audits: Adds Cantina audit for v2.0.0

CHANGELOG.md

@@ -4,10 +4,23 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Common Changelog](https://common-changelog.org/).
 
+[2.0.0]: https://github.com/chronicleprotocol/scribe/releases/tag/v2.0.0
 [1.2.0]: https://github.com/chronicleprotocol/scribe/releases/tag/v1.2.0
 [1.1.0]: https://github.com/chronicleprotocol/scribe/releases/tag/v1.1.0
 [1.0.0]: https://github.com/chronicleprotocol/scribe/releases/tag/v1.0.0
 
+## [2.0.0] - 2023-11-27
+
+### Changed
+
+- **Breaking** Use 1-byte identifier for feeds based on highest-order byte of their addresses instead of their storage array's index ([#23](https://github.com/chronicleprotocol/scribe/pull/23))
+- **Breaking** Change `IScribe` and `IScribeOptimistic` interfaces to account for new feed identification ([#23](https://github.com/chronicleprotocol/scribe/pull/23))
+
+### Fixed
+
+- DOS vector in `ScribeOptimistic::opPoke` making `ScribeOptimistic::opChallenge` economically unprofitable ([#23](https://github.com/chronicleprotocol/scribe/pull/23))
+- Possibility to successfully `opChallenge` a valid `opPoke` via non-default calldata encoding ([#23](https://github.com/chronicleprotocol/scribe/pull/23))
+
 ## [1.2.0] - 2023-09-29
 
 ### Added

test/IScribeOptimisticTest.sol

@@ -348,7 +348,7 @@ abstract contract IScribeOptimisticTest is IScribeTest {
         opScribe.opPoke(pokeData, schnorrData, ecdsaData);
     }
 
-    // See audits/Spearbit@v2.0.0.pdf.
+    // See audits/Cantina@v2.0.0.pdf.
     function testFuzz_opPoke_FailsIf_BarNotReached_DueTo_GasAttack(
         uint feedIdsLengthSeed
     ) public {
@@ -617,7 +617,7 @@ abstract contract IScribeOptimisticTest is IScribeTest {
         opScribe.opChallenge(schnorrData);
     }
 
-    // See audits/Spearbit@v2.0.0.pdf.
+    // See audits/Cantina@v2.0.0.pdf.
     function test_opChallenge_CalldataEncodingAttack() public {
         LibFeed.Feed[] memory feeds = _liftFeeds(opScribe.bar());