRegistry. We now enforce that maxStalenessPeriod is >= TableUpdateCadence to prevent bricking Certificate Verification. See PR #1536
• Prevent replay of past certificates on new environments. See PR #1547

What's Changed

• feat: invalid staleness period prevention by @ypatil12 in #1536
• feat: cleaner generator updates by @ypatil12 in #1537
• chore: symmetric BN254 and ECDSA checks by @ypatil12 in #1540
• feat: add calculateCertificateDigestBytes to ECDSA cert verifier (#1532) by @ypatil12 in #1542
• refactor: remove transport interface by @ypatil12 in #1512
• chore: clean up natspec round 1 by @ypatil12 in #1541
• fix: storage gap in CrossChainRegistry by @ypatil12 in #1541
• test: more integration test scenarios and checks file by @eigenmikem in #1548
• fix: prevent globalTableRoot certificate replay upon newly instantiated CertificateVerifiers/OperatorTables by @ypatil12 in #1547
• fix: Multichain (Pt 2) fixes by @nadir-akhtar in #1549
• chore: KeyRegistrar clarifications by @ypatil12 in #1551
• chore: CertificateVerifier clarifications by @ypatil12 in #1552
• chore: CrossChainRegistry clarifications by @ypatil12 in #1553

Full Changelog: v1.7.0-rc.0...v1.7.0-rc.3

v1.7.0-rc.0: Multichain

v1.7.0 Multi Chain

The multichain release enables AVSs to launch their services and make verified Operator outputs available on any EVM chain, meeting their customers where they are. AVSs can specify custom operator weights to be transported to any destination chain. The release has 3 components:

1. Core Contracts
2. AVS Contracts
3. Offchain Infrastructure

The below release notes cover Core Contracts. For more information on the end to end protocol, see our docs and ELIP-008.

Release Manager

@ypatil12 @eigenmikem

Highlights

This multichain release only introduces new standards and contracts. As a result, there are no breaking changes or deprecations.

🚀 New Features – Highlight major new functionality

Source-Chain Contracts

• KeyRegistrar: Manages cryptographic keys for operators across different operator sets. It supports both ECDSA and BN254 key types and ensures global uniqueness of keys across all operator sets
• CrossChainRegistry: Enables AVSs to register to have their operator stakes transported to supported destination chains
• ReleaseManager: Provides a standardized way for AVSs to publish software artifacts (binaries, docker images, etc.) that operators in their operator sets should upgrade to by specified deadlines

Destination Chain Contracts

• CertificateVerifier: Proves the offchain execution of a task, via a Certificate, by the operators of an operatorSet. Two types of key material are supported: ECDSA and BN254
• OperatorTableUpdater: Updates operator tables in the CertificateVerifier to have tasks validated against up-to-date operator stake weights

🔧 Improvements – Enhancements to existing features.

• The multichain protocol has protocol-ized several AVS-deployed contracts, enabling an simpler AVS developer experience. These include:
  • KeyRegistrar: Manages BLS and ECDSA signing keys. AVSs no longer have to deploy a BLSAPKRegistry
  • CertificateVerifier: Handles signature verification for BLS and ECDSA keys. AVSs no longer have to deploy a BLSSignatureChecker
  • Offchain Multichain Transport: AVSs no longer have to maintain avs-sync to keep operator stakes fresh

Changelog

• fix: multichain deploy scripts PR #1510
• test: multichain integration tests PR #1528
• fix: multichain clarity updates PR #1527
• refactor: table calc interface PR #1525
• docs: update README for v1.5.0 & v1.6.0 PR #1526
• docs: update ecdsa vc func
• docs: fix ordering of cv funcs
• chore: use bps_denominator in ecdsa cv
• chore: domain separator no chain id doc
• chore: use uint256 for index
• chore: is spent
• fix: cert verifier typo
• fix: by hash docs consistency
• refactor: cleaner reverts for ECDSACertificateVerifier PR #1521
• docs: clear up certificate verification PR #1515
• docs: add final audit reports
• feat: key data reverse lookup PR #1520
• fix: remove unused constants and add gap PR #1519
• refactor: remove unnecessary signature validation and change param name PR #1509
• docs: update CHANGELOG PR #1514
• docs(redistribution-changes): cleanup PR #1513
• test(redistribution-changes): passing PR #1511
• fix: strategy manager gap PR #1508
• refactor: remove redistribution delay PR #1485
• docs(audit): note upgrade rescue flow PR #1467
• fix(audit): assert redistribution recipient != burn address PR #1466
• fix(audit): more reentrancy checks PR #1450
• fix(audit): out-of-gas issue PR #1459
• chore: add final moocow audit
• docs: changelog PR #1504
• feat: multichain deploy scripts PR #1487
• feat: operator table updater pauser PR #1501
• feat: add publishMetadataURI PR #1492
• refactor: globalRootConfirmerSet -> generator PR #1500
• fix: circular dependency for initial global root update PR #1499
• chore: remove stale bindings PR #1498
• fix: zero length PR #1490
• docs: multichain docs PR #1488
• refactor: remove table calculators PR #1493
• refactor: KeyRegistry unit testing PR #1482
• feat: disable root PR #1481
• refactor: ECDSATableCalculator testing PR #1479
• refactor: operators can deregister keys if not slashable PR #1480
• refactor: ECDSACertificateVerifier testing PR #1478
• refactor: Bn254CertificateVerifierUnitTests PR #1476
• feat: ecdsa table calculator PR #1473
• feat: ecdsacv views PR #1475
• refactor: BN254OperatorTableCalculator PR #1463
• feat: add referenceBlockNumber PR #1472
• feat: release manager PR #1469
• feat: ecdsa cert verifier PR #1470
• feat: add view function for getGlobalConfirmerSetReferenceTimestamp PR #1471
• chore: add helper view function PR #1465
• chore: add sig digest functions to interface PR #1464
• refactor: CrossChainRegistry PR #1457
• fix: global table update message hash PR #1460
• refactor: sig verification into library PR #1455
• fix: OperatorTableUpdater encoding PR #1456
• chore: add latest referenceTimestamp to OTC interface PR #1454
• chore: bindings PR #1452
• feat: add operator table updater to CCR PR #1451
• chore: multichain deploy scripts PR #1449
• feat: cross chain registry PR #1439
• chore: update BN254CertificateVerifier PR #1447
• feat: bn254 operator table contracts PR #1429
• feat: KeyRegistrar PR #1421
• feat: operator table updater PR #1436
• feat: bn254 certificate verifier PR #1431
• chore: bindings + interface update PR #1438
• chore: update multichain interfaces PR #1433
• feat: multi chain interfaces PR #1423

New Contributors

• @antojoseph made their first contribution in #1523

Full Changelog: v1.6.0...v1.7.0-rc.0

v1.5.0

v1.5.0 Redistribution

Release Manager

@0xClandestine @ypatil12

Highlights

🚀 New features

• Redistribution is a feature that gives Service Builders a means to not just burn, but repurpose slashed funds.
• We introduce a new operatorSet creation mechanism: AllocationManager.createRedistributingOperatorSets, which allows slashed funds to be redistributed to a RedistributionRecipient. Note: The redistribution recipient can be set only once and is immutable.
• All slashed funds now follow a two-step process. During a slash, we increase burn or redistributable shares. A cronjob then handles the actual redistribution or burning of these shares.
• The original createOperatorSets function still exists. This function creates operatorSets whose slashed funds will eventually be burned. There is no mechanism to convert an operatorSet to be redistributing.
• See ELIP-006 for a full description.

📌 Future Deprecations

• The pre-redistribution burn pathway StrategyManager.decreaseBurnableShares will be deprecated in an upgrade after the redistribution release. This function can still be used to burn shares that have been slashed at any point prior to the redistribution upgrade.

🛠️ Security Updates

• The slashing of burned funds is no longer instantaneous. All slashed funds (burned or redistributed) now go through a two-step process where shares are first marked for burning/redistribution, then processed by a cronjob. The burning or redistribution of slashed funds can be paused by the PauserMultisig.

🔧 Improvements

• The AllocationManager.slashOperator function now returns a slashId and array of shares to be burned/redistributed. The function selector remains the same.
• OperatorSets now have a slashCount field, which returns the number of slashes completed by the operatorSet. This value only reflects the number of slashes after the redistribution upgrade.
• StrategyBase returns an amountOut upon withdrawal to comply with standard ERC-4626 vaults.
• The AllocationManager and DelegationManager no longer use ownable. Thus, they now inherit the Deprecated_OwnableUpgradeable mixin in its place to reduce codesize.

🐛 Bug Fixes

• SemVerMixin is updated to only return the first character of majorVersion. We currently return 1. and will return 1 after this upgrade.

Changelog

• feat(draft): AllocationManager redistribution support PR #1346
• feat: redistribution upgrade script PR #1396
• chore: bindings PR #1422
• test: redistribution upgrade PR #1410
• test: redistribution integration PR #1415
• docs: redistribution PR #1409
• chore: address redistribution nits PR #1420
• chore: style updates PR #1416
• perf: avoid binary search PR #1417
• feat: release escrow by strategy PR #1412
• refactor: review changes PR #1411
• refactor: decreaseBurnOrRedistributableShares PR #1414
• feat: deploy escrow in initiateSlashEscrow PR #1413
• chore: update naming PR #1408
• feat: simplify escrow delay; add convenience functions PR #1406
• fix: enumerable map overwrite PR #1399
• chore: decrease dm diff further PR #1404
• test: full coverage SlashEscrowFactory + SlashEscrow PR #1403
• chore: remove dm/alm code size optimizations PR #1398
• chore: rename burnable -> burnOrRedistributable; fix storage gap; remove poc code PR #1397
• chore: use internal getters; update isOperatorRedistributable PR #1401
• fix: storage checker PR #1394
• fix: review issues PR #1391
• feat: escrow funds in unique clone contracts PR #1387
• refactor: remove v prefix from SemVerMixin PR #1385
• test(redistribution): add unit tests PR #1383
• feat: add SlashingWithdrawalRouter PR #1358
• feat: simplify removeDepositShares in StrategyManager PR #1373
• feat(draft): AllocationManager redistribution support PR #1346
• ci: add explicit permissions to workflows to mitigate security concerns PR #1392
• ci: remove branch constraint for foundry coverage job
• docs: add release managers to changelogs
• docs: add templates for changelog and release notes PR #1382
• docs: add doc for steps to write deploy scripts PR #1380
• ci: add testnet envs sepolia and hoodi to validate-deployment-scripts PR #1378
• docs: update MAINTENANCE to include practices of merging multiple release-dev branches
• docs: updating readme for dead links, readability, new language, and more PR #1377
• docs: bump deployment matrix to top of README PR #1376
• ci: add CI to auto validate deployment scripts PR #1360
• chore: update readme for v1.4.1 PR #1361
• ci: add cron to auto remove stale branches PR #1348
• chore: Update README for Holesky v1.4.2 release PR #1351
• docs: remove fork-pr instructions from CONTRIBUTING.md and MAINTENANCE.md
• ci: disable delete unauthorized branches
• docs: update addresses for mainnet PR #1341
• docs: enrich MAINTENANCE.md re: release branches PR #1340
• ci: enable auto delete branch upon eigengit launch PR #1339
• test(redistribution-changes): passing PR #1511
• fix: strategy manager gap PR #1508
• refactor: remove redistribution delay PR #1485
• docs(audit): note upgrade rescue flow PR #1467
• fix(audit): assert redistribution recipient != burn address PR #1466
• fix(audit): more reentrancy checks PR #1450
• fix(audit): out-of-gas issue PR #1459
• fix(audit): assert redistribution recipient != burn address PR #1466
• docs(audit): note upgrade rescue flow PR #1467
• refactor: remove redistribution delay PR #1485
• fix: strategy manager gap PR #1508
• test(redistribution-changes): passing PR #1511
• docs(redistribution-changes): cleanup PR #1513
• docs: update CHANGELOG PR #1514
• feat: redistribution upgrade scripts PR #1517

Full Changelog: v1.4.1...v1.5.0

v1.6.0-rc.0

v1.6.0 Moocow and ELIP5

Release Manager

@wadealexc @bowenli86

Highlights

🚀 New Features

• New APIs supporting Pectra's validator consolidation and withdrawal features: EigenPod.requestConsolidation(...) and EigenPod.requestWithdrawal(...)
• New getters to support Pectra APIs: EigenPod.getConsolidationRequestFee() and EigenPod.getWithdrawalRequestFee()
• Added 4 new events to EigenPod.sol to track consolidation and withdrawal requests
• Added 2 new events to Eigen.sol to track token wraps/unwraps with BackingEigen

📌 Deprecations

• Removed EigenPod.GENESIS_TIME() getter. This method, though public, has been unused for over a year.

🔧 Improvements

• When finalizing an EigenPod checkpoint (proofsRemaining == 0), the contract will store the finalized checkpoint in storage. This can be queried via EigenPod.currentCheckpoint(). Starting a new checkpoint will overwrite this previously-finalized checkpoint.
• Added semver to Eigen
• Signatures of a few EigenPod events are changed to match the rest events and take validator pubkey hash instead of validator index, which standardized EigenPod events signature

🐛 Bug Fixes

• For Hoodi, updates fixes ethPOS deposit contract to point to 0x00000000219ab540356cBB839Cbe05303d7705Fa

Changelog

• feat: merge Moocow and ELIP5 into main PR #1425
• docs: proper markdown PR #1435
• docs: update readme
• chore: update testnet addresses for redistribution PR #1428
• chore: remove User_M2.t.sol
• feat: update EIGEN binding
• chore: resolve conflicts in upgrade.json
• chore: update harness class formatting
• chore: complete v1.6.0 changelog
• chore: changelog and bindings
• test: add more script tests for Eigen and standardize semver
• feat: add semver to eigen PR #1371
• feat: add TokenWrapped and TokenUnwrapped events in Eigen for observability PR #1356
• feat: change eigenpod events to use pubkeyHash over index
• feat: release scripts for moocow and elip5
• feat: currentCheckpoint now returns finalized checkpoint
• feat: implement consolidation and withdrawal requests

v1.5.0-rc.0

v1.5.0 Redistribution

Release Manager

@0xClandestine @ypatil12

Highlights

🚀 New features

• Redistribution is a feature that gives Service Builders a means to not just burn, but repurpose slashed funds.
• We introduce a new operatorSet creation mechanism: AllocationManager.createRedistributingOperatorSets, which allows slashed funds to be redistributed to a RedistributionRecipient. Note: The redistribution recipient can be set only once and is immutable.
• All slashed funds will now be routed to individual SlashEscrow contracts. The release of funds from escrow is gated by the SlashEscrowFactory. The SlashEscrowFactory deploys individual SlashEscrow contracts per slash, enforces a global delay for all escrowed funds, and handles pausing/unpausing of escrowed funds.
• The original createOperatorSets function still exists. This function creates operatorSets whose slashed funds will eventually be burned. There is no mechanism to convert an operatorSet to be redistributing.
• See ELIP-006 for a full description.

⛔ Breaking changes

• Funds marked for burning now go through a 4-day escrow period via SlashEscrow contracts. These funds are burned by calling SlashEscrowFactory.releaseSlashEscrow.

📌 Future Deprecations

• The pre-redistribution burn pathway StrategyManager.decreaseBurnableShares will be deprecated in an upgrade after the redistribution release. This function can still be used to burn shares that have been slashed at any point prior to the redistribution upgrade.

🛠️ Security Updates

• The slashing of burned funds is no longer instantaneous. All slashed funds (burned or redistributed) now go through a 4-day escrow delay. The eventual burning or redistribution of slashed funds can be paused by the PauserMultisig.
• The upgradability of the SlashEscrowFactory is controlled by the CommunityMultisig. The contract will have a separate ProxyAdmin from the rest of the EigenLayer core protocol. Each individual SlashEscrow contract is an immutable clone.

🔧 Improvements

• The AllocationManager.slashOperator function now returns a slashId and array of shares to be burned/redistributed. The function selector remains the same.
• OperatorSets now have a slashCount field, which returns the number of slashes completed by the operatorSet. This value only reflects the number of slashes after the redistribution upgrade.
• StrategyBase returns an amountOut upon withdrawal to comply with standard ERC-4626 vaults.
• The AllocationManager and DelegationManager no longer use ownable. Thus, they now inherit the Deprecated_OwnableUpgradeable mixin in its place to reduce codesize.

🐛 Bug Fixes

• SemVerMixin is updated to only return the first character of majorVersion. We currently return 1. and will return 1 after this upgrade.

What's Changed

• docs: add StrategyBase accounting doc by @nadir-akhtar in #1233
• feat: v1.4.0 upgrade script by @ypatil12 in #1244
• chore: add release label by @bowenli86 in #1253
• feat: support all characters after colon by @0xClandestine in #1255
• docs: Clarify AVS Meaning for AllocationManager and Effect of invoking updateAVSMetadataURI by @wesfloyd in #1259
• chore: add missing fn to interface by @0xClandestine in #1271
• chore: address ep/epm informational by @ypatil12 in #1272
• docs: post-cantina doc updates by @ypatil12 in #1266
• fix(cantina): deposit share cast bug by @8sunyuan in #1265
• chore: add event to dsf reset on full withdrawal by @eigenmikem in #1270
• feat: cantina preprod/testnet upgrade scripts by @ypatil12 in #1286
• fix: v1.4.1 execute script name by @ypatil12 in #1297
• docs: add sepolia by @ypatil12 in #1309
• docs: complete MAINTENANCE.md and clarify maintainers responsibility by @bowenli86 in #1314
• docs: simplify readme and consolidate with CONTRIBUTING.md by @bowenli86 in #1317
• docs: improve readability and searchbility with tabs for deployment contracts by @bowenli86 in #1318
• ci: change certora prover to run on main by @bowenli86 in #1319
• ci: add path filter for intense test by @bowenli86 in #1320
• docs: callout consequences of not follow contribution guidelines by @bowenli86 in #1326
• fix: update sepolia wETH strategy contract link with correct address by @pschork in #1336
• ci: enable auto delete branch upon eigengit launch by @bowenli86 in #1339
• docs: enrich MAINTENANCE.md re: release branches by @bowenli86 in #1340
• docs: update addresses for mainnet by @ypatil12 in #1341
• chore: Update README for Holesky v1.4.2 release by @solimander in #1351
• ci: add cron to auto remove stale branches by @bowenli86 in #1348
• chore: update readme for v1.4.1 by @ypatil12 in #1361
• ci: add CI to auto validate deployment scripts by @bowenli86 in #1360
• docs: bump deployment matrix to top of README by @bowenli86 in #1376
• docs: updating readme for dead links, readability, new language, and more by @non-fungible-nelson in #1377
• ci: add testnet envs sepolia and hoodi to validate-deployment-scripts by @bowenli86 in #1378
• docs: add doc for steps to write deploy scripts by @bowenli86 in #1380
• ci: add explicit permissions to workflows to mitigate security concerns by @bowenli86 in #1392
• chore: update .gitattributes with Certora .spec/.conf formatting by @nadir-akhtar in #1379
• chore: add instruction of generating changelog from last release by @bowenli86 in #1405
• docs: add hoodi by @ypatil12 in #1419
• feat(release): redistribution by @0xClandestine in #1355

New Contributors

• @pschork made their first contribution in #1336
• @non-fungible-nelson made their first contribution in #1377

Full Changelog: v1.4.0-testnet-holesky...v1.5.0-rc.0