OpenZeppelin 2.0
OpenZeppelin 2.0 is finally here!!!
The major feature in this release is that we are now commiting to a stable API. In the process of stabilizing we've also reviewed a lot of the existing API in order to ensure a more straightforward experience for users.
Featuring...
Stable API
So far OpenZeppelin's API has sometimes changed from release to release, in backwards-incompatible ways. This has enabled us to iterate on features and design ideas, but we're at a point now where we want to commit to having a stable API and delivering reliable updates.
You can expect the external and internal API of contracts to remain stable. We're only making an exception to this for the contracts in the drafts/ subdirectory; this is where ERCs in Draft status, as well as more experimental contracts will go, and might have breaking changes in minor versions. We'll be documenting exactly what stability guarantees we provide in the coming weeks.
Granular permissions
Features which require permissions have used the almighty Ownable so far. We are now moving towards a more granular system of roles, like the MinterRole. Just like Ownable, the creator of a contract is assigned all roles at first, but they can selectively give them out to other accounts.
Improved test suite
Although this is not visible to users, we have been improving the test suite, increasing coverage to 100%, and cleaning up all of our tests, which had diverged in style. This is part of a bigger effort towards making contributing easier and involving our amazing contributors more in the entire process of building OpenZeppelin.
A new audit
The awesome LevelK team audited our 2.0.0 Release Candidate and they found some severe issues and suggested many improvements. We fixed almost all the issues and notes they reported, leaving only a few minor details for 2.1.0. Check out the LevelK Audit - OpenZeppelin 2.0 project for all the details.
We want to thank @cwhinfrey, @pcowgill and @shanefontaine for their very detailed reviews, high quality standards, and human support during the closing phase of this release. This audit gave us a great confidence boost on the code that we are now publishing.
Tons of community love
Now hold your breath, because this release was only possible because of the contributions of many, many people from everywhere in the world, and we want to thank all of them:
@3sGgpQ8H, @Aniket-Engg, @barakman, @BrendanChou, @cardmaniac992, @dougiebuckets, @dwardu, @facuspagnuolo, @fulldecent, @glesaint, @Glisch, @jacobherrington, @jbogacz, @jdetychey, @JeanoLee, @k06a, @lamengao, @ldub, @leonardoalt, @Miraj98, @mswezey23, @pw94, @shishir99111, @sohkai, @sweatyc, @tinchoabbate, @tinchou, @urvalla, @viquezclaudio, @vyomshm, @yaronvel, @ZumZoom.
Also we would like to thank all the people who are constantly helping others in our Slack channel, the ones who have given us feedback about the release, and the ones helping us triage and discuss our GitHub issues. If you are reading this wanting to jump in and make your first free software contributions, but you are unsure of where and how, talk to us! We can help you getting started, and we could use the extra hands.
With <3 from the maintainers team of this release.
-- @shrugs, @nventuro, @frangio and @ElOpio
Changelog
The changelog is pretty big. We are introducing new concepts and new designs, together with many renames and restructures. If you have problems, comments or suggestions, please join our Slack channel.
Ownablecontracts have moved to role based access. (#1291, #1302, #1303)- ERC contracts have all been renamed to follow the same convention. The interfaces are called
IERC##, and their implementations areERC##. Check out, for example,IERC20andERC20. (#1252, #1288) - All state variables are now
private, which means that derived contracts cannot access them directly, but have to use getters. This is to increase encapsulation, to be able to reason better about the code. (#1197, #1265, #1267, #1269, #1270, #1268, #1281) - Events have been changed to be consistently in the past tense except for those which are defined by an ERC. (#1181)
- Separated
ERC721into the different optional interfaces, and introducedERC721Fullwhich implements all. (#1304) - Added
ERC165Queryto query support for ERC165 interfaces. (#1086) - Added an experimental contract for migration between ERC20 tokens. (#1054)
- Added
SafeMath.mod. (#915) - Added
Math.average. (#1170) - Added
ERC721Pausable. (#1154) - Changed
SafeMathto userequireinstead ofassert. (#1187, #1120, interesting discussion!) - Removed restriction on who can release funds in
PullPayments,PaymentSplitter,PostDeliveryCrowdsale,RefundableCrowdsale. (#1275) - Optimized
ReentrancyMutexgas usage. (#1155) - Made
ERC721.existsinternal. (#1193) - Changed preconditions on
PaymentSplitterconstructor arguments. (#1131) - Fixed
ERC721.getApprovedto be in compliance with spec. (#1256) - Simplified interface of
IndividuallyCappedCrowdsale. (#1296) - Renamed
ERC20.decreaseApprovaltodecreaseAllowance, and changed its semantics slightly to be more secure. (#1293) - Renamed
MerkleProof.verifyProoftoMerkleProof.verify. (#1294) - Renamed
ECRecoverytoECDSA, andAddressUtilstoAddress. (#1253) - Moved
ECDSAandMerkleProofto acryptography/subdirectory. (#1253) - Moved
ReentrancyGuard, andAddressto autils/subdirectory. (#1253) - Renamed
proposals/subdirectory todrafts/. (#1271) - Moved
TokenVesting,SignatureBouncertodrafts/. (#1271) - Removed
ERC20Basic, now there's onlyERC20. (#1125) - Removed
Math.min64andMath.max64, left only theuint256variants. (#1156) - Removed
MintandBurnevents fromERC20MintableandERC20Burnable. (#1305) - Removed underscores from event arguments. (#1258)
- Removed a few contracts that we thought were not generally secure enough:
LimitBalance,HasNoEther,HasNoTokens,HasNoContracts,NoOwner,Destructible,TokenDestructible,CanReclaimToken. (#1253, #1254, #1306) - Removed extensions of
Owable:Claimable,DelayedClaimable,Heritable. (#1274) - Renamed
AutoIncrementingtoCounterand moved it todrafts\. ((1307, #1332) - Added events to roles on construction and when renouncing. (#1329)
- Separated
ERC721Mintableinto two contracts, one with metadata (token URI) and one without. (#1365) - Added an ERC20 internal _transfer function. (#1370)
- Added an
Arrayslibrary. (#1375) - Improved the
OwnershipTransferevent and removedOwnershipRenounced. (#1397) - Removed the
BreakInvariantBountycontract because of a front-running issue. (#1424) - Improved encapsulation on
ERC165making the_supportedInterfacesmap private. (#1379) - Renamed
RefundsEscrowevent toRefundsClosed. (#1418) - Moved
EscrowandRefundsEscrowtocontracts/payment/escrow/. (#1430) - Made private the
TokenVestingfunctions_releasableAmountand_vestedAmount. (#1427) - Made internal the constructors of contracts that should only be used inherited from others. (#1433, #1439)
- Renamed
ERC165functionsupportsInterfacesto_supportsAllInterfaces. (#1435) - Added the
addresstoPausedandUnpausedevents. (#1410) - Renamed
SplitPaymenttoPaymentSplitter, and added the eventsPayeeAdded,PaymentReleasedandPaymentReceived. (#1417) - Renamed the
TokenVestingevents toTokensReleasedandTokenVestingRevoked. (#1431) - Improved the
SafeERC20allowance handling. (#1407) - Made
getCurrentRatefromIncreasingPriceCrowdsalereturn 0 when the crowdsale is not open. (#1442) - Made
tokenURIfromERC721Metadataexternal, to match the specification. (#1444) - Fixed a reentrancy issue on
FinalizableCrowdsale. (#1447) - Fixed how allowance crowdsale checks remaining tokens. (#1449)
- Added the nonReentrant safeguard for buyTokens in the Crowdsale contract. (#1438)