openzeppelin-contracts

mirror of openzeppelin-contracts

Thomas Bocek 79dd498b16 Signature Malleability: (#1622 ) * Transaction Malleability: If you allow for both values 0/1 and 27/28, you allow two different signatures both resulting in a same valid recovery. (r,s,0/1) and (r,s,27/28) would both be valid, recover the same public key and sign the same data. Furthermore, given (r,s,0/1), (r,s,27/28) can be constructed by anyone. * Transaction Malleability: EIP-2 still allows signature malleabality for ecrecover(), remove this possibility and force the signature to be unique. * Added a reference to appendix F to the yellow paper and improved comment. * better test description for testing the version 0, which returns a zero address * Check that the conversion from 0/1 to 27/28 only happens if its 0/1 * improved formatting * Refactor ECDSA code a bit. * Refactor ECDSA tests a bit. * Add changelog entry. * Add high-s check test.		6 years ago
.github	Add the solidity linter command to the PR template (#1653 )	6 years ago
audit	Add latest audit to repository (#1664 )	6 years ago
contracts	Signature Malleability: (#1622 )	6 years ago
migrations	Clean up npm package (#904 )	7 years ago
scripts	Migration to truffle 5 (and web3 1.0 (and BN)) (#1601 )	6 years ago
test	Signature Malleability: (#1622 )	6 years ago
.editorconfig	Add EditorConfig (#1119 )	7 years ago
.eslintrc	Added mocha-no-only ESlint plugin. (#1529 )	6 years ago
.gitattributes	feat: add solidity syntax highlighting directive, fixes #671	7 years ago
.gitignore	Nonfunctional typos #1643 (#1652 )	6 years ago
.solcover.js	Re-enable solidity coverage	7 years ago
.solhint.json	Replaced Solium in favor of Solhint (#1575 )	6 years ago
.travis.yml	Bring back coverage report. (#1620 )	6 years ago
CHANGELOG.md	Signature Malleability: (#1622 )	6 years ago
CODE_OF_CONDUCT.md	Create CODE_OF_CONDUCT.md (#1061 )	7 years ago
CODE_STYLE.md	Improve encapsulation on ERC165 and update code style guide (#1379 )	6 years ago
CONTRIBUTING.md	included command to add upstream (#959 )	7 years ago
LICENSE	removing trailing whitespace	7 years ago
README.md	Add latest audit to repository (#1664 )	6 years ago
RELEASING.md	Update RELEASING.md	6 years ago
ethpm.json	Release v2.1.3	6 years ago
logo.png	Improve README (#1309 )	6 years ago
package-lock.json	Merge branch 'release-v2.1.3'	6 years ago
package.json	Merge branch 'release-v2.1.3'	6 years ago
truffle-config.js	Fix warnings (#1606 )	6 years ago

README.md

OpenZeppelin is a library for secure smart contract development. It provides implementations of standards like ERC20 and ERC721 which you can deploy as-is or extend to suit your needs, as well as Solidity components to build custom contracts and more complex decentralized systems.

Install

npm install openzeppelin-solidity

Usage

To write your custom contracts, import ours and extend them through inheritance.

pragma solidity ^0.5.0;

import 'openzeppelin-solidity/contracts/token/ERC721/ERC721Full.sol';
import 'openzeppelin-solidity/contracts/token/ERC721/ERC721Mintable.sol';

contract MyNFT is ERC721Full, ERC721Mintable {
  constructor() ERC721Full("MyNFT", "MNFT") public {
  }
}

You need an ethereum development framework for the above import statements to work! Check out these guides for Truffle or Embark.

On our site you will find a few guides to learn about the different parts of OpenZeppelin, as well as documentation for the API. Keep in mind that the API docs are work in progress, and don’t hesitate to ask questions in our Slack.

Security

OpenZeppelin the project is maintained by Zeppelin the company, and developed following our high standards for code quality and security. OpenZeppelin is meant to provide tested and community-audited code, but please use common sense when doing anything that deals with real money! We take no responsibility for your implementation decisions and any security problems you might experience.

The core development principles and strategies that OpenZeppelin is based on include: security in depth, simple and modular code, clarity-driven naming conventions, comprehensive unit testing, pre-and-post-condition sanity checks, code consistency, and regular audits.

The latest audit was done on October 2018 on version 2.0.0.

Please report any security issues you find to security@openzeppelin.org.

Contribute

OpenZeppelin exists thanks to its contributors. There are many ways you can participate and help build high quality software. Check out the contribution guide!

License

OpenZeppelin is released under the MIT License.