NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add documentation about the security of overrides (#3725)

Browse Source 
(cherry picked from commit e2362ce74f)
This commit is contained in:
Francisco
2022-09-23 19:06:20 -03:00
committed by Francisco Giordano
parent 4e5b11919e
commit 011a0fb862
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/modules/ROOT/pages/extending-contracts.adoc
View File

@ -122,3 +122,8 @@ contract MyToken is ERC20 {
```
That's it! Enjoy simpler code using hooks!
== Security
The maintainers of OpenZeppelin Contracts are mainly concerned with the correctness and security of the code as published in the library, and the combinations of base contracts with the official extensions from the library.
Custom overrides, and those of hooks in particular, may break some important assumptions and introduce vulnerabilities in otherwise secure code. While we try to ensure the contracts remain secure in the face of a wide range of potential customizations, this is done in a best-effort manner. Similarly, while we try to document all important assumptions, this should not be relied upon. Custom overrides should be carefully reviewed and checked against the source code of the contract they are customizing so as to fully understand their impact and guarantee their security.