OpenZeppelin 2.3 RC 3

The final release has been published! See v2.3.0.

OpenZeppelin 2.3 RC 0

A newer release candidate has been published! See v2.3.0-rc.3.

OpenZeppelin 2.2

No changes from the release candidate for this one, we're ironing out the kinks in the release process! 🚫 🐛

This minor release includes a way to store token balances and supply so that they can be later queried in a gas-efficient manner 🔖, allows safe interaction with some old, non-compliant tokens 🔒, prevents user errors when using ECDSA signatures 📝 (the magic behind metatransactions! ✨), and provides multiple minor additions and improvements to the API.

To install the release run npm install openzeppelin-solidity@latest.

We would love your help by reviewing newly added contracts, their interface and documentation so that we can make names clearer, features easier to use, and the library better as a whole! Your feedback is extremely useful to us :)

Highlights

New features

• ERC20Snapshot: this variant allows for snapshots to be created on demand, storing the current token balances and total supply so that they can be later retrieved in a gas-efficient manner and e.g. calculate dividends at a past time. (#1617)
• SafeERC20: the ERC20 standard requires that all function calls (e.g. transfer, approve, etc.) return a boolean value indicating success. However, they are multiple widely used tokens out there that return no such value: they simply revert when encountering an error condition. Since Solidity v0.4.22, special code was needed to interact with this non-compliant tokens: now, all of SafeERC20 can be used to safely call both compliant and non-compliant tokens, without the developer having to worry about it. (#1655)
• TimedCrowdsale: an internal _extendTime(uint256 newClosingTime) function was added (with a corresponding TimedCrowdsaleExtended(uint256 prevClosingTime, uint256 newClosingTime) event) allowing for users to safely develop mechanisms to extend the durations of unclosed crowdsales. Note that due to it being internal, there's no out-of-the-box way to do it: this feature is opt-in and must be explicitly invoked by users.

Improvements

• ECDSA: recover no longer accepts malleable signatures (those using upper-range values for s, or 0/1 for v). This helps prevent multiple issues when using signatures as unique identifiers. Read more about common ECDSA issues here. (#1622)
• ERC721's transfers are now more gas efficient due to removal of unnecessary SafeMath calls. (#1610)

Bugfixes:

• (minor) SafeERC20: safeApprove wasn't properly checking for a zero allowance when attempting to set a non-zero allowance. This bug was reported independently by @nikeshnazareth. Thanks a lot! (#1647)

Breaking changes in drafts:

• TokenMetadata has been renamed to ERC20Metadata. (#1618)
• The library Counter has been renamed to Counters and its API has been improved. See an example in ERC721, lines 17 and 204. (#1610)

You can also see all details of this release in our changelog.

OpenZeppelin 2.2.0 RC1

This minor release includes a way to store token balances and supply so that they can be later queried in a gas-efficient manner 🔖, allows safe interaction with some old, non-compliant tokens 🔒, prevents user errors when using ECDSA signatures 📝 (the magic behind metatransactions! ✨), and provides multiple minor additions and improvements to the API.

To install the release candidate run npm install openzeppelin-solidity@next.

We would love your help by reviewing newly added contracts, their interface and documentation so that we can make names clearer, features easier to use, and the library better as a whole! Your feedback is extremely useful to us :)

Highlights

New features

• ERC20Snapshot: this variant allows for snapshots to be created on demand, storing the current token balances and total supply so that they can be later retrieved in a gas-efficient manner and e.g. calculate dividends at a past time. (#1617)
• SafeERC20: the ERC20 standard requires that all function calls (e.g. transfer, approve, etc.) return a boolean value indicating success. However, they are multiple widely used tokens out there that return no such value: they simply revert when encountering an error condition. Since Solidity v0.4.22, special code was needed to interact with this non-compliant tokens: now, all of SafeERC20 can be used to safely call both compliant and non-compliant tokens, without the developer having to worry about it. (#1655)
• TimedCrowdsale: an internal _extendTime(uint256 newClosingTime) function was added (with a corresponding TimedCrowdsaleExtended(uint256 prevClosingTime, uint256 newClosingTime) event) allowing for users to safely develop mechanisms to extend the durations of unclosed crowdsales. Note that due to it being internal, there's no out-of-the-box way to do it: this feature is opt-in and must be explicitly invoked by users.

Improvements

• ECDSA: recover no longer accepts malleable signatures (those using upper-range values for s, or 0/1 for v). This helps prevent multiple issues when using signatures as unique identifiers. Read more about common ECDSA issues here. (#1622)
• ERC721's transfers are now more gas efficient due to removal of unnecessary SafeMath calls. (#1610)

Bugfixes:

• (minor) SafeERC20: safeApprove wasn't properly checking for a zero allowance when attempting to set a non-zero allowance. This bug was reported independently by @nikeshnazareth. Thanks a lot! (#1647)

Breaking changes:

• TokenMetadata (in drafts) has been renamed to ERC20Metadata. (#1618)

You can also see all details of this release in our changelog.

OpenZeppelin 2.1.3

Bugfix release 🐛 🔧

A minor issue with SafeERC20.safeApprove was identified and reported independently by @nikeshnazareth (thanks once again!), this release contains the correspondig fix: #1647.

This bug has been present since v2.0.0. Updating to this latest version is recommended, but no immediate emergency action should be required for production code using affected versions, due to the low severity of the issue.

These independent reviews are a great way to keep our code secure and correct: we'll be making a push for a properly funded bug bounty during these next weeks to continue encouraging them. Stay tuned!

OpenZeppelin 2.0.1

Bugfix release 🐛 🔧

This is a backport of the 2.1.3 bugfix release for the 2.0.x line, which features Solidity v0.4.25 support: if you're still using OpenZeppelin v2.0.0, you can upgrade to this version instead of migrating to v2.1 and Solidity v0.5.

OpenZeppelin 2.1.2

This release was mostly the migration from Truffle 4 to Truffle 5, which should not affect end users.

The only user facing change here is removing the tests and tests helpers from the npm package. If you used the test helpers, you will now find them in the openzeppelin-test-helpers package.

OpenZeppelin 2.1

2.1 is finally out! 🎉

The most significant change is that OpenZeppelin now works with Solidity 0.5.0. This new release of the compiler introduced many breaking changes, and our old contracts were no longer compatible with it. After much discussion, we've decided to drop the Solidity compiler version out of our stability guarantees: in an attempt to both use the best possible tools and push the industry forward, our releases will target a recent compiler version, which may change between minor releases.

This means that installing this new OpenZeppelin version will require you to upgrade your compiler to the 0.5.x line, which can be easily done with the recently released truffle v5.0.0. The 2.0 release will be the last OpenZeppelin release with support for Solidity ^0.4.24, which we will still support in the form of bugfixes, if any are found.

In general, if you're not sure whether you'll want to upgrade your compiler version, feel free to pin an OpenZeppelin version during installation: 📌

npm install [email protected] --save-exact

If you want to know more about our rationale behind this decision, and why we discarded other possible approaches, read here.

Highlights

• Added WhitelistCrowdsale, a crowdsale where only whitelisted accounts (WhitelistedRole) can purchase tokens. Adding or removing accounts from the whitelist is done by whitelister admins (WhitelistAdminRole). Similar to the pre-2.0 WhitelistedCrowdsale. (#1525, #1589)
• ERC20's transferFrom and _burnFrom now emit Approval events, to represent the token's state comprehensively through events. (#1524)
• SignedSafeMath now supports signed integers (int256). (#1559, #1588)
• ERC20 and ERC721 are now more gas efficient due to removed redundant SSTOREs and requires. (#1409 and #1549)

The first 2.1 release will be 2.1.1, due to a minor mishap that caused a conflict in the npm registry 🤦‍♂️

🆕 See the details in our brand new CHANGELOG!

OpenZeppelin 2.1 RC 2

Make sure to read the release notes for the first release candidate!

This second release candidate updates all contracts to support the 0.5.x line of the Solidity compiler.

Users that wish to continue using versions ^0.4.24 should not upgrade, and instead keep using version 2.0. To learn more about our rationale behind this decision, see here.

You can also see the full changelog for this release.

OpenZeppelin 2.1 RC 1

In this minor release we're bringing back some features that were removed for the 2.0 release, adding new contracts requested by the community, and making some popular operations more gas efficient. 🏃‍♂️ 💨

To install the release candidate run npm install openzeppelin-solidity@next. We want to hear what you think!

If you want to compile using solc 0.5 please install the latest release candidate.

npm install openzeppelin-solidity@next

The actual 2.1 release will come out after a week of no changes to the release candidate.

Highlights

• Added WhitelistCrowdsale, a crowdsale where only whitelisted accounts (WhitelistedRole) can purchase tokens. Adding or removing accounts from the whitelist is done by whitelisters (WhitelisterRole). Similar to the pre-2.0 WhitelistedCrowdsale. (#1525)
• ERC20's transferFrom and _burnFrom now emit Approval events, to represent the token's state comprehensively through events. (#1524)
• SafeMath now also supports signed integers (int256). (#1559)
• ERC20 and ERC721 are now more gas efficient due to removed redundant SSTOREs and requires. (#1409 and #1549)

🆕 See the details in our brand new CHANGELOG!