@openzeppelin/contracts-upgradeable
Advanced tools
Changelog
4.9.3 (2023-07-28)
ERC2771Context
: Return the forwarder address whenever the msg.data
of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length
is less than 20 bytes), as specified by ERC-2771. (#4481)ERC2771Context
: Prevent revert in _msgData()
when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length
is less than 20 bytes). Return the full calldata in that case. (#4484)Changelog
4.9.2 (2023-06-16)
MerkleProof
: Fix a bug in processMultiProof
and processMultiProofCalldata
that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.Changelog
4.9.1 (2023-06-07)
Governor
: Add a mechanism to restrict the address of the proposer using a suffix in the description.Changelog
4.9.0 (2023-05-23)
ReentrancyGuard
: Add a _reentrancyGuardEntered
function to expose the guard status. (#3714)ERC721Wrapper
: add a new extension of the ERC721
token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)EnumerableMap
: add a keys()
function that returns an array containing all the keys. (#3920)Governor
: add a public cancel(uint256)
function. (#3983)Governor
: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)Strings
: add equal
method. (#3774)IERC5313
: Add an interface for EIP-5313 that is now final. (#4013)IERC4906
: Add an interface for ERC-4906 that is now Final. (#4012)StorageSlot
: Add support for string
and bytes
. (#4008)Votes
, ERC20Votes
, ERC721Votes
: support timestamp checkpointing using EIP-6372. (#3934)ERC4626
: Add mitigation to the inflation attack through virtual shares and assets. (#3979)Strings
: add toString
method for signed integers. (#3773)ERC20Wrapper
: Make the underlying
variable private and add a public accessor. (#4029)EIP712
: add EIP-5267 support for better domain discovery. (#3969)AccessControlDefaultAdminRules
: Add an extension of AccessControl
with additional security rules for the DEFAULT_ADMIN_ROLE
. (#4009)SignatureChecker
: Add isValidERC1271SignatureNow
for checking a signature directly against a smart contract using ERC-1271. (#3932)SafeERC20
: Add a forceApprove
function to improve compatibility with tokens behaving like USDT. (#4067)ERC1967Upgrade
: removed contract-wide oz-upgrades-unsafe-allow delegatecall
annotation, replaced by granular annotation in UUPSUpgradeable
. (#3971)ERC20Wrapper
: self wrapping and deposit by the wrapper itself are now explicitly forbidden. (#4100)ECDSA
: optimize bytes32 computation by using assembly instead of abi.encodePacked
. (#3853)ERC721URIStorage
: Emit ERC-4906 MetadataUpdate
in _setTokenURI
. (#4012)ShortStrings
: Added a library for handling short strings in a gas efficient way, with fallback to storage for longer strings. (#4023)SignatureChecker
: Allow return data length greater than 32 from EIP-1271 signers. (#4038)UUPSUpgradeable
: added granular oz-upgrades-unsafe-allow-reachable
annotation to improve upgrade safety checks on latest version of the Upgrades Plugins (starting with @openzeppelin/upgrades-core@1.21.0
). (#3971)Initializable
: optimize _disableInitializers
by using !=
instead of <
. (#3787)Ownable2Step
: make acceptOwnership
public virtual to enable usecases that require overriding it. (#3960)UUPSUpgradeable.sol
: Change visibility to the functions upgradeTo
and upgradeToAndCall
from external
to public
. (#3959)TimelockController
: Add the CallSalt
event to emit on operation schedule. (#4001)Math
: optimize log256
rounding check. (#3745)ERC20Votes
: optimize by using unchecked arithmetic. (#3748)Multicall
: annotate multicall
function as upgrade safe to not raise a flag for its delegatecall. (#3961)ERC20Pausable
, ERC721Pausable
, ERC1155Pausable
: Add note regarding missing public pausing functionality (#4007)ECDSA
: Add a function toDataWithIntendedValidatorHash
that encodes data with version 0x00 following EIP-191. (#4063)MerkleProof
: optimize by using unchecked arithmetic. (#3745)EIP712
: Addition of ERC5267 support requires support for user defined value types, which was released in Solidity version 0.8.8. This requires a pragma change from ^0.8.0
to ^0.8.8
.EIP712
: Optimization of the cache for the upgradeable version affects the way name
and version
are set. This is no longer done through an initializer, and is instead part of the implementation's constructor. As a consequence, all proxies using the same implementation will necessarily share the same name
and version
. Additionally, an implementation upgrade risks changing the EIP712 domain unless the same name
and version
are used when deploying the new implementation contract.ERC20Permit
: Added the file IERC20Permit.sol
and ERC20Permit.sol
and deprecated draft-IERC20Permit.sol
and draft-ERC20Permit.sol
since EIP-2612 is no longer a Draft. Developers are encouraged to update their imports. (#3793)Timers
: The Timers
library is now deprecated and will be removed in the next major release. (#4062)ERC777
: The ERC777
token standard is no longer supported by OpenZeppelin. Our implementation is now deprecated and will be removed in the next major release. The corresponding standard interfaces remain available. (#4066)ERC1820Implementer
: The ERC1820
pseudo-introspection mechanism is no longer supported by OpenZeppelin. Our implementation is now deprecated and will be removed in the next major release. The corresponding standard interfaces remain available. (#4066)Changelog
4.8.2 (2023-03-02)
ERC721Consecutive
: Fixed a bug when _mintConsecutive
is used for batches of size 1 that could lead to balance overflow. Refer to the breaking changes section in the changelog for a note on the behavior of ERC721._beforeTokenTransfer
.ERC721
: The internal function _beforeTokenTransfer
no longer updates balances, which it previously did when batchSize
was greater than 1. This change has no consequence unless a custom ERC721 extension is explicitly invoking _beforeTokenTransfer
. Balance updates in extensions must now be done explicitly using __unsafe_increaseBalance
, with a name that indicates that there is an invariant that has to be manually verified.Changelog
4.8.0 (2022-11-08)
TimelockController
: Added a new admin
constructor parameter that is assigned the admin role instead of the deployer account. (#3722)Initializable
: add internal functions _getInitializedVersion
and _isInitializing
(#3598)ERC165Checker
: add supportsERC165InterfaceUnchecked
for consulting individual interfaces without the full ERC165 protocol. (#3339)Address
: optimize functionCall
by calling functionCallWithValue
directly. (#3468)Address
: optimize functionCall
functions by checking contract size only if there is no returned data. (#3469)Governor
: make the relay
function payable, and add support for EOA payments. (#3730)GovernorCompatibilityBravo
: remove unused using
statements. (#3506)ERC20
: optimize _transfer
, _mint
and _burn
by using unchecked
arithmetic when possible. (#3513)ERC20Votes
, ERC721Votes
: optimize getPastVotes
for looking up recent checkpoints. (#3673)ERC20FlashMint
: add an internal _flashFee
function for overriding. (#3551)ERC4626
: use the same decimals()
as the underlying asset by default (if available). (#3639)ERC4626
: add internal _initialConvertToShares
and _initialConvertToAssets
functions to customize empty vaults behavior. (#3639)ERC721
: optimize transfers by making approval clearing implicit instead of emitting an event. (#3481)ERC721
: optimize burn by making approval clearing implicit instead of emitting an event. (#3538)ERC721
: Fix balance accounting when a custom _beforeTokenTransfer
hook results in a transfer of the token under consideration. (#3611)ERC721
: use unchecked arithmetic for balance updates. (#3524)ERC721Consecutive
: Implementation of EIP-2309 that allows batch minting of ERC721 tokens during construction. (#3311)ReentrancyGuard
: Reduce code size impact of the modifier by using internal functions. (#3515)SafeCast
: optimize downcasting of signed integers. (#3565)ECDSA
: Remove redundant check on the v
value. (#3591)VestingWallet
: add releasable
getters. (#3580)VestingWallet
: remove unused library Math.sol
. (#3605)VestingWallet
: make constructor payable. (#3665)Create2
: optimize address computation by using assembly instead of abi.encodePacked
. (#3600)Clones
: optimized the assembly to use only the scratch space during deployments, and optimized predictDeterministicAddress
to use fewer operations. (#3640)Checkpoints
: Use procedural generation to support multiple key/value lengths. (#3589)Checkpoints
: Add new lookup mechanisms. (#3589)Arrays
: Add unsafeAccess
functions that allow reading and writing to an element in a storage array bypassing Solidity's "out-of-bounds" check. (#3589)Strings
: optimize toString
. (#3573)Ownable2Step
: extension of Ownable
that makes the ownership transfers a two step process. (#3620)Math
and SignedMath
: optimize function max
by using >
instead of >=
. (#3679)Math
: Add log2
, log10
and log256
. (#3670)ERC721
: In order to add support for batch minting via ERC721Consecutive
it was necessary to make a minor breaking change in the internal interface of ERC721
. Namely, the hooks _beforeTokenTransfer
and _afterTokenTransfer
have one additional argument that may need to be added to overrides: function _beforeTokenTransfer(
address from,
address to,
uint256 tokenId,
+ uint256 batchSize
) internal virtual override
ERC4626
: Conversion from shares to assets (and vice-versa) in an empty vault used to consider the possible mismatch between the underlying asset's and the vault's decimals. This initial conversion rate is now set to 1-to-1 irrespective of decimals, which are meant for usability purposes only. The vault now uses the assets decimals by default, so off-chain the numbers should appear the same. Developers overriding the vault decimals to a value that does not match the underlying asset may want to override the _initialConvertToShares
and _initialConvertToAssets
to replicate the previous behavior.
TimelockController
: During deployment, the TimelockController used to grant the TIMELOCK_ADMIN_ROLE
to the deployer and to the timelock itself. The deployer was then expected to renounce this role once configuration of the timelock is over. Failing to renounce that role allows the deployer to change the timelock permissions (but not to bypass the delay for any time-locked actions). The role is no longer given to the deployer by default. A new parameter admin
can be set to a non-zero address to grant the admin role during construction (to the deployer or any other address). Just like previously, this admin role should be renounced after configuration. If this param is given address(0)
, the role is not allocated and doesn't need to be revoked. In any case, the timelock itself continues to have this role.
EIP712
: Added the file EIP712.sol
and deprecated draft-EIP712.sol
since the EIP is no longer a Draft. Developers are encouraged to update their imports. (#3621)-import "@openzeppelin/contracts/utils/cryptography/draft-EIP712.sol";
+import "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
ERC721Votes
: Added the file ERC721Votes.sol
and deprecated draft-ERC721Votes.sol
since it no longer depends on a Draft EIP (EIP-712). Developers are encouraged to update their imports. (#3699)-import "@openzeppelin/contracts/token/ERC721/extensions/draft-ERC721Votes.sol";
+import "@openzeppelin/contracts/token/ERC721/extensions/ERC721Votes.sol";
ERC-721 integrators that interpret contract state from events should make sure that they implement the clearing of approval that is implicit in every transfer according to the EIP. Previous versions of OpenZeppelin Contracts emitted an explicit Approval
event even though it was not required by the specification, and this is no longer the case.
With the new ERC721Consecutive
extension, the internal workings of ERC721
are slightly changed. Custom extensions to ERC721 should be reviewed to ensure they remain correct. The internal functions that should be considered are _ownerOf
(new), _beforeTokenTransfer
, and _afterTokenTransfer
.
Existing ERC4626
contracts that are upgraded to 4.8 must initialize a new variable that holds the vault token decimals. The recommended way to do this is to use a [reinitializer]:
function migrateToV48() public reinitializer(2) {
__ERC4626_init(IERC20Upgradeable(asset()));
}