Security News
ESLint is Now Language-Agnostic: Linting JSON, Markdown, and Beyond
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
@openzeppelin/contracts-ethereum-package
Advanced tools
Secure Smart Contract library for Solidity
OpenZeppelin Contracts is a library for secure smart contract development. It provides implementations of standards like ERC20 and ERC721 which you can deploy as-is or extend to suit your needs, as well as Solidity components to build custom contracts and more complex decentralized systems.
This fork of OpenZeppelin is set up as a reusable Ethereum Package. It is deployed to the kovan, rinkeby, and ropsten test networks, as well as to the main Ethereum network. You can reuse any of the pre-deployed on-chain contracts by simply linking to them using the OpenZeppelin SDK, or reuse their Solidity source code as with the vanilla version of OpenZeppelin Contracts.
This package contains the same contracts as the vanilla openzeppelin-contracts, but modified to be safe for upgrades. The main difference is that all contracts in this package are potentially upgradeable: you will notice that no contracts have constructors defined, but use initializer functions instead. Also, this package is set up as an Ethereum package, and provides a small set of pre-deployed logic contracts that can be used directly via the OpenZeppelin SDK, without needing to deploy them again.
All contracts have an UpgradeSafe
suffix to avoid confusion with their counterparts in OpenZeppelin Contracts. For example, ERC20
becomes ERC20UpgradeSafe
.
All in all, you should use this package instead of openzeppelin-solidity if you are managing your project via the OpenZeppelin CLI.
npm install @openzeppelin/contracts-ethereum-package
You can easily create upgradeable instances of any of the logic contracts listed above using the OpenZeppelin CLI. This will rely on the pre-deployed instances in mainnet, kovan, ropsten, or rinkeby, greatly reducing your gas deployment costs. To do this, just create a new OpenZeppelin SDK project and link to this package.
$ npm install -g @openzeppelin/cli
$ openzeppelin init
$ openzeppelin link @openzeppelin/contracts-ethereum-package
> Installing...
$ openzeppelin deploy @openzeppelin/contracts-ethereum-package/ERC20PresetMinterPauserUpgradeSafe
> Creating...
To create an instance of a contract, use the openzeppelin create
command. As an example, you can run the following to create an upgradeable ERC20 named MyToken, with symbol TKN and 8 decimals, and an initial supply of 100 tokens assigned to the address HOLDER, with a MINTER and a PAUSER. Remember to replace $HOLDER, $MINTER, and $PAUSER with actual addresses when you run this command; you can specify more than one (or none at all) minters and pausers.
$ openzeppelin create
? Pick a contract to instantiate: @openzeppelin/contracts-ethereum-package/ERC20PresetMinterPauserUpgradeSafe
? Pick a network: development
✓ Deploying @openzeppelin/contracts-ethereum-package dependency to network
? Do you want to call a function on the instance after creating it?: Yes
? Select which function: * initialize(name: string, symbol: string)
? name (string): MyToken
? symbol (string): MYT
✓ Setting everything up to create contract instances
✓ Instance created at 0x2612Af3A521c2df9EAF28422Ca335b04AdF3ac66
OpenZeppelin will create an upgradeable ERC20 instance and keep track of its address in the .openzeppelin/rinkeby.json
file. Should you update your version of the openzeppelin contracts ethereum package later down the road, you can simply run openzeppelin update
to upgrade all your ERC20 instances to the latest version.
You can also deploy a ERC721 token by choosing the ERC721PresetMinterPauserAutoIdUpgradeSafe
contract when running openzeppelin create
. Refer to the initialize
function of each of the predeployed logic contracts to see which parameters are required for initialization.
If you prefer to write your custom contracts, import the ones from this package and extend them through inheritance. Note that you must use this package and not @openzeppelin/contracts
if you are writing upgradeable contracts.
pragma solidity ^0.5.0;
import '@openzeppelin/contracts-ethereum-package/contracts/Initializable.sol';
import '@openzeppelin/contracts-ethereum-package/contracts/presets/ERC721PresetMinterPauserAutoId.sol';
contract MyNFT is Initializable, ERC721PresetMinterPauserAutoId {
function initialize() public initializer {
ERC721PresetMinterPauserAutoId.initialize("name", "SYM");
}
}
On our site you will find a few guides to learn about the different parts of OpenZeppelin, as well as documentation for the API. Keep in mind that the API docs are work in progress, and don’t hesitate to ask questions in our forum.
OpenZeppelin Contracts is maintained by OpenZeppelin the company, and developed following our high standards for code quality and security. OpenZeppelin Contracts is meant to provide tested and community-audited code, but please use common sense when doing anything that deals with real money! We take no responsibility for your implementation decisions and any security problems you might experience.
The core development principles and strategies that OpenZeppelin Contracts is based on include: security in depth, simple and modular code, clarity-driven naming conventions, comprehensive unit testing, pre-and-post-condition sanity checks, code consistency, and regular audits.
The latest audit was done on October 2018 on version 2.0.0.
Please report any security issues you find to security@openzeppelin.org.
OpenZeppelin exists thanks to its contributors. There are many ways you can participate and help build high quality software. Check out the contribution guide!
OpenZeppelin is released under the MIT License.
3.0.0 (2020-04-20)
AccessControl
: new contract for managing permissions in a system, replacement for Ownable
and Roles
. (#2112)SafeCast
: new functions to convert to and from signed and unsigned values: toUint256
and toInt256
. (#2123)EnumerableMap
: a new data structure for key-value pairs (like mapping
) that can be iterated over. (#2160)ERC721
: burn(owner, tokenId)
was removed, use burn(tokenId)
instead. (#2125)ERC721
: _checkOnERC721Received
was removed. (#2125)ERC721
: _transferFrom
and _safeTransferFrom
were renamed to _transfer
and _safeTransfer
. (#2162)Ownable
: removed _transferOwnership
. (#2162)PullPayment
, Escrow
: withdrawWithGas
was removed. The old withdraw
function now forwards all gas. (#2125)Roles
was removed, use AccessControl
as a replacement. (#2112)ECDSA
: when receiving an invalid signature, recover
now reverts instead of returning the zero address. (#2114)Create2
: added an amount
argument to deploy
for contracts with payable
constructors. (#2117)Pausable
: moved to the utils
directory. (#2122)Strings
: moved to the utils
directory. (#2122)Counters
: moved to the utils
directory. (#2122)SignedSafeMath
: moved to the math
directory. (#2122)ERC20Snapshot
: moved to the token/ERC20
directory. snapshot
was changed into an internal
function. (#2122)Ownable
: moved to the access
directory. (#2120)Ownable
: removed isOwner
. (#2120)Secondary
: removed from the library, use Ownable
instead. (#2120)Escrow
, ConditionalEscrow
, RefundEscrow
: these now use Ownable
instead of Secondary
, their external API changed accordingly. (#2120)ERC20
: removed _burnFrom
. (#2119)Address
: removed toPayable
, use payable(address)
instead. (#2133)ERC777
: _send
, _mint
and _burn
now use the caller as the operator. (#2134)ERC777
: removed _callsTokensToSend
and _callTokensReceived
. (#2134)EnumerableSet
: renamed get
to at
. (#2151)ERC165Checker
: functions no longer have a leading underscore. (#2150)ERC721Metadata
, ERC721Enumerable
: these contracts were removed, and their functionality merged into ERC721
. (#2160)ERC721
: added a constructor for name
and symbol
. (#2160)ERC20Detailed
: this contract was removed and its functionality merged into ERC20
. (#2161)ERC20
: added a constructor for name
and symbol
. decimals
now defaults to 18. (#2161)Strings
: renamed fromUint256
to toString
(#2188)FAQs
Secure Smart Contract library for Solidity
The npm package @openzeppelin/contracts-ethereum-package receives a total of 161 weekly downloads. As such, @openzeppelin/contracts-ethereum-package popularity was classified as not popular.
We found that @openzeppelin/contracts-ethereum-package demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has added JSON and Markdown linting support with new officially-supported plugins, expanding its versatility beyond JavaScript.
Security News
Members Hub is conducting large-scale campaigns to artificially boost Discord server metrics, undermining community trust and platform integrity.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.