Decentralized applications (dApps) are hotter than ever. However, despite decentralized applications’ considerable security advantages, they are still vulnerable to some security breaches. This is something that OpenZeppelin looks to make up for. This full guide answers the question “what is OpenZeppelin?” and we’ll take a closer look at how to integrate features from OpenZeppelin when using Moralis. In addition, we will look at OpenZeppelin smart contracts in relation to the popular ERC-20 token standard.
Based on a report from Statista, the banking sector accounted for nearly 30 percent of the blockchain market share in 2020. Moreover, decentralized finance (DeFi) platforms that are accessible via Ethereum have been growing in popularity recently. This means that people regularly transfer large amounts of money using dApps, a scenario in which security is of paramount importance. Furthermore, one of the main draws of DeFi platforms is that they do not need intermediaries. Instead, they use smart contracts, which we will explain later in this guide. OpenZeppelin is a set of vetted smart contracts. It helps you put precautionary security measures in place for your Web3 apps. Using its audit services, you can ensure your practices will conform to a set of established standards. That way, criminals will not compromise the security of your system.
What is OpenZeppelin?
OpenZeppelin is an open-source platform for building secure dApps. The framework provides the required tools to create and automate Web3 applications. In addition, companies of any size can refer to OpenZeppelin’s audit services to find the best practices in the industry. Furthermore, OpenZeppelin has big names such as the Ethereum Foundation and Coinbase among its customers. It provides security, reliability, and risk management for Ethereum projects and has the mission of “protecting the open economy”. It conducts security audits on your demand and implements security measures to ensure that your dApps are secure. After recognizing the potential problems in the code, they provide a report containing best practices and recommendations to remove the weaknesses in the system.
Moreover, OpenZeppelin Defender is one of OpenZeppelin’s web applications. It is a platform for securing and automating smart contract operations. Using Defender, you can collaborate with your team, define different workflows, interact manually with the contracts, and conduct financial transactions. Furthermore, Defender gives access to a user-friendly UI and the required infrastructure for sending your transactions and creating automated scripts. In addition, OpenZeppelin has built up an impressive library for developing smart contracts that currently power over 3,000 public projects.
OpenZeppelin developers use Solidity’s programming language to develop modular and reusable contracts within its library, including ERC-20-related OpenZeppelin contracts. In addition, the community has tested and reviewed contracts which, according to OpenZeppelin, are the most popular in the industry. Now that we’ve answered the question of “what is OpenZeppelin”, it is time to delve into its capabilities. Finally, we will elaborate on how to integrate it with Moralis’ Web3 platform.
How to Install OpenZeppelin?
To create a new OpenZeppelin project with a smart contract, you must first install the “command-line interface” (CLI) on your system. Since the CLI is a dependency on your node project, you’ll need to install npm (node package manager). OpenZeppelin advises developers to install the CLI locally rather than globally. That way, they can have different versions of the CLI for each project and avoid potential issues of global dependency.
To install the CLI, enter in the following command:
$ npm install @openzeppelin/cli
To initialize a new OpenZeppelin project, type the following command inside your terminal (inside your node project):
$ npx openzeppelin init
If you’d like a more in-depth explanation of installing the CLI, please visit OpenZeppelin’s documentation.
In the next step, specify the name and version of your project and then set up a few files and directories to run your new project. As mentioned earlier, the smart contracts of OpenZeppelin are written in Solidity, so the filename will have the affix of “sl”. To check for errors and compile your contract, use the command “oz compile”. If you forget to compile your contract, the CLI will do it because it is constantly monitoring changes on your contract. Whenever you run a command and change the contract, it will manage the compilation automatically.
Next, create a local blockchain for dApp development on Ethereum. One of the best simulators is Ganache, which we have a detailed article about. Simply use the command line “npm install ganache-cli” to install it. To start a new development network using Ganache, type the following command in a separate terminal:
$ npx ganache-cli --deterministic
After setting up the new development network on Ganache, you can create a new contract using the command “oz create”.
What are Smart Contracts?
Before addressing OpenZeppelin contracts, we have to look at the concept of smart contracts. A computer scientist and cryptographer named Nick Szabo coined the term “smart contract” for the first time in 1997. It refers to the contracts that are stored in distributed ledgers. Smart contracts are the same as real-world contracts but written with programming languages and stored inside blockchains. Crowdfunding websites would be a good example to illustrate the difference between real-world and smart contracts. According to their business model, fundraising websites play the role of an intermediary between the project owners and financial sponsors.
The project owners will specify a funding goal and start collecting money from financial supporters. The fundraising website will sit between the project owners and the financial supporters. It will take its commission and money to the product team, and both parties need to trust the website. If they achieve the goal, it will transfer the money to the project owner; otherwise, refund the money to the sponsors. In smart contracts, there is no third party, and the program itself manages the fundraising. Whenever it achieves the funding goal, it stops the process and transfers the money to the product teams. When the project cannot raise the required money, it will refund it to the supporters. In these contracts, there is no need for legal systems or law enforcement authorities. Developers insert the terms of the agreements into the code of the contract, which is automatically executed.
What is an OpenZeppelin Contract?
The transactions which are conducted between anonymous parties using smart contracts are trustable, immutable, distributed, trackable, and unchangeable. To put it differently, after sending a transaction, no one can manipulate the contract. So, what is an OpenZeppelin contract? Similarly, OpenZeppelin contracts are libraries of smart contracts written in Solidity for Ethereum and other DLTs (distributed ledger technologies). These contracts are computer programs reviewed by the community and are secure options for dApps development. The contracts are completely modular and reusable and contain the most used implementations of ERC (ERC stands for “Ethereum Request for Comments”) standards. This means that the companies do not need to develop security features and tools for smart contracts. Rather, they can concentrate on deploying the pre-packaged smart contracts stored in the OpenZeppelin archive.
The OpenZeppelin Contracts Wizard is an online interactive generator in which you can bootstrap your contracts. The wizard comprises five different sections, including token selection, settings, features, access control, and interactive code display. Currently, the wizard supports three ERC standards:
- ERC20 – A fungible token standard that follows EIP-20, such as fiat currencies.
- ERC721 – Is an NFT token standard that follows EIP-721.
- ERC1155 – Represents both fungible and non-fungible tokens. It is known as a multi-token contract and follows EIP-1155.
Every OpenZeppelin contract has a stable API, and you can import all of them to your Ethereum projects. The platform’s developers advise their users not to change the code and instead get and keep the code from OpenZeppelin as is.
Token Standards and ERC-20-Related OpenZeppelin Contracts
A token is a set of rules and standards implemented into smart contracts. Users can sell, buy and trade these tokens in Ethereum’s blockchain ecosystem. They represent a diverse range of assets, including IOUs, vouchers, time, virtual pets, or even tangible objects such as money and services.
ERC-20 is one of the popular token standards developed by the Ethereum community for fungible assets. Fungible tokens are exactly the opposite of non-fungible tokens (NFT). You interchange fungible tokens with another fungible token, such as one Bitcoin for another Bitcoin, since they are of equal value. However, with non-fungible tokens that are unique, you cannot replace them with others. As an example, your drawings are non-tangible, and you cannot find their exact look-alikes. An ERC-20-based OpenZeppelin contract tracks fungible tokens and is suitable for smart contracts concerning voting rights and staking. ERC-20 contracts from OpenZeppelin represent the base implementation of the ERC-20 interface that has various extensions. Each of these extensions features different functionalities. As an example, the “ERC20Detailed” contract adds details including name, symbol, and decimals to the ERC-20 contract from OpenZeppelin. Another one is “ERC20Capped”, which is used to designate addresses concerning tokens with a maximum limit.
OpenZeppelin Example Use Cases
Once you have installed OpenZeppelin, you can use its vetted contracts in a variety of Ethereum projects. OpenZeppelin example use cases include but are not limited to the following items:
- Access Restriction – Controlling access is one of OpenZeppelin’s main use cases. This contract allows you to determine who can access particular resources and functionalities in a system. Thanks to this capability, you can restrict voting, minting, sending transactions, etc., to specific entities.
- Ownership – “Ownable” is another OpenZeppelin contract, in which you can define the ownership within contracts. In other words, deploying this contract would help specific entities to acquire certain capabilities. Using extensions for the base contract, you can also transfer ownership from one account to the other. Thanks to another extension to this contract, you can renounce the previous ownership.
- Calculations – “SafeMath” is a useful OpenZeppelin contract that helps make precise and accurate calculations. This library is especially useful to prevent operation overflow when coding in Solidity. The situation happens when the value in a given arithmetic operation is not within the allowed range.
- Tokens – OpenZeppelin created the required infrastructure for developers to make tradable tokens and allocate them to the participants inside your network. Using this contract, you can monitor the prices, specify token transfer methods, authenticate purchases, and more.
- Payments – Are you developing a dApp with various beneficiaries? Using the OpenZeppelin “paymentSplitter” contract, you can send the income from your dApp purchases to different parties.
- Gas Station Network – This contract helps you to develop dApps in which you will pay on behalf of your users. In this method, users do not need to hold ETH in their wallets, and you will instead pay for them.
Integrating OpenZeppelin Libraries with Moralis
As mentioned earlier, OpenZeppelin provides vetted contracts for developers who are building dApps on Ethereum’s network or other blockchains. Since Moralis is completely compatible with Ethereum, you can use all the modular OpenZeppelin contracts inside your Moralis projects. Moralis’ excellent platform provides the required tools and services that you would need to build blockchain apps. Thanks to the platform, you can access a UI, user authentication, data management tools, cloud storage, and Web3. Read through our documentation for more details on how to deploy and track ERC-20 events using ERC-20 contracts from OpenZeppelin.
For user authentication, you’ll need to set up MetaMask in your browser as well. If you do not have a wallet address, download MetaMask from “https://metamask.io/”. When everything is set up and ready, you can deploy OpenZeppelin contracts with Moralis. Additionally, you’ll need to utilize Remix for writing, compiling, and debugging code, which is written in Solidity. You can either open it in your browser or head over to Ethereum’s official website.
What is OpenZeppelin – Summary
At this time, you know the answer to the question of “what is OpenZeppelin?” and you also understand what OpenZeppelin contracts are. We looked at OpenZeppelin contracts that are related to the ERC-20 token standard and elaborated on OpenZeppelin example use cases. Now it is time to get started and build your projects by integrating OpenZeppelin libraries into Moralis.
In addition, make sure to check out Moralis’ blog and YouTube channel, where we release high-quality content that will guide you in your blockchain journey from start to finish. Using it, you’ll be able to master everything from Ethereum testnets to how to create an NFT marketplace, create mobile Ethereum apps, learn about BEP20 and how to create a BSC token.