v1.1.0

Release Note v1.1

---

zkProgram Identifiers

These identifiers are required parameters for SNARK proof verifications, to show that the proofs are generated by the intended zkVM Program.

The ImageID currently for the DCAP RiscZero Guest Program is 0xcc80dc6c1c1f8bc524101b72b3900301dc87887457c8fcaf552e45e2a02b9695.

The VKEY currently for the DCAP SP1 Program is 0x008228a87e56a065fb3ad27026aef08acc97d72d289439e8dab0d53baaea9f26.

---

Contract Deployment

Click here to get the contract deployment info.

---

What's Changed?

EVM

• Introduction of AutomataTcbEvalDao contract to the PCCS. Provides onchain APIs for callers to query the standard or early update for a specific TCB Recovery Event.

• Automata FMSPC DAO and Automata Enclave Identity DAO are now deployed as AutomataFmspcTcbDaoVersioned and AutomataEnclaveIdentityDaoVersioned. Each deployment instance (contract address) of a versioned DAO is tied to a specific TCB Evaluation Data Number. Users can easily determine an instance’s TCB Evaluation Data Number by calling the TCB_EVALUATION_NUMBER() method.

• Given the ability for users to now specify a TCB Recovery Event, the following function interfaces are added to AutomataDcapAttestationFee:

function verifyAndAttestOnChain(bytes rawQuote, uint32 tcbEvalDataNumber);

function verifyAndAttestWithZkProof(
    bytes output,
    uint8 zkCoProcessor,
    bytes proof,
    bytes32 programIdentifier
    uint32 tcbEvalDataNumber
);

These functions enable callers to use a specific TCB Evaluation Data Number for both onchain and ZK Quote verifications. Calling existing methods will simply fetch collaterals with the standard TCB Evaluation Data Number.

• AutomataDcapAttestationFee contract now supports multiple zkVM program identifiers for a single zkVM Configuration. This is to provide a grace period for users to transition from one version to another (especially after security patches, and does not immediately break the preceding version).
• Implemented Quote V5 verification. (Note: This slightly alters the format specification for the output data obtained after verifying a quote).

// v1.0
struct Output {
    uint16 quoteVersion; // serialized as BE, for EVM compatibility
    bytes4 tee;
    uint8 tcbStatus;
    bytes6 fmspcBytes;
    bytes quoteBody;
    string[] advisoryIDs;
}

// v1.1+
struct Output {
    uint16 quoteVersion; // serialized as BE, for EVM compatibility
    uint16 quoteBodyType; // serialized as BE, for EVM compatibility
    uint8 tcbStatus;
    bytes6 fmspcBytes;
    bytes quoteBody;
    string[] advisoryIDs;
}

The 3rd and 4th bytes of the output data contains information about the quote body structure, to differentiate between SGX, TD1.0 and TD1.5 reports.

• Pico zkVM Integration (available for local testing only). Pico currently does not provide a remote prover. Users may generate their own proving and verifying keypair, and should then be able to test quote verification locally. See test example.
• secp256r1 precompile support for Ethereum Hoodi and Sepolia with the Fusaka hardfork.
  • Reduces ECDSA verification cost from 330k gas to 6000 gas per signature.
  • ~1M gas reduction per DCAP quote onchain verification

Solana

• Solana PCCS and DCAP Verifier with SP1 Integration (not-audited)

v1.0.0

Release Note v1.0.0

A production-ready release of the Automata DCAP Attestation EVM Solidity Smart Contracts.

This release only applies to source code located in the /evm directory.

---

zkProgram Identifiers

These identifiers are required parameters for SNARK proof verifications, to show that the proofs are generated by the intended zkVM Program.

The ImageID currently for the DCAP RiscZero Guest Program is 0x58fd3069a6965c9382f6d0c0e7a4a1590520c37df5ecc832e571150305a82aff.

The VKEY currently for the DCAP SP1 Program is
0x0021feaf3f6c78429dac7756fac5cfed39b606e34603443409733e13a1cf06cc.

---

Contract Deployment (EVM)

ℹ️ UPDATE (March 2025)： The EVM contracts for both Automata On Chain PCCS and Automata DCAP Attestation have been fully audited by Trail of Bits.

Click here to view the audit report.

Click here to get the contract deployment info.

---

What's Changed?

• The contract has been fully audited by Trail of Bits.
  🔗 View the full audit report

• Integrated RIP-7212 for cheaper secp256r1 ECDSA verification on supported networks.

• TEE Type values are encoded and handled in little-endian order.

• Intel PCK Certificate Chain must now contain exactly 3 X509 Certificates.

• PCCS Router checks the validity window before loading the full collateral data, which prevents wasting gas on loading expired collaterals into memory.

• Checks Attestation Timestamp for Quote Verifications with ZK.

• Checks TcbInfo and QEIdentity for Quote Verification with ZK.

• Event logs are emitted for all state-changing functions.

---

👉 Full Changelog (v0.1.1...evm-v1.0.0)

v0.1.1

Changelog

• Contracts deployment to Holesky Testnet are compiled with v0.8.27+commit.40a35a0 to pass Etherscan verification.
• Added Foundry and Slither Github Actions CI/CD

v0.1.0: Initial release

tagged for initial release