You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Features
Added a FungibleTokenMetadata component supporting name, description, logo URI, and external links, along with MASM procedures for retrieving token metadata (get_token_metadata, get_max_supply, get_decimals, get_token_symbol). Also aligned fungible faucet token metadata with the standard by using the canonical storage slot, enabling compatibility with MASM metadata getters (#2439).
Added PSWAP (partial swap) note for decentralized partial-fill asset exchange with remainder note re-creation (#2636).
[BREAKING] Renamed NoteId to NoteDetailsCommitment, new NoteId struct now includes the NoteMetadata (#1731).
Added lock/unlock path for Miden-native tokens in the AggLayer bridge: is_native flag in faucet_registry_map, bridge-local faucet_metadata_map (replacing FPI to faucets for conversion data), and lock_asset / unlock_and_send procedures so the bridge holds native assets in its own vault instead of burn/mint via a faucet (#2771).
[BREAKING] Added support for multiple attachments per note (#2795, #2849):
[BREAKING] Removed AccountStorageMode::Network; network accounts are now identified via NetworkAccountNoteAllowlist (#2900).
Added PswapAttachment scheme and PswapNote::payback_note / remainder_note discovery helpers so creators can reconstruct private paybacks from on-chain commitments (#2909).
Added benchmark for ECDSA signed transaction (#2967).
Changes
Documented the miden::protocol::account_id module in the protocol library docs (#2607).
[BREAKING] Renamed procedure_digest! to procedure_root! and return AccountProcedureRoot instead of Word (#2621).
[BREAKING] Introduced AssetComposition and encoded composition in the asset vault key's metadata byte (#2631).
[BREAKING] Renamed ProvenBatch::new to new_unchecked (#2687).
Added ShortCapitalString type and related TokenSymbol and RoleSymbol types (#2690).
[BREAKING] Renamed the guarded multisig component-facing APIs from multisig_guardian / AuthMultisigGuardian to guarded_multisig / AuthGuardedMultisig, while retaining the guardian auth namespace and guardian-specific procedures.
Added shared ProcedurePolicy for AuthMultisig (#2670).
[BREAKING] Changed NoteType encoding from 2 bits to 1 and makes NoteType::Private the default (#2691).
[BREAKING] Renamed native_asset_id to fee_faucet_id (#2718).
Added AssetAmount wrapper type for validated fungible asset amounts (#2721).
Added validation of leaf type on CLAIM note processing to prevent message leaves from being processed as asset claims (#2730).
[BREAKING] Removed redundant outputs from kernel procedures: note::write_assets_to_memory, active_note::get_assets, input_note::get_assets, output_note::get_assets, active_note::get_storage, and faucet::mint no longer return values identical to their inputs (#2733).
Added metadata_into_note_type procedure to note.masm for extracting note type from metadata header (#2738).
[BREAKING] Reduced MAX_ASSETS_PER_NOTE from 255 to 64 and NOTE_MEM_SIZE from 3072 to 1024 (#2741).
[BREAKING] Stored origin_network in LE-packed format in AggLayer faucet storage (#2745).
Optimized B2AGG processing with selective load/save of Local Exit Tree frontier entries, halving frontier storage map syscalls (#2752).
[BREAKING] Renamed extract_sender_from_metadata to metadata_into_sender and extract_attachment_info_from_metadata to metadata_into_attachment_info in note.masm (#2758).
Updated SwapNote::build_tag to use 1-bit NoteType encoding, increasing script root bits from 14 to 15 (#2758).
Use number of storage slots from native account in account delta commitment computation (#2770).
[BREAKING] Added cycle counts to notes returned by NoteConsumptionInfo and removed public fields from related types (#2772).
Added TransactionScript::from_package() method to create TransactionScript from miden-mast-package::Package (#2779).
[BREAKING] Removed unused payback_attachment from SwapNoteStorage and attachment from MintNoteStorage (#2789).
Automatically enable concurrent feature in miden-tx for std context (#2791).
Added Pausable standard component with pause, unpause, is_paused procedures and on_before_asset_added_to_account, on_before_asset_added_to_note callbacks (#2793).
[BREAKING] Renamed set_attachment to add_attachment, set_word_attachment to add_word_attachment, and set_array_attachment to add_array_attachment in miden::protocol::output_note (#2795, #2849).
Added tx::get_tx_script_root kernel procedure returning the root of the executed transaction script (empty word if no script was executed) (#2816).
Added AuthNetworkAccount auth component that rejects transactions which execute a tx script or consume input notes outside of a fixed allowlist of note script roots (#2817).
Added basic blocklist transfer policy with owner-managed admin (block_account/unblock_account) and runtime policy switching via the protocol-reserved asset callback slots ([#2820])(#2820).
[BREAKING] Renamed OwnerControlledBlocklist to BlocklistOwnerControlled.
Added basic allowlist transfer policy (default-deny dual of the blocklist) with owner-managed admin (allow_account/disallow_account) and runtime policy switching via the protocol-reserved asset callback slots.
Derive Hash implementation for StorageMapKey and StorageMapKeyHash to allow using those values as keys in containers (#2843).
[BREAKING] Replaced metadata_into_attachment_info with metadata_into_attachment_schemes in miden::protocol::note (#2795, #2849).
[BREAKING] All get_metadata procedures (active_note, input_note, output_note) no longer return attachments (#2795, #2849).
Re-exported MIN_STACK_DEPTH from miden-processor (#2856).
[BREAKING] Renamed NoteId to NoteDetailsCommitment, new NoteId struct now includes the NoteMetadata (#2861).
Added metadata_into_tag helper for extracting the tag from metadata. This should be used instead of extracting the tag manually from the header (#2871).
[BREAKING] Renamed note::build_recipient_hash to note::compute_recipient and note::build_recipient to note::compute_and_store_recipient (#2875).
Added standardized NetworkAccountNoteAllowlist slot for detecting network accounts (#2883).
[BREAKING] Merged BasicFungibleFaucet and NetworkFungibleFaucet (#2890).
[BREAKING] Renamed NoteMetadata to PartialNoteMetadata and renamed NoteMetadataHeader to NoteMetadata (#2887).
[BREAKING] Renamed account ID version 0 to version 1 and made encoded version 0 invalid (#2842).
[BREAKING] Changed note metadata version 1 to encode as 1, leaving encoded version 0 invalid.
[BREAKING] Added NetworkAccount wrapper for convenient network account identification (#2915).
[BREAKING] Replaced the FungibleFaucetBuilder with a bon builder on FungibleFaucet (#2916).
[BREAKING] Removed StandardNote::is_compatible_with and AccountInterfaceExt::is_compatible_with (#2920).
[BREAKING] FungibleAsset::amount() and AssetVault::get_balance() now return AssetAmount (#2928).
[BREAKING] Upgraded miden-vm to v0.23 and miden-crypto to v0.25. Notable downstream changes: dropped the immediate form of adv_push in kernel and standards MASM, marked cross-module-referenced MASM constants and procedures pub, migrated to the split Host/BaseHost trait surface, renamed Felt::new call sites to the preserved-behavior Felt::new_unchecked, switched ecdsa_k256_keccak/eddsa_25519_sha512SecretKey references to the new SigningKey/KeyExchangeKey types, and recomputed the kernel's EMPTY_SMT_ROOT constant for the Plonky3-aligned Poseidon2 and domain-separated SmtLeaf::hash (#2931).
[BREAKING] Removed AccountType and renamed AccountStorageMode to AccountType (#2939, #2942).
[BREAKING] Updated note nullifiers to include note metadata and attachments commitment (#2953).
Exposed token_config_slot_value on FungibleFaucet to allow reading the token config word directly from the account storage (#2954).
Fixes
Fixed auth components to use initial storage state for authentication (#2677).
Made deserialization of AccountCode more robust (#2788).
[BREAKING] Replaced NoAuth with the new AuthNetworkAccount auth component on the AggLayer bridge and AggLayer faucet, closing the forged-MINT attack surface where any transaction against the bridge could emit a bridge-authored MINT note (#2797, #2818).
Renamed the AggLayer faucet registry flag constant for clarity (#2812).
Fixed output_note::add_asset and output_note::set_attachment to no longer accept invalid note indices (#2824).
[BREAKING] Keyed the AggLayer faucet token registry by (origin_token_address, origin_network) instead of origin_token_address alone, preventing same-address cross-network mint collisions on CLAIM (#2860).
Validated PartialBlockchain invariants on deserialization (#2888).
Fixed set_procedure_threshold in the multisig auth component validating per-procedure overrides against initial num_approvers.
Fixed LocalTransactionProver accumulating MastForest entries across prove() calls, causing capacity_overflow panics in WASM environments where linear memory fragmentation prevents subsequent allocations (#2918).
Fixed TokenPolicyManager::manager_storage_slots to register the protocol-reserved asset-callback storage slots whenever any transfer policy is configured (including TransferAllowAll), so every minted asset carries AssetCallbackFlag::Enabled and future set_send_policy / set_receive_policy switches apply uniformly to the entire circulating supply (#2946).
Fixed create_fungible_faucet leaving authority-gated setters unauthenticated under AccessControl::AuthControlled: the AuthSingleSigAcl trigger list now contains every authority-gated setter root (set_max_supply, set_description, set_logo_uri, set_external_link, set_mint_policy, set_burn_policy, set_send_policy, set_receive_policy) in addition to mint_and_send. (#2958).
[BREAKING] Added missing transaction ref_block_commitment validation in ProposedBatch::new (#2971).
