From e2362ce74fbf2c6b8a01d6c11bdf1576c1737b64 Mon Sep 17 00:00:00 2001 From: Francisco Date: Fri, 23 Sep 2022 19:06:20 -0300 Subject: [PATCH] Add documentation about the security of overrides (#3725) --- docs/modules/ROOT/pages/extending-contracts.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/modules/ROOT/pages/extending-contracts.adoc b/docs/modules/ROOT/pages/extending-contracts.adoc index 7d25ae9e4..022dfc957 100644 --- a/docs/modules/ROOT/pages/extending-contracts.adoc +++ b/docs/modules/ROOT/pages/extending-contracts.adoc @@ -129,3 +129,8 @@ contract MyToken is ERC20 { ``` That's it! Enjoy simpler code using hooks! +== Security + +The maintainers of OpenZeppelin Contracts are mainly concerned with the correctness and security of the code as published in the library, and the combinations of base contracts with the official extensions from the library. + +Custom overrides, and those of hooks in particular, may break some important assumptions and introduce vulnerabilities in otherwise secure code. While we try to ensure the contracts remain secure in the face of a wide range of potential customizations, this is done in a best-effort manner. Similarly, while we try to document all important assumptions, this should not be relied upon. Custom overrides should be carefully reviewed and checked against the source code of the contract they are customizing so as to fully understand their impact and guarantee their security.