Smart Contract Security Standardization
OpenZeppelin Setting the Standards for Smart Contract Development
In the previous newsletter, I introduced Ethereum Improvement Protocols, the community website which serves as a forum for the development of the Ethereum infrastructure. Today I will build on that topic with Zeppelin Solutions, OpenZeppelin, an open-source smart contract library. Zeppelin Solutions is a company that offers a suite of security auditing tools for Solidity developers. Its open-source product, OpenZeppelin, is a library that has written securely audited Solidity code on top of the approved and standardized EIPs. Rather than taking the code directly from the EIP and battle-testing it on your own, OpenZeppelin gives you a secure and continually maintained starting point for your smart contract development.
Using OpenZeppelin
To start using OpenZeppelin, you need node.js, npm, and must install the OpenZeppelin package (npm install @openzeppelin/contracts
). Once you have the package installed, import the smart contracts from the package that you would like to use (e.g. import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
).
As you can see from the screenshot of the Github repository’s contracts folder, there are a lot of contracts to choose from that cover a range of topics from token standards to utilities. The best place to understand the components of these smart contracts is with the OpenZeppelin documentation, but you can also refer to the README files hosted in the repository folders, as well as the comments within the Solidity files.
After you have imported the Solidity file, you must use contract inheritance in order to use the imported contract. You may recall how contract inheritance works from my previous newsletter on the topic, but if you need a refresher of the syntax, inheritance is created with “is”, ChildContract is ParentContract {}.
In the case of using OpenZeppelin, it would look like this,
pragma solidity ^0.8.0;
import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
contract ERC721NFT is ERC721 {}
where ERC721NFT is the name of the contract we are building on top of the ERC721 OpenZeppelin contract.
Inheriting the Contract
Once you have inherited the OpenZeppelin contract, all of the public functions are exposed through your contract. Because of this, there is no need to rewrite the code and you can make the function calls without additional code. The only reason you would include the function name in your contract is if you wanted to override the behavior of that function. This isn’t advised as the functions OpenZeppelin has built have been audited, but there are some circumstances where you may want to extend or change a certain behavior of the function.
Start Here
Both novice and experienced Solidity developers use OpenZeppelin. Why reinvent the wheel when you can have the infrastructure of your contract created for you. Instead, use your creativity to build unique and innovative functionality that can change the way people interact with the Ethereum blockchain. Remember to use OpenZeppelin when you start to work on your next smart contract.