v4.1.0

Read the full announcement in the blog or check out the changelog.

• IERC20Metadata: add a new extended interface that includes the optional name(), symbol() and decimals() functions. (#2561)
• ERC777: make reception acquirement optional in _mint. (#2552)
• ERC20Permit: add a _useNonce to enable further usage of ERC712 signatures. (#2565)
• ERC20FlashMint: add an implementation of the ERC3156 extension for flash-minting ERC20 tokens. (#2543)
• SignatureChecker: add a signature verification library that supports both EOA and ERC1271 compliant contracts as signers. (#2532)
• Multicall: add abstract contract with multicall(bytes[] calldata data) function to bundle multiple calls together (#2608)
• ECDSA: add support for ERC2098 short-signatures. (#2582)
• AccessControl: add a onlyRole modifier to restrict specific function to callers bearing a specific role. (#2609)
• StorageSlot: add a library for reading and writing primitive types to specific storage slots. (#2542)
• UUPS Proxies: add UUPSUpgradeable to implement the UUPS proxy pattern together with EIP1967Proxy. (#2542)

v4.0.0

Read the full announcement in the blog or check out the changelog.

Changelog

• Now targeting the 0.8.x line of Solidity compilers. For 0.6.x (resp 0.7.x) support, use version 3.4.0 (resp 3.4.0-solc-0.7) of OpenZeppelin.
• Context: making _msgData return bytes calldata instead of bytes memory (#2492)
• ERC20: removed the _setDecimals function and the storage slot associated to decimals. (#2502)
• Strings: addition of a toHexString function. (#2504)
• EnumerableMap: change implementation to optimize for key → value lookups instead of enumeration. (#2518)
• GSN: deprecate GSNv1 support in favor of upcoming support for GSNv2. (#2521)
• ERC165: remove uses of storage in the base ERC165 implementation. ERC165 based contracts now use storage-less virtual functions. Old behavior remains available in the ERC165Storage extension. (#2505)
• Initializable: make initializer check stricter during construction. (#2531)
• ERC721: remove enumerability of tokens from the base implementation. This feature is now provided separately through the ERC721Enumerable extension. (#2511)
• AccessControl: removed enumerability by default for a more lightweight contract. It is now opt-in through AccessControlEnumerable. (#2512)
• Meta Transactions: add ERC2771Context and a MinimalForwarder for meta-transactions. (#2508)
• Overall reorganization of the contract folder to improve clarity and discoverability. (#2503)
• ERC20Capped: optimize gas usage by enforcing the check directly in _mint. (#2524)
• Rename UpgradeableProxy to ERC1967Proxy. (#2547)
• ERC777: optimize the gas costs of the constructor. (#2551)
• ERC721URIStorage: add a new extension that implements the _setTokenURI behavior as it was available in 3.4.0. (#2555)
• AccessControl: added ERC165 interface detection. (#2562)
• ERC1155: make uri public so overloading function can call it using super. (#2576)

How to upgrade from 3.x

Since this version has moved a few contracts to different directories, users upgrading from a previous version will need to adjust their import statements. To make this easier, the package includes a script that will migrate import statements automatically. After upgrading to the latest version of the package, run:

npx openzeppelin-contracts-migrate-imports

Make sure you're using git or another version control system to be able to recover from any potential error in our script.

v4.0.0-beta.0

A beta release for Solidity 0.8. Read the announcement in the forum.

v3.4.0

Read the full announcement in the blog or check out the changelog.

Security Fixes

• ERC777: fix potential reentrancy issues for custom extensions to ERC777. (#2483)

If you're using our implementation of ERC777 from version 3.3.0 or earlier, and you define a custom _beforeTokenTransfer function that writes to a storage variable, you may be vulnerable to a reentrancy attack. If you're affected and would like assistance please write to security@openzeppelin.com. Read more in the pull request.

v3.3.0

Read the full announcement in the forum or check out the changelog.

• Now supports both Solidity 0.6 and 0.7. Compiling with solc 0.7 will result in warnings. Install the solc-0.7 tag to compile without warnings.
• TimelockController: added a contract to augment access control schemes with a delay. (#2354)
• Address: added functionStaticCall, similar to the existing functionCall. (#2333)
• EnumerableSet: added Bytes32Set, for sets of bytes32. (#2395)

v3.2.1 for Solidity 0.7

This is a special release for Solidity 0.7 that gets rid of a warning in ERC777 using one of the new features of the language. (#2327)

Note: The variant for Solidity 0.7 can be installed using npm install @openzeppelin/contracts@solc-0.7.

v3.2.0

Welcome to a new release of OpenZeppelin Contracts! 👯

The big feature in this release is that we’ve migrated our proxy contracts from OpenZeppelin SDK into the Contracts project. We hope this will make more people aware of upgrades in Ethereum, and we also think the contracts will benefit greatly from the continued scrutiny by all of you in the community. This was also a migration of the proxies from Solidity 0.5 to 0.6, which we know some users have been waiting for.

For Solidity 0.7 users, a reminder that we have support for the newer compiler version published on npm under the tag solc-0.7, the latest release being 3.2.0-solc-0.7. We’re considering officially switching to 0.7 for the release after this one.

There is additionally a small breaking change in ERC20Snapshot that may affect some of its users. If you’re one of them please take a look at the changelog.

v3.1.0

This is the first release since v3.0, our last major release. It includes the long-awaited ERC1155 token and helpers for safe calls and downcasts, as well as a number of minor improvements.

To install this release, run:

npm install --save-dev @openzeppelin/contracts

ERC1155

This is a new token standard developed by the gaming industry, focusing on gas efficiency. It's key difference is that it is a multi-token contract: a single ERC1155 can be used to represent an arbitrary number of tokens, which is very useful in applications that require many tokens by removing the high gas costs associated with deploying them. Check out our new documentation page to learn more!.

More Replacements for call

The low-level call primitive can be hard to use correctly and is often considered unsafe. With the addition of sendValue in Contracts and try-catch in Solidity, there's only a few scenarios in which call is still needed, the most troublesome one being forwarding calls.

The new functionCall helpers can forward call data to a recipient contract while imitating Solidity's function call semantics, such as bubbling up revert reasons and rejecting calls to EOAs. We expect the addition of these functions to greatly reduce the need to rely on call.

Using SafeMath on Small Signed Integers

We've expanded the scope of the SafeCast library to also include signed integer downcasting, which allows for users that need small types (such as int8 or int32) to perform checked arithmetic on them by using SafeMath, and then downcast the result to the intended size.

OpenZeppelin Contracts 3.0.1

This is a small bugfix release, addressing an issue that allowed for some internal functions in ERC777 to be called with the zero address as one of their arguments.

This was reported in #2208, fixed in #2212 for the v2.5 branch, and ported to the v3.0 branch in #2213.

OpenZeppelin Contracts 2.5.1

This is a small bugfix release, addressing an issue that allowed for some internal functions in ERC777 to be called with the zero address as one of their arguments.

This was reported in #2208 and fixed in #2212.