openzeppelin-eth

OpenZeppelin EVM Package

OpenZeppelin is a library for secure smart contract development. It provides implementations of standards like ERC20 and ERC721 which you can deploy as-is or extend to suit your needs, as well as Solidity components to build custom contracts and more complex decentralized systems.

This fork of OpenZeppelin is set up as a reusable EVM Package. It is deployed to the kovan, rinkeby, and ropsten test networks, as well as to the main Ethereum network. You can reuse any of the pre-deployed on-chain contracts by simply linking to them using ZeppelinOS, or reuse their Solidity source code as with the vanilla version of OpenZeppelin.

Differences with OpenZeppelin-Solidity

This package contains the same contracts as the vanilla OpenZeppelin-Solidity. The main difference is that all contracts in this package are potentially upgradeable: you will notice that no contracts have constructors defined, but use initializer functions instead. Also, this package is set up as an EVM package, and provides a small set of pre-deployed logic contracts that can be used directly via ZeppelinOS, without needing to deploy them again.

All in all, you should use this package instead of openzeppelin-solidity if you are managing your project via ZeppelinOS.

Install

npm install openzeppelin-eth

Deployed logic contracts

• StandaloneERC20: ERC20 token implementation, optionally mintable and pausable.
• StandaloneERC721: ERC721 non-fungible token implementation with metadata and enumerable extensions, optionally mintable and pausable.
• TokenVesting: tToken holder contract that can release its token balance gradually like a typical vesting scheme, with a cliff and vesting period, optionally revocable.
• PaymentSplitter: Splits payments among a group of addresses proportionately to some number of shares they own.

Using via ZeppelinOS

You can easily create upgradeable instances of any of the logic contracts listed above using ZeppelinOS. This will rely on the pre-deployed instances in mainnet, kovan, ropsten, or rinkeby, greatly reducing your gas deployment costs. To do this, just create a new ZeppelinOS project and link to this package.

$ npm install -g zos
$ zos init YourProject
$ zos link openzeppelin-eth
> Installing openzeppelin-eth
$ zos push --network rinkeby
> Connecting to dependency openzeppelin-eth

In case you are working in a private or development network where openzeppelin-eth has not been pre-deployed (such as ganache), you need to instruct ZeppelinOS to deploy the package there with an additional flag: zos push --deploy-dependencies --network local.

To create an instance of a contract, use the zos create command. As an example, you can run the following to create an upgradeable ERC20 named MyToken, with symbol TKN and 8 decimals, and an initial supply of 100 tokens assigned to the address HOLDER, with a MINTER and a PAUSER. Remember to replace $HOLDER, $MINTER, and $PAUSER with actual addresses when you run this command; you can specify more than one (or none at all) minters and pausers.

$ zos create openzeppelin-eth/StandaloneERC20 --init --args="MyToken,TKN,8,10000000000,$HOLDER,[$MINTER],[$PAUSER]" --network rinkeby
> Creating proxy to logic contract and initializing by calling initialize with: 
 - name (string): "MyToken"
 - symbol (string): "TKN"
 - decimals (uint8): "8"
 - initialSupply (uint256): "10000000000"
 - initialHolder (address): "$HOLDER"
 - minters (address[]): ["$MINTER"]
 - pausers (address[]): ["$PAUSER"]
Instance created at 0x...

ZeppelinOS will create an upgradeable ERC20 instance and keep track of its address in the zos.rinkeby.json file. Should you update your version of openzeppelin-eth later down the road, you can simply run zos update openzeppelin-eth/StandaloneERC20 to upgrade all your ERC20 instances to the latest version.

If you want to deploy an ERC721 non-fungible token instead, you can use the following command.

$ zos create openzeppelin-eth/StandaloneERC721 --init --args="MyToken,TKN,[$MINTER],[$PAUSER]" --network rinkeby
> Creating proxy to logic contract and initializing by calling initialize with: 
 - name (string): "MyToken"
 - symbol (string): "TKN"
 - minters (address[]): ["$MINTER"]
 - pausers (address[]): ["$PAUSER"]
Instance created at 0x...

Refer to the initialize function of each of the predeployed logic contracts to see which parameters are required for initialization.

Extending contracts

If you prefer to write your custom contracts, import the ones from openzeppelin-eth and extend them through inheritance. Note that you must use this package and not openzeppelin-solidity if you are writing upgradeable contracts.

pragma solidity ^0.5.0;

import 'zos-lib/contracts/Initializable.sol';
import 'openzeppelin-eth/contracts/token/ERC721/ERC721Full.sol';
import 'openzeppelin-eth/contracts/token/ERC721/ERC721Mintable.sol';

contract MyNFT is Initializable, ERC721Full, ERC721Mintable {
  function initialize() public initializer {
    ERC721.initialize();
    ERC721Enumerable.initialize();
    ERC721Metadata.initialize("MyNFT", "MNFT");
    ERC721Mintable.initialize(msg.sender);
  }
}

You need an ethereum development framework for the above import statements to work! Check out these guides for [Truffle] or [Embark].

On our site you will find a few [guides] to learn about the different parts of OpenZeppelin, as well as [documentation for the API][API docs]. Keep in mind that the API docs are work in progress, and don’t hesitate to ask questions in [our Slack][Slack].

Security

OpenZeppelin the project is maintained by [Zeppelin] the company, and developed following our high standards for code quality and security. OpenZeppelin is meant to provide tested and community-audited code, but please use common sense when doing anything that deals with real money! We take no responsibility for your implementation decisions and any security problems you might experience.

The core development principles and strategies that OpenZeppelin is based on include: security in depth, simple and modular code, clarity-driven naming conventions, comprehensive unit testing, pre-and-post-condition sanity checks, code consistency, and regular audits.

The latest audit was done on October 2018 on version 2.0.0.

Please report any security issues you find to security@openzeppelin.org.

Contribute

OpenZeppelin exists thanks to its contributors. There are many ways you can participate and help build high quality software. Check out the [contribution guide]!

License

OpenZeppelin is released under the MIT License.

Changelog

2.2.0 (2019-03-14)

New features

• ERC20Snapshot: create snapshots on demand of the token balances and total supply, to later retrieve and e.g. calculate dividends at a past time. (#1617)
• SafeERC20: ERC20 contracts with no return value (i.e. that revert on failure) are now supported. (#1655)
• ERC20: added internal _approve(address owner, address spender, uint256 value), allowing derived contracts to set the allowance of arbitrary accounts. (#1609)
• ERC20Metadata: added internal _setTokenURI(string memory tokenURI). (#1618)
• TimedCrowdsale: added internal _extendTime(uint256 newClosingTime) as well as TimedCrowdsaleExtended(uint256 prevClosingTime, uint256 newClosingTime) event allowing to extend the crowdsale, as long as it hasn't already closed.

Improvements

• Upgraded the minimum compiler version to v0.5.2: this removes many Solidity warnings that were false positives. (#1606)
• ECDSA: recover no longer accepts malleable signatures (those using upper-range values for s, or 0/1 for v). (#1622)
• ERC721's transfers are now more gas efficient due to removal of unnecessary SafeMath calls. (#1610)
• Fixed variable shadowing issues. (#1606)

Bugfixes

• (minor) SafeERC20: safeApprove wasn't properly checking for a zero allowance when attempting to set a non-zero allowance. (#1647)

Breaking changes in drafts

• TokenMetadata has been renamed to ERC20Metadata. (#1618)
• The library Counter has been renamed to Counters and its API has been improved. See an example in ERC721, lines 17 and 204. (#1610)