* adding mock contacts, test code
* adding changes to ERC721.sol per @frangio's comments on original PR #1943
* fix solhint warnings
* Update contracts/token/ERC721/ERC721.sol
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* same revert wording per @frangio's review suggestion
* per @frangio's feedback, changing the inline assembly to accomplish: we want to ignore the first 4 bytes of content, so we should read the length and decrease it by 4, then take the memory location and add 4 to it, then store the new length at the new memory location, then that is the new byte array that we want.
* change revert msg assembly per PR comment by @frangio
* unify revert msg in test code
* fix some failed tests, wording change
* Update contracts/token/ERC721/ERC721.sol
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* Update contracts/token/ERC721/ERC721.sol
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* fix test case, revert without reason
* fix 'ERC721ReceiverRevertsMock: Transaction rejected by receiver'
* style change per review by @frangio
* fix revert reason forwarding
* remove duplicate contracts/mocks/ERC721ReceiverRevertsMock.sol per review https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2018\#issuecomment-574381034
* Add changelog entry
* Fix tests
* Make tests more clear
Co-authored-by: Francisco Giordano <frangio.1@gmail.com>
Co-authored-by: Nicolás Venturo <nicolas.venturo@gmail.com>
* Reorder navbar
* Adapt content to new docsite structure, add links
* Fix list
* fix list
* Apply suggestions from code review
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* Update index.adoc
Co-authored-by: Francisco Giordano <frangio.1@gmail.com>
Code sample for MyCrowdsaleDeployer causes TypeError:
```
browser/MyCrowdsaleDeployer.sol:21:13: TypeError: Invalid type for argument in function call.
Invalid implicit conversion from address to contract IERC20 requested.
address(token) // the token
^------------^
```
Change:
```solidity
address(token) // the token
```
To:
```solidity
token // the token
```
Reported by community member in the forum: https://forum.openzeppelin.com/t/invalid-implicit-conversion-from-address-to-contract-ierc20-requested/1937
* Changes ERC777 external functions to public for allowing overrides #1994
* Changes ERC777 external functions to public for allowing overrides (#1994)
* Update ReentrancyGuard for Istanbul Hard Fork
Changes:
Added L37, `_guardCounter = 1;`
Rationale:
The planned _Istanbul Hard Fork_ will implement [EIP 2200](e4d4ea348e/EIPS/eip-2200.md), which implements "net gas metering" for `sstore` operations. If the final value of `_guardCounter` is unchanged relative to the original value of it, a gas refund will be applied and charges for changing the value of `_guardCounter` will effectively not exist. This ends up being cheaper than the current implementation ONLY AFTER Istanbul. Before Istanbul, the added line actually ends up costing more gas.
Note that if `_guardCounter` is `0` initially, the initial cost and subsequent refund will both be larger than if `_guardCounter` is `1` initially. Although in both cases, the net gas cost (`gasCost - gasRefund`) are equal, it's better in terms of cost to have both the gas cost and refund smaller, as there is some limit to the percentage of a gas refund that can actually be realized.
* Update CHANGELOG.md
Added note for change to ReentrancyGuard.sol
* Update ReentrancyGuard.sol
* Update CHANGELOG.md
* Merge GSNBouncerBase into GSNRecipient
* Remove emtpy implementations for _pre and _post
* Rename bouncers to recipients
* Rename bouncers documentation to strategies
* Rewrite guides and docstrings to use the strategy naming scheme
* Address review comments
* Apply suggestions from code review
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* change wording of docs
(cherry picked from commit aae95db4e0)
* switch index to show arg names
* add index separators
* add classes to style variable type and name
* add class for inherited part of index
* use inheritedItems in contracts template
* refactor template to use explicit if and each
(cherry picked from commit 5d6a040fc3)
* GSNSignatureBoucer does not accept zero address
* Linting code.
* Update contracts/GSN/bouncers/GSNBouncerSignature.sol
Makes sense!
Co-Authored-By: Nicolás Venturo <nicolas.venturo@gmail.com>
* Update test/GSN/GSNBouncerSignature.test.js
ok!
Co-Authored-By: Nicolás Venturo <nicolas.venturo@gmail.com>
* Add zero address constant from OZ test Helpers
* revert prettier formatting
(cherry picked from commit f9a94788fb)
* Fix typo
* Replace pseudo code contracts with sample code
* Update GSN Bouncers text
* More text changes
* Update with latest code and remove reference to allowance
* Capitalize Custom Bouncer
* Update docs/modules/ROOT/pages/gsn-bouncers.adoc
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* Update gsn-bouncers.adoc with Antora cross reference
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* Revert to handling msg.sender msg.data differently
* Change by default to simplest implementation
* Change signing to include signature for GSNBouncerSignature
* Reword summary of what is in the guide
* Remove "The" from before `GSNBouncer...`
* Fix code snippet markdown
* Change to API references to xref:api
* Remove code from How it works sections
* Explain 1:1 exchange rate
* Change transaction request to relayed call
* Minor fixes
* Add info to Custom Bouncers
* Typo
* Minor fixes
* reorder sentence based on review gsn-bouncers.adoc
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* Improve wording of signing of relayed call parameters by trusted signer
(cherry picked from commit 18473d0100)
* Improve IRelayRecipient docs
* Fix link
* Update IRelayHub docs to the docsite format
* Update IRelayRecipient docs to the dociste format
* Fix typo
* Improve GSN readme
* Fix link
* Update GSNRecipient docs
* Apply suggestions from code review
Co-Authored-By: Andrew B Coathup <28278242+abcoathup@users.noreply.github.com>
* Apply suggestions from code review
Co-Authored-By: Andrew B Coathup <28278242+abcoathup@users.noreply.github.com>
* Apply suggestions from code review
Co-Authored-By: Andrew B Coathup <28278242+abcoathup@users.noreply.github.com>
(cherry picked from commit d864228624)
* Merge GSNBouncerBase into GSNRecipient
* Remove emtpy implementations for _pre and _post
* Rename bouncers to recipients
* Rename bouncers documentation to strategies
* Rewrite guides and docstrings to use the strategy naming scheme
* Address review comments
* Apply suggestions from code review
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* change wording of docs
* switch index to show arg names
* add index separators
* add classes to style variable type and name
* add class for inherited part of index
* use inheritedItems in contracts template
* refactor template to use explicit if and each
* GSNSignatureBoucer does not accept zero address
* Linting code.
* Update contracts/GSN/bouncers/GSNBouncerSignature.sol
Makes sense!
Co-Authored-By: Nicolás Venturo <nicolas.venturo@gmail.com>
* Update test/GSN/GSNBouncerSignature.test.js
ok!
Co-Authored-By: Nicolás Venturo <nicolas.venturo@gmail.com>
* Add zero address constant from OZ test Helpers
* revert prettier formatting
* Fix typo
* Replace pseudo code contracts with sample code
* Update GSN Bouncers text
* More text changes
* Update with latest code and remove reference to allowance
* Capitalize Custom Bouncer
* Update docs/modules/ROOT/pages/gsn-bouncers.adoc
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* Update gsn-bouncers.adoc with Antora cross reference
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* Revert to handling msg.sender msg.data differently
* Change by default to simplest implementation
* Change signing to include signature for GSNBouncerSignature
* Reword summary of what is in the guide
* Remove "The" from before `GSNBouncer...`
* Fix code snippet markdown
* Change to API references to xref:api
* Remove code from How it works sections
* Explain 1:1 exchange rate
* Change transaction request to relayed call
* Minor fixes
* Add info to Custom Bouncers
* Typo
* Minor fixes
* reorder sentence based on review gsn-bouncers.adoc
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* Improve wording of signing of relayed call parameters by trusted signer
* refactor(ERC165Checker) replaced assembly code with function
* returned false if result.length==0
* trigger ci
* updated ERC165Checker to return false if result.length < 32
* Improve IRelayRecipient docs
* Fix link
* Update IRelayHub docs to the docsite format
* Update IRelayRecipient docs to the dociste format
* Fix typo
* Improve GSN readme
* Fix link
* Update GSNRecipient docs
* Apply suggestions from code review
Co-Authored-By: Andrew B Coathup <28278242+abcoathup@users.noreply.github.com>
* Apply suggestions from code review
Co-Authored-By: Andrew B Coathup <28278242+abcoathup@users.noreply.github.com>
* Apply suggestions from code review
Co-Authored-By: Andrew B Coathup <28278242+abcoathup@users.noreply.github.com>
* Adding in "<<: *defaults" under "coverage"
* Refactoring by capturing similar setup commands into single alias
* Reverting changes, I am not certain exactly how to refactor these setup steps, but at least the &default refactor can be made.
* move gsn link
* change underscore to dash
* add content to gsn api ref
* change link of GSN announcement
* Update contracts/GSN/bouncers/GSNBouncerERC20Fee.sol
Co-Authored-By: Nicolás Venturo <nicolas.venturo@gmail.com>
* fix crossreference to gsn guide
* Remove intro from gsn guide
We are moving the intro to the top-level in the docsite, and focusing this guide into writing gsn-enabled contracts.
* Update docs/modules/ROOT/pages/gsn.adoc
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* Update gsn.adoc
* Update gsn_advanced.adoc
Line 15 - where it says, "prevent malicious users from spending the transactions subsidy", with transactions subsidy, is it supposed to be possessive "transaction's subsidy" or is the plural in the wrong place "transaction subsidies"?
Line 176 - where it says "or it is not allowed to spend that amount". Is IT referring to the sender/person or the tx? If IT refers to a person, then change to "or they are not allowed..." for gender neutral.
Line 213 - Where it says, "Please not how the gas cost estimation", a verb is missing, please what?
* Update gsn_advanced.adoc
Apply suggestions by Amy
* switch to using Context internally
* add context import
* Add smoke test to make sure enabling GSN support works
* Update test/GSN/ERC721GSNRecipientMock.test.js
Co-Authored-By: Francisco Giordano <frangio.1@gmail.com>
* Upgrade truffle
* add missing awaits
* Revert "Upgrade truffle"
This reverts commit f9b0ba9019.
* Add base Context contract
* Add GSNContext and tests
* Add RelayHub deployment to tests
* Add RelayProvider integration, complete GSNContext tests
* Switch dependency to openzeppelin-gsn-provider
* Add default txfee to provider
* Add basic signing recipient
* Sign more values
* Add comment clarifying RelayHub's msg.data
* Make context constructors internal
* Rename SigningRecipient to GSNRecipientSignedData
* Add ERC20Charge recipients
* Harcode RelayHub address into GSNContext
* Fix Solidity linter errors
* Run server from binary, use gsn-helpers to fund it
* Migrate to published @openzeppelin/gsn-helpers
* Silence false-positive compiler warning
* Use GSN helper assertions
* Rename meta-tx to gsn, take out of drafts
* Merge ERC20 charge recipients into a single one
* Rename GSNRecipients to Bouncers
* Add GSNBouncerUtils to decouple the bouncers from GSNRecipient
* Add _upgradeRelayHub
* Store RelayHub address using unstructored storage
* Add IRelayHub
* Add _withdrawDeposits to GSNRecipient
* Add relayHub version to recipient
* Make _acceptRelayedCall and _declineRelayedCall easier to use
* Rename GSNBouncerUtils to GSNBouncerBase, make it IRelayRecipient
* Improve GSNBouncerBase, make pre and post sender-protected and optional
* Fix GSNBouncerERC20Fee, add tests
* Add missing GSNBouncerSignature test
* Override transferFrom in __unstable__ERC20PrimaryAdmin
* Fix gsn dependencies in package.json
* Rhub address slot reduced by 1
* Rename relay hub changed event
* Use released gsn-provider
* Run relayer with short sleep of 1s instead of 100ms
* update package-lock.json
* clear circle cache
* use optimized gsn-provider
* update to latest @openzeppelin/gsn-provider
* replace with gsn dev provider
* remove relay server
* rename arguments in approveFunction
* fix GSNBouncerSignature test
* change gsn txfee
* initialize development provider only once
* update RelayHub interface
* adapt to new IRelayHub.withdraw
* update @openzeppelin/gsn-helpers
* update relayhub singleton address
* fix helper name
* set up gsn provider for coverage too
* lint
* Revert "set up gsn provider for coverage too"
This reverts commit 8a7b5be5f9.
* remove unused code
* add gsn provider to coverage
* move truffle contract options back out
* increase gas limit for coverage
* remove unreachable code
* add more gas for GSNContext test
* fix test suite name
* rename GSNBouncerBase internal API
* remove onlyRelayHub modifier
* add explicit inheritance
* remove redundant event
* update name of bouncers error codes enums
* add basic docs page for gsn contracts
* make gsn directory all caps
* add changelog entry
* lint
* enable test run to fail in coverage
* Add circlci, remove .travis.yml. Fixes#1839.
* Fix circleci config
* Add slack notification
* Add circleci status
* Fix config.yml, we don't need separate truffle image and instances.
* Matches oz-sdk node version
* Seems node:10.13 doesn't work for CircleCI either
* Remove npm update in circleci
* CircleCI use package-lock.json as cache key and install only the lock version
* Add back travis.yml
* Rename job build to test
* CircleCI requires that job to be called build instead of test or build_and_test
* Fix the way to run jobs
* Fix CircleCI
* Change back to npm install
* Add workflow and split into tasks
* Add workspace
* Restore cache
* update readme circleci instructions
* make step name more accurate
* added _safeTransferFrom function
* added safeMint functions
* added package-lock.json for consistency, don't know why it changes
* added initial suggestions/modifications
* change _safeTransferFrom to internal, reverted package-lock.json to original, and changed ERC721Pausable to override _transferFrom instead of transferFrom
* included tests for safeMint functions
* modified safeMint tests to be on ERC721Mock contract
* added safeMint to ERC721Mintable & respective test to ERC721MintBurn.behavior.js
* Rename package and repository name from docs and scripts
* undo root package rename
* add @openzeppelin/contracts as subpackage with release automation
* synchronize @openzeppelin/contracts version
* remove private field from package.json
* make file patterns absolute
* change wording of a comment
* use a saner version script
* Using extcodehash instead of extcodesize for less gas
`extcodehash` uses less gas then `extcodesize`. You can tell which address is a contract by the hash (see EIP-1052).
* Fix
* Add explainer
* Update Address.sol
* add changelog entry
* Simplification and optimization of existing contracts #8888
* Simplification of SimpleToken
* This is the fixed Simplification
* My bad I'm playing around with this git stuff, should be correct now
* add missing parenthesis
* Updated code style to no more than120 characters per line.
* Unify code comments style with Doxygen-style tags.
* Fix the conflicts.
* Add a return value in the contract ERC20Burnable.
* A Add a wrapper function to change type of address to address payable.
* U Modify Address utils.
* A Add test case for Address.
* U Modify code style in ERC20Burnable.
* Add changelog entry.
* Improved dev docs.
* update truffle to include bugfix
* change prepack script to prepare
* add npx in compile script
* fix for older node
* rename script file to prepare
(cherry picked from commit 036dd9bd6e)
* Moved ERC1820 related contracts out of drafts and into introspection.
* Moved ERC777 related contracts out of drafts and into token.
(cherry picked from commit c794c96617)
* update truffle to 5.0.14
* fix setup to test with solc-nightly
* switch to npx in script/test.sh
* please the linter
* rename build to prepack
* move download of nightly build to a compile script
* make compile script executable
* initial docsite setup
* switch from pushd to cd
* install and set up solidity-docgen
* use the docsite branch next for now
* make it clear that env var is a repository
* add a clarifying comment about a relative path
* change relative to absolute path in docsite script
* add docgen script
* add first few READMEs for contract documentation
* update solidity-docgen
* add docsite as dependency and adjust script
* update openzeppelin-docsite
* update solidity-docgen
* remove dummy text
* update docgen and docsite
* update openzeppelin-docsite
* add netlify.toml
* udpate tokens guide for 2.2
* add DOCUMENTATION.md
* Update docs/learn-about-utilities.md
Co-Authored-By: frangio <frangio.1@gmail.com>
* fix PaymentSplitter docs wording
* update solidity-docgen
* add missing ERC20 contracts
* update solidity-docgen
* trigger deploy with cleared cache
* update solidity-docgen
* update openzeppelin-docsite
* remove travis docs setup
* update openzeppelin-docsite
* switch to published solidity-docgen
* replacing all instances of from: anyone with from: other
* replacing all instances of from: anyone with from: other
* replacing all instances of from: anyone with from: other
* changing anyone to other
* changing anyone to other
* Update PaymentSplitter.sol
* add back private function docs
* add non-zero address requirement
* add comprehensive contract-level docs
* use capital E for Ether
* Rename variable from thing to contractUnderTest
* Compute function signatures in ERC165 interfaces
The ERC165 tests currently precompute some known interface ids.
This commit extracts the interfaces into a separate object and
precomputes the individual function signatures.
This will be useful to identify contracts that support an interface
but do not implement all of the corresponding functions.
* Add tests for ERC165 interface implementations
The ERC165 tests confirm that contracts claim to support
particular interfaces ( using the supportsInterface method )
This commit extends those tests to confirm that the corresponding
functions are included in the contract ABI.
It also rewords the existing test names in order to group the
implementation tests with the corresponding interface tests.
* Remove obsolete ERC721Exists interface constant
* Transaction Malleability:
If you allow for both values 0/1 and 27/28, you allow two different
signatures both resulting in a same valid recovery. (r,s,0/1) and
(r,s,27/28) would both be valid, recover the same public key and sign
the same data. Furthermore, given (r,s,0/1), (r,s,27/28) can be
constructed by anyone.
* Transaction Malleability:
EIP-2 still allows signature malleabality for ecrecover(), remove this
possibility and force the signature to be unique.
* Added a reference to appendix F to the yellow paper and improved
comment.
* better test description for testing the version 0, which returns
a zero address
* Check that the conversion from 0/1 to 27/28 only happens if its 0/1
* improved formatting
* Refactor ECDSA code a bit.
* Refactor ECDSA tests a bit.
* Add changelog entry.
* Add high-s check test.
* Add guard to ERC20Migrator migrate function
* Add tests for premature migration in ERC20Migrator
These tests apply to the new guard condition, but they don't
fail without it, since the functions revert anyway.
They are added for completeness and to ensure full code coverage.
* Use context block around premature migration tests
We should use context blocks for situational details
and describe for features or functions.
* Add IntelliJ IDE config to .gitignore
* Fix variable name in ERC20 function comments
* Fix typos in Arrays function comment
* Fix typos in ownership test names
* Fix typo in Pausable test name
* Fix grammar in Ownable function comment
* Fix grammar in Crowdsale contract comment
* Fix typo in Counters contract comment
* Fix typo in ERC721Enumerable comment
* Fix typo in ERC721PausedToken test name
* Fix typo in Crowdsale function comment
* Fix typo in IncreasingPriceCrowdsale function comment
* Fix grammar in IncreasingPriceCrowdsale test name
* Fix typo in AllowanceCrowdsale test name
* Fix typo in RefundEscrow function comment
* Fix typo in ERC20Migrator contract comment
* Fix typos in SignatureBouncer comments
* Fix typo in SignedSafeMath test name
* Fix typo in TokenVesting contract comment
* Move Ownable comment from @notice section to @dev
The Ownable contract has a comment explaining that renouncing
ownership will prevent execution of functions with the onlyOwner
modifier.
This commit moves that comment to the @dev section and replaces it
with a description suitable for a generic user.
* Clarify purpose of ERC20 transfer function
* Clarify registration of ERC721Enumerable interface
* Clarify purpose of AllowanceCrowdsale test
* Increase specificity of inheritance comments
FinalizableCrowdsale and RefundableCrowsale both have comments
indicating that they are extensions of the Crowdsale contract.
This commit refines those comments to the most immediate ancestor
( TimedCrowdsale and RefundableCrowdsale respectively )
* Remove unused parameter in PaymentSplitter test
* Rename parameter in SignatureBouncer functions
The SignatureBouncer contract has modifiers to validate the
message sender is authorised to perform an action. They pass
msg.sender to internal functions as the variable `account`, but
the function comments refer to the variable as `sender`
This commit changes the variable name to `sender`
* Clarify comments in SignatureBouncer functions
The SignatureBouncer has comments that use the description
`sender` to refer to the variable `account`.
This commit updates the comments for consistency.
Maintainer Note: this reverts changes in the previous commit,
which renamed the variable `account` instead.
* Add the solidity linter command to the PR template
The PR template states that a contributor should run the
Solidity/JS linters before submission. However, it only states the
command for the JS linter.
This commit adds the Solidity linter command explicitly.
* Use past tense in the list of prerequisites
* Refactor Counter to support increment and decrement.
* Move Counter out of drafts.
* Refactor ERC721 to use Counter.
* Rollback Counter returning the current value in increment and decrement.
* Update test/drafts/Counter.test.js
Co-Authored-By: nventuro <nicolas.venturo@gmail.com>
* Improve Counter documentation.
* Move Counter.test to utils.
* Move back Counter to drafts.
* Adding solhint, working on style fixes.
* Upgraded to solhint 1.5.0.
* Removed all references to Solium
* Updated mocks to make the pass the new linter rules.
* Reformatted the .solhint.json file a bit.
* Removed Solium configuration files.
* Remove Solium dependency.
* Add comment explaing disabled time rule in TokenVesting.
* Revert to the old (ugly?) style.
* Revert SignatureBouncerMock style.
* Fix ERC165InterfacesSupported interface.
* Now compiling in a separate directory using truffle 5.
* Ported to 0.5.1, now compiling using 0.5.1.
* test now also compiles using the truffle 5 hack.
* Downgraded to 0.5.0.
* Sorted scripts.
* Cleaned up the compile script a bit.
* signed safe math
* fix lint errors
* refactor overflow checks and add descriptions
* remove incorrect description
* add test for reversed arguments in multiplication test
* fix power operator
* improve multiplication test descriptions
* Update SafeMath.test.js
* add feature to changelog
* Added PausableCrowdsale contract
* Changed inheritance order to prevent "Linearization of inheritance graph impossible" error
* Updated mock PausableCrowdsaleImpl to new constructor syntax
* Broke function definition to multiple lines
Comply with new max line length
* Rename events to past-tense in PausableCrowdsale test
* Removed should.be.fullfilled from PausableCrowdsale tests
* Change import assertRevert to require in PausableCrowdsale tests
* Remove dependency on chai-as-promised and added BigNumber support in PausableCrowdsale tests
* reindent solidity with 4 spaces
* add missing view modifier in _preValidatePurchase
* convert assertRevert to new shoulFail helper
* add new setup helper
* use expectEvent
* convert to assert to chai should style
* add description to beforeEach blocks
* extract common step to beforeEach
* improve documentation
* revert inheritance error
* move PausableCrowdsale into crowdsale/validation
* make documentation more specific
* put whitespace in line with convention
* improve test suite account names
* undo beforeEach descriptions
* simplify tests
* fix transaction senders to be the anyone account
* make transaction senders more explicit
* remove mocha only
* Now only swapping when needed.
* Removed _addTokenTo and _removeTokenFrom
* Removed removeTokenFrom test.
* Added tests for ERC721 _mint and _burn
* _burn now uses the same swap and pop mechanism as _removeFromOwner
* Gas optimization on burn
* Added WhitelisterRole.
* Added WhitelisteeRole and WhitelistedCrowdsale.
* Added WhitelistedCrowdsale tests.
* Whitelisters can now remove Whitelistees.
* PublicRole.behavior now supports a manager account, added Whitelistee tests.
* Rephrased tests, added test for whitelistees doing invalid purchases.
* Fixed linter error.
* Fixed typos
Co-Authored-By: nventuro <nicolas.venturo@gmail.com>
* Working around JS quirks
Co-Authored-By: nventuro <nicolas.venturo@gmail.com>
* Update PublicRole.behavior.js
* Renamed WhitelisteeRole to WhitelistedRole.
* Renamed WhitelistedCrowdsale to WhitelistCrowdsale.
* Now using the new test helper.
* Added basic documentation.
* Added advanceBlock to time, moved tests around.
* Removed the standalone advanceBlock.
* Removed the 'id' field
* Fixed linter error.
* Removed the 'latest' test, since it only works if time hasn't been fast-forwarded.
* Removed .only directive.
* transferFrom now emits an Approval event, indicating the updated allowance.
* Updated burnFrom to also emit Approval.
* Added notices about the extra Approval events.
* Added inTransaction tests.
* Added expectEvent.inConstructor.
* Changed inTransaction, removed decodeLogs.
* Flipped comparison to improve the error message.
* Improved expectEvent tests.
* Migrated tests to use expectEvent.
* Added roles constructor tests.
* Fixed linter errors.
* Made lodash a dev dependency.
* Added more inLogs tests.
* Update expectEvent.test.js
* Removed lodash.
* Moved role constructor tests to public role behavior.
* Revert "Flipped comparison to improve the error message."
This reverts commit 438c57833d.
* Replaced chai-as-promised with shouldFail.
* Rolled back Travis stages
* Rolled back the rolled-back changes.
* Renamed jobs, coverage can no longer fail.
* Cleaned up the yaml file a bit.
* Updated coveralls badge.
Small change in test description, should be "allows to approve..." instead of "allow to transfer..." in approve section, where test actualy try to approve, not to transfer.
* Remove redundant require statements
Now that SafeMath uses require, the require statements are redundant. They were also previously inconsistent because they were only included in some functions, but not others
* Update ERC20.sol
* Made _clearApproval private, added clarifying comments in _addTokenTo and _removeTokenFrom.
* Added approval information.
(cherry picked from commit 8204f6a71f)
* Improved TokenVesting events.
* Added extra checks to TokenVesting.
* Renamed the events.
* Fixed linter error.
* Fixed a test that failed to cover a require.
* Renamed TokensRevoked to TokenVestingRevoked.
(cherry picked from commit 67dac7ae99)
* Replaced assertJump, assertRevert and expectThrow with shouldFail.
* Fixed linter errors.
* Fixed typo.
* Made the helpers async.
(cherry picked from commit b0da0fded0)
* Add BigNumber support to expectEvent/inLogs (#1026)
* switched direct logs array check to expectEvent method in AllowanceCrowdsale.test.js
* Refactor expectEvent.inLogs function to use simple value number check
* Introduced should.be.bignumber method to compare BigNumber values
* Use expectEvent to test logs (#1232)
* Removed trailing space
(cherry picked from commit 536262f2ec)
* Add BigNumber support to expectEvent/inLogs (#1026)
* switched direct logs array check to expectEvent method in AllowanceCrowdsale.test.js
* Refactor expectEvent.inLogs function to use simple value number check
* Introduced should.be.bignumber method to compare BigNumber values
* Destructure transaction object to extract logs field
(cherry picked from commit 947de54cee)
* Add Arrays library with unit tests (#1209)
* prepared due to snapshot token requirements
* add library with method to find upper bound
* add unit test for basic and edge cases
* Imporove documentation for Arrays library
Simplify Arrays.test.js to use short arrays as test date
* Added comment for uint256 mid variable.
* Explaned why uint256 mid variable calculated as Math.average is safe to use as index of array.
(cherry picked from commit f7e53d90fa)
* Improved TokenVesting events.
* Added extra checks to TokenVesting.
* Renamed the events.
* Fixed linter error.
* Fixed a test that failed to cover a require.
* Renamed TokensRevoked to TokenVestingRevoked.
* Add Arrays library with unit tests (#1209)
* prepared due to snapshot token requirements
* add library with method to find upper bound
* add unit test for basic and edge cases
* Imporove documentation for Arrays library
Simplify Arrays.test.js to use short arrays as test date
* Added comment for uint256 mid variable.
* Explaned why uint256 mid variable calculated as Math.average is safe to use as index of array.
* separate part of ERC721Mintable into ERC721MetadataMintable
* remove mint and burn from 721 tests
* Fixed linter error.
* fix ERC721 mint tests
* Minor fixes.
(cherry picked from commit 744f567f40)
* separate part of ERC721Mintable into ERC721MetadataMintable
* remove mint and burn from 721 tests
* Fixed linter error.
* fix ERC721 mint tests
* Minor fixes.
* Fixed a broken payment test
* In PR template, npm run lint:fix, not lint:all:fix
* In SplitPayment test, replaced an await-in-loop with Promise.all
(cherry picked from commit b79196f911)
* Add BigNumber support to expectEvent/inLogs (#1026)
* switched direct logs array check to expectEvent method in AllowanceCrowdsale.test.js
* Refactor expectEvent.inLogs function to use simple value number check
* Introduced should.be.bignumber method to compare BigNumber values
* Use expectEvent to test logs (#1232)
* Removed trailing space
* Add BigNumber support to expectEvent/inLogs (#1026)
* switched direct logs array check to expectEvent method in AllowanceCrowdsale.test.js
* Refactor expectEvent.inLogs function to use simple value number check
* Introduced should.be.bignumber method to compare BigNumber values
* Destructure transaction object to extract logs field
* release candidate v2.0.0-rc.1
* fix linter error
(cherry picked from commit c12a1c6898)
* Roles now emit events in construction and when renouncing.
(cherry picked from commit 21198bf1c1)
* rename Index.currentId to current
* use += operator for clarity
* rename Counter.Index to Counter.Counter
* move Counter to drafts
(cherry picked from commit 3e55408cb5)
* Extract standard token behaviuor to reuse it in other tests
* Add opt in ERC20 migration contract
* Make migration contract not to depend from standard token
* Changes based on feedback
* Improve MigratableERC20 inline documentation
* move behaviors to behaviors directory
* refactor MigratableERC20 into ERC20Migrator
* fix errors
* change expectEvent to support multiple events with same name
* fix tests
* update documentation
* rename MigratableERC20 files to ERC20Migrator
* move to drafts
* test beginMigration
* rename to ERC20Migrator
* missing semicolon (╯°□°)╯︵ ┻━┻
* add non-zero check
* improve documentation based on review comments
* improve test descriptions
* improve docs
* add getters
* fix contract
* improve tests
* The role library now requires non-zero addresses.
* Fixed SignatureBouncer checks with null address.
* change ternary operator for or operator
* adapt to new variable name convention
* Update Roles.sol
* Role tests (#1228)
* Moved RBAC tests to access.
* Added Roles.addMany and tests.
* Fixed linter error.
* Now using uint256 indexes.
* Removed RBAC tokens (#1229)
* Deleted RBACCappedTokenMock.
* Removed RBACMintableToken.
* Removed RBACMintableToken from the MintedCrowdsale tests.
* Roles can now be transfered. (#1235)
* Roles can now be transfered.
* Now explicitly checking support for the null address.
* Now rejecting transfer to a role-haver.
* Added renounce, roles can no longer be transfered to 0.
* Fixed linter errors.
* Fixed a Roles test.
* True Ownership (#1247)
* Added barebones Secondary.
* Added transferPrimary
* Escrow is now Secondary instead of Ownable.
* Now reverting on transfers to 0.
* The Secondary's primary is now private.
* Improve encapsulation on ERC165
* Improve encapsulation on ERC20
* Improve encapsulation on ERC721
* Add tests, use standard getters
* fix tests
* Fix lint
* MintableToken using Roles (#1236)
* Minor test style improvements (#1219)
* Changed .eq to .equal
* Changed equal(bool) to .to.be.bool
* Changed be.bool to equal(bool), disallowed unused expressions.
* Add ERC165Query library (#1086)
* Add ERC165Query library
* Address PR Comments
* Add tests and mocks from #1024 and refactor code slightly
* Fix javascript and solidity linting errors
* Split supportsInterface into three methods as discussed in #1086
* Change InterfaceId_ERC165 comment to match style in the rest of the repo
* Fix max-len lint issue on ERC165Checker.sol
* Conditionally ignore the asserts during solidity-coverage test
* Switch to abi.encodeWithSelector and add test for account addresses
* Switch to supportsInterfaces API as suggested by @frangio
* Adding ERC165InterfacesSupported.sol
* Fix style issues
* Add test for supportsInterfaces returning false
* Add ERC165Checker.sol newline
* feat: fix coverage implementation
* fix: solidity linting error
* fix: revert to using boolean tests instead of require statements
* fix: make supportsERC165Interface private again
* rename SupportsInterfaceWithLookupMock to avoid name clashing
* Added mint and burn tests for zero amounts. (#1230)
* Changed .eq to .equal. (#1231)
* ERC721 pausable token (#1154)
* ERC721 pausable token
* Reuse of ERC721 Basic behavior for Pausable, split view checks in paused state & style fixes
* [~] paused token behavior
* Add some detail to releasing steps (#1190)
* add note about pulling upstream changes to release branch
* add comment about upstream changes in merging section
* Increase test coverage (#1237)
* Fixed a SplitPayment test
* Deleted unnecessary function.
* Improved PostDeliveryCrowdsale tests.
* Improved RefundableCrowdsale tests.
* Improved MintedCrowdsale tests.
* Improved IncreasingPriceCrowdsale tests.
* Fixed a CappedCrowdsale test.
* Improved TimedCrowdsale tests.
* Improved descriptions of added tests.
* ci: trigger docs update on tag (#1186)
* MintableToken now uses Roles.
* Fixed FinalizableCrowdsale test.
* Roles can now be transfered.
* Fixed tests related to MintableToken.
* Removed Roles.check.
* Renamed transferMintPermission.
* Moved MinterRole
* Fixed RBAC.
* Adressed review comments.
* Addressed review comments
* Fixed linter errors.
* Added Events tests of Pausable contract (#1207)
* Fixed roles tests.
* Rename events to past-tense (#1181)
* fix: refactor sign.js and related tests (#1243)
* fix: refactor sign.js and related tests
* fix: remove unused dep
* fix: update package.json correctly
* Added "_" sufix to internal variables (#1171)
* Added PublicRole test.
* Fixed crowdsale tests.
* Rename ERC interfaces to I prefix (#1252)
* rename ERC20 to IERC20
* move ERC20.sol to IERC20.sol
* rename StandardToken to ERC20
* rename StandardTokenMock to ERC20Mock
* move StandardToken.sol to ERC20.sol, likewise test and mock files
* rename MintableToken to ERC20Mintable
* move MintableToken.sol to ERC20Mintable.sol, likewise test and mock files
* rename BurnableToken to ERC20Burnable
* move BurnableToken.sol to ERC20Burnable.sol, likewise for related files
* rename CappedToken to ERC20Capped
* move CappedToken.sol to ERC20Capped.sol, likewise for related files
* rename PausableToken to ERC20Pausable
* move PausableToken.sol to ERC20Pausable.sol, likewise for related files
* rename DetailedERC20 to ERC20Detailed
* move DetailedERC20.sol to ERC20Detailed.sol, likewise for related files
* rename ERC721 to IERC721, and likewise for other related interfaces
* move ERC721.sol to IERC721.sol, likewise for other 721 interfaces
* rename ERC721Token to ERC721
* move ERC721Token.sol to ERC721.sol, likewise for related files
* rename ERC721BasicToken to ERC721Basic
* move ERC721BasicToken.sol to ERC721Basic.sol, likewise for related files
* rename ERC721PausableToken to ERC721Pausable
* move ERC721PausableToken.sol to ERC721Pausable.sol
* rename ERC165 to IERC165
* move ERC165.sol to IERC165.sol
* amend comment that ERC20 is based on FirstBlood
* fix comments mentioning IERC721Receiver
* added explicit visibility (#1261)
* Remove underscores from event parameters. (#1258)
* Remove underscores from event parameters.
Fixes#1175
* Add comment about ERC
* Move contracts to subdirectories (#1253)
* Move contracts to subdirectories
Fixes#1177.
This Change also removes the LimitBalance contract.
* fix import
* move MerkleProof to cryptography
* Fix import
* Remove HasNoEther, HasNoTokens, HasNoContracts, and NoOwner (#1254)
* remove HasNoEther, HasNoTokens, HasNoContracts, and NoOwner
* remove unused ERC223TokenMock
* remove Contactable
* remove TokenDestructible
* remove DeprecatedERC721
* inline Destructible#destroy in Bounty
* remove Destructible
* Functions in interfaces changed to "external" (#1263)
* Add a leading underscore to internal and private functions. (#1257)
* Add a leading underscore to internal and private functions.
Fixes#1176
* Remove super
* update the ERC721 changes
* add missing underscore after merge
* Fix mock
* Improve encapsulation on SignatureBouncer, Whitelist and RBAC example (#1265)
* Improve encapsulation on Whitelist
* remove only
* update whitelisted crowdsale test
* Improve encapsulation on SignatureBouncer
* fix missing test
* Improve encapsulation on RBAC example
* Improve encapsulation on RBAC example
* Remove extra visibility
* Improve encapsulation on ERC20 Mintable
* Improve encapsulation on Superuser
* fix lint
* add missing constant
* Addressed review comments.
* Fixed build error.
* move interface ids to implementation contracts
* Do not prefix getters
* Improve encapsulation on Crowdsales
* add missing tests
* remove only
* Improve encapsulation on Pausable
* add the underscore
* Improve encapsulation on ownership
* fix rebase
* fix ownership
* Improve encapsulation on payments
* Add missing tests
* add missing test
* Do not prefix getters
* Do not prefix getters
* Fix tests.
* Update modifiers to call public view functions.
Fixes#1179.
* Improve encapsulation on BreakInvariantBounty
* Make researchers private
* Improve encapsulation on Crowdsales
* add missing tests
* remove only
* Improve encapsulation on Pausable
* add the underscore
* Improve encapsulation on ownership
* fix rebase
* fix ownership
* Improve encapsulation on payments
* Add missing tests
* add missing test
* Do not prefix getters
* Do not prefix getters
* Do not prefix getters
* Fix tests.
* tmp
* remove isMinter
* fix is owner call
* fix isOpen
* Fix merge
* tmp
* Improve encapsulation on TimedCrowdsale
* Add missing parentheses
* Use prefix underscore for state variables and no underscore for parameters
* Improved Roles API. (#1280)
* Improved Roles API.
* fix linter error
* Added PauserRole. (#1283)
* remove duplicate function definition
* Remove Claimable, DelayedClaimable, Heritable (#1274)
* remove Claimable, DelayedClaimable, Heritable
* remove SimpleSavingsWallet example which used Heritable
(cherry picked from commit 0dc711732a)
* Role behavior tests (#1285)
* Added role tests.
* Added PauserRole tests to contracts that have that role.
* Added MinterRole tests to contracts that have that role.
* Fixed linter errors.
* Migrate Ownable to Roles (#1287)
* Added CapperRole.
* RefundEscrow is now Secondary.
* FinalizableCrowdsale is no longer Ownable.
* Removed Whitelist and WhitelistedCrowdsale, redesign needed.
* Fixed linter errors, disabled lbrace due to it being buggy.
* Remove RBAC, SignatureBouncer refactor (#1289)
* Added CapperRole.
* RefundEscrow is now Secondary.
* FinalizableCrowdsale is no longer Ownable.
* Removed Whitelist and WhitelistedCrowdsale, redesign needed.
* Fixed linter errors, disabled lbrace due to it being buggy.
* Moved SignatureBouncer tests.
* Deleted RBAC and Superuser.
* Deleted rbac directory.
* Updated readme.
* SignatureBouncer now uses SignerRole, renamed bouncer to signer.
* feat: implement ERC721Mintable and ERC721Burnable (#1276)
* feat: implement ERC721Mintable and ERC721Burnable
* fix: linting errors
* fix: remove unused mintable mock for ERC721BasicMock
* fix: add finishMinting tests
* fix: catch MintFinished typo
* inline ERC721Full behavior
* undo pretty formatting
* fix lint errors
* rename canMint to onlyBeforeMintingFinished for consistency with ERC20Mintable
* Fix the merge with the privatization branch
* fix lint
* Remove underscore
* Delete CapperRole.test.js
* fix increaseApproval
* rename {increase,decrease}Approval to {increase,decrease}Allowance
* add non-zero spender check to approve and {increase,decrease}Allowance
* Updated tests to reflect the new behavior.
* fix wrong test description
* fix old function names
* Fixed linter error.
* Fixed typo.
* Role tests (#1228)
* Moved RBAC tests to access.
* Added Roles.addMany and tests.
* Fixed linter error.
* Now using uint256 indexes.
* Removed RBAC tokens (#1229)
* Deleted RBACCappedTokenMock.
* Removed RBACMintableToken.
* Removed RBACMintableToken from the MintedCrowdsale tests.
* Roles can now be transfered. (#1235)
* Roles can now be transfered.
* Now explicitly checking support for the null address.
* Now rejecting transfer to a role-haver.
* Added renounce, roles can no longer be transfered to 0.
* Fixed linter errors.
* Fixed a Roles test.
* True Ownership (#1247)
* Added barebones Secondary.
* Added transferPrimary
* Escrow is now Secondary instead of Ownable.
* Now reverting on transfers to 0.
* The Secondary's primary is now private.
* MintableToken using Roles (#1236)
* Minor test style improvements (#1219)
* Changed .eq to .equal
* Changed equal(bool) to .to.be.bool
* Changed be.bool to equal(bool), disallowed unused expressions.
* Add ERC165Query library (#1086)
* Add ERC165Query library
* Address PR Comments
* Add tests and mocks from #1024 and refactor code slightly
* Fix javascript and solidity linting errors
* Split supportsInterface into three methods as discussed in #1086
* Change InterfaceId_ERC165 comment to match style in the rest of the repo
* Fix max-len lint issue on ERC165Checker.sol
* Conditionally ignore the asserts during solidity-coverage test
* Switch to abi.encodeWithSelector and add test for account addresses
* Switch to supportsInterfaces API as suggested by @frangio
* Adding ERC165InterfacesSupported.sol
* Fix style issues
* Add test for supportsInterfaces returning false
* Add ERC165Checker.sol newline
* feat: fix coverage implementation
* fix: solidity linting error
* fix: revert to using boolean tests instead of require statements
* fix: make supportsERC165Interface private again
* rename SupportsInterfaceWithLookupMock to avoid name clashing
* Added mint and burn tests for zero amounts. (#1230)
* Changed .eq to .equal. (#1231)
* ERC721 pausable token (#1154)
* ERC721 pausable token
* Reuse of ERC721 Basic behavior for Pausable, split view checks in paused state & style fixes
* [~] paused token behavior
* Add some detail to releasing steps (#1190)
* add note about pulling upstream changes to release branch
* add comment about upstream changes in merging section
* Increase test coverage (#1237)
* Fixed a SplitPayment test
* Deleted unnecessary function.
* Improved PostDeliveryCrowdsale tests.
* Improved RefundableCrowdsale tests.
* Improved MintedCrowdsale tests.
* Improved IncreasingPriceCrowdsale tests.
* Fixed a CappedCrowdsale test.
* Improved TimedCrowdsale tests.
* Improved descriptions of added tests.
* ci: trigger docs update on tag (#1186)
* MintableToken now uses Roles.
* Fixed FinalizableCrowdsale test.
* Roles can now be transfered.
* Fixed tests related to MintableToken.
* Removed Roles.check.
* Renamed transferMintPermission.
* Moved MinterRole
* Fixed RBAC.
* Adressed review comments.
* Addressed review comments
* Fixed linter errors.
* Added Events tests of Pausable contract (#1207)
* Fixed roles tests.
* Rename events to past-tense (#1181)
* fix: refactor sign.js and related tests (#1243)
* fix: refactor sign.js and related tests
* fix: remove unused dep
* fix: update package.json correctly
* Added "_" sufix to internal variables (#1171)
* Added PublicRole test.
* Fixed crowdsale tests.
* Rename ERC interfaces to I prefix (#1252)
* rename ERC20 to IERC20
* move ERC20.sol to IERC20.sol
* rename StandardToken to ERC20
* rename StandardTokenMock to ERC20Mock
* move StandardToken.sol to ERC20.sol, likewise test and mock files
* rename MintableToken to ERC20Mintable
* move MintableToken.sol to ERC20Mintable.sol, likewise test and mock files
* rename BurnableToken to ERC20Burnable
* move BurnableToken.sol to ERC20Burnable.sol, likewise for related files
* rename CappedToken to ERC20Capped
* move CappedToken.sol to ERC20Capped.sol, likewise for related files
* rename PausableToken to ERC20Pausable
* move PausableToken.sol to ERC20Pausable.sol, likewise for related files
* rename DetailedERC20 to ERC20Detailed
* move DetailedERC20.sol to ERC20Detailed.sol, likewise for related files
* rename ERC721 to IERC721, and likewise for other related interfaces
* move ERC721.sol to IERC721.sol, likewise for other 721 interfaces
* rename ERC721Token to ERC721
* move ERC721Token.sol to ERC721.sol, likewise for related files
* rename ERC721BasicToken to ERC721Basic
* move ERC721BasicToken.sol to ERC721Basic.sol, likewise for related files
* rename ERC721PausableToken to ERC721Pausable
* move ERC721PausableToken.sol to ERC721Pausable.sol
* rename ERC165 to IERC165
* move ERC165.sol to IERC165.sol
* amend comment that ERC20 is based on FirstBlood
* fix comments mentioning IERC721Receiver
* added explicit visibility (#1261)
* Remove underscores from event parameters. (#1258)
* Remove underscores from event parameters.
Fixes#1175
* Add comment about ERC
* Move contracts to subdirectories (#1253)
* Move contracts to subdirectories
Fixes#1177.
This Change also removes the LimitBalance contract.
* fix import
* move MerkleProof to cryptography
* Fix import
* Remove HasNoEther, HasNoTokens, HasNoContracts, and NoOwner (#1254)
* remove HasNoEther, HasNoTokens, HasNoContracts, and NoOwner
* remove unused ERC223TokenMock
* remove Contactable
* remove TokenDestructible
* remove DeprecatedERC721
* inline Destructible#destroy in Bounty
* remove Destructible
* Functions in interfaces changed to "external" (#1263)
* Add a leading underscore to internal and private functions. (#1257)
* Add a leading underscore to internal and private functions.
Fixes#1176
* Remove super
* update the ERC721 changes
* add missing underscore after merge
* Fix mock
* Improve encapsulation on SignatureBouncer, Whitelist and RBAC example (#1265)
* Improve encapsulation on Whitelist
* remove only
* update whitelisted crowdsale test
* Improve encapsulation on SignatureBouncer
* fix missing test
* Improve encapsulation on RBAC example
* Improve encapsulation on RBAC example
* Remove extra visibility
* Improve encapsulation on ERC20 Mintable
* Improve encapsulation on Superuser
* fix lint
* add missing constant
* Addressed review comments.
* Fixed build error.
* Improved Roles API. (#1280)
* Improved Roles API.
* fix linter error
* Added PauserRole. (#1283)
* Remove Claimable, DelayedClaimable, Heritable (#1274)
* remove Claimable, DelayedClaimable, Heritable
* remove SimpleSavingsWallet example which used Heritable
(cherry picked from commit 0dc711732a)
* Role behavior tests (#1285)
* Added role tests.
* Added PauserRole tests to contracts that have that role.
* Added MinterRole tests to contracts that have that role.
* Fixed linter errors.
* Migrate Ownable to Roles (#1287)
* Added CapperRole.
* RefundEscrow is now Secondary.
* FinalizableCrowdsale is no longer Ownable.
* Removed Whitelist and WhitelistedCrowdsale, redesign needed.
* Fixed linter errors, disabled lbrace due to it being buggy.
* Remove RBAC, SignatureBouncer refactor (#1289)
* Added CapperRole.
* RefundEscrow is now Secondary.
* FinalizableCrowdsale is no longer Ownable.
* Removed Whitelist and WhitelistedCrowdsale, redesign needed.
* Fixed linter errors, disabled lbrace due to it being buggy.
* Moved SignatureBouncer tests.
* Deleted RBAC and Superuser.
* Deleted rbac directory.
* Updated readme.
* SignatureBouncer now uses SignerRole, renamed bouncer to signer.
* feat: implement ERC721Mintable and ERC721Burnable (#1276)
* feat: implement ERC721Mintable and ERC721Burnable
* fix: linting errors
* fix: remove unused mintable mock for ERC721BasicMock
* fix: add finishMinting tests
* fix: catch MintFinished typo
* inline ERC721Full behavior
* undo pretty formatting
* fix lint errors
* rename canMint to onlyBeforeMintingFinished for consistency with ERC20Mintable
* Fix the merge with the privatization branch
* remove duplicate CapperRole test
* Improve encapsulation on ERC165
* Improve encapsulation on ERC20
* Improve encapsulation on ERC721
* Add tests, use standard getters
* fix tests
* Fix lint
* move interface ids to implementation contracts
* Do not prefix getters
* rename proposals directory to drafts directory
* move TokenVesting and SignatureBouncer to drafts/
* rename BouncerMock.sol to SignatureBouncerMock.sol
* Improve encapsulation on Whitelist
* remove only
* update whitelisted crowdsale test
* Improve encapsulation on SignatureBouncer
* fix missing test
* Improve encapsulation on RBAC example
* Improve encapsulation on RBAC example
* Remove extra visibility
* Improve encapsulation on ERC20 Mintable
* Improve encapsulation on Superuser
* fix lint
* add missing constant
* Add a leading underscore to internal and private functions.
Fixes#1176
* Remove super
* update the ERC721 changes
* add missing underscore after merge
* Fix mock
* Move contracts to subdirectories
Fixes#1177.
This Change also removes the LimitBalance contract.
* fix import
* move MerkleProof to cryptography
* Fix import
* rename ERC20 to IERC20
* move ERC20.sol to IERC20.sol
* rename StandardToken to ERC20
* rename StandardTokenMock to ERC20Mock
* move StandardToken.sol to ERC20.sol, likewise test and mock files
* rename MintableToken to ERC20Mintable
* move MintableToken.sol to ERC20Mintable.sol, likewise test and mock files
* rename BurnableToken to ERC20Burnable
* move BurnableToken.sol to ERC20Burnable.sol, likewise for related files
* rename CappedToken to ERC20Capped
* move CappedToken.sol to ERC20Capped.sol, likewise for related files
* rename PausableToken to ERC20Pausable
* move PausableToken.sol to ERC20Pausable.sol, likewise for related files
* rename DetailedERC20 to ERC20Detailed
* move DetailedERC20.sol to ERC20Detailed.sol, likewise for related files
* rename ERC721 to IERC721, and likewise for other related interfaces
* move ERC721.sol to IERC721.sol, likewise for other 721 interfaces
* rename ERC721Token to ERC721
* move ERC721Token.sol to ERC721.sol, likewise for related files
* rename ERC721BasicToken to ERC721Basic
* move ERC721BasicToken.sol to ERC721Basic.sol, likewise for related files
* rename ERC721PausableToken to ERC721Pausable
* move ERC721PausableToken.sol to ERC721Pausable.sol
* rename ERC165 to IERC165
* move ERC165.sol to IERC165.sol
* amend comment that ERC20 is based on FirstBlood
* fix comments mentioning IERC721Receiver
* Add ERC165Query library
* Address PR Comments
* Add tests and mocks from #1024 and refactor code slightly
* Fix javascript and solidity linting errors
* Split supportsInterface into three methods as discussed in #1086
* Change InterfaceId_ERC165 comment to match style in the rest of the repo
* Fix max-len lint issue on ERC165Checker.sol
* Conditionally ignore the asserts during solidity-coverage test
* Switch to abi.encodeWithSelector and add test for account addresses
* Switch to supportsInterfaces API as suggested by @frangio
* Adding ERC165InterfacesSupported.sol
* Fix style issues
* Add test for supportsInterfaces returning false
* Add ERC165Checker.sol newline
* feat: fix coverage implementation
* fix: solidity linting error
* fix: revert to using boolean tests instead of require statements
* fix: make supportsERC165Interface private again
* rename SupportsInterfaceWithLookupMock to avoid name clashing
* tests: use stages for the travis execution
Fixes#694
* add comments as suggested by @nventuro
* move the unit tests first, as suggested by @frangio
* make stages clearer as suggested by @nventuro
* tests: use stages for the travis execution
Fixes#694
* add comments as suggested by @nventuro
* move the unit tests first, as suggested by @frangio
* make stages clearer as suggested by @nventuro
* update the stage names as suggested by @frangio
* Run all tests in parallel
* added names
* make StandardToken state variables private
* simplify mocks
* document new internal functions
* fix link to ERC20 document
* revert order of Transfer and Mint events
* Revert "simplify mocks"
This reverts commit 371fe3e567.
* add tests for new internal functions
* add check for null account
* add checks for balances and allowance
* add inline docs to BurnableToken._burn
* remove redundant checks and clarify why
* Consolidted ERC20 Interface and Implementation Files
* Fixed CanReclaimToken's tests to use StandardTokenMock instead of BasicTokenMock
* Changed token's variable type in TokenTimelock to ERC20
* Merged the StandardBurnableToken with BurnableToken since it now inherits from StandardToken; Fixed TokenTimelock so it uses SafeERC20 for ERC20
* Fixed variable type for _token in TokenTimelock constructor
* Fixed linting warning in BurnableToken
* Added back burnFrom tests.
* Add an initial document for our release process
* add more detail and explanation to releasing guide
* fix details of the RELEASING.md document
* Update RELEASING.md
* Update RELEASING.md
* Update RELEASING.md
* Update RELEASING.md
* fixed visibility warnings
* solved visibility and line length warning
* change a test assertion that fails due to chai dependence update
* linter, constructor style and solved visibility warnings
* Changed Windows line endings to Unix.
* Add EditorConfig file.
This allows users with a wide variety of editors to easily code in
OpenZeppelin's preferred 2 space indentation code style.
See https://editorconfig.org for more information.
* Eslint: Always disallow trailing space
* Eslint: Error on missing EOL at file end
* Added an Architecture section that speaks to the different types of contracts
* Added a Tests section that provides high-level visibility into what is used for unit testing
* Added a How To Use and Modify OpenZeppelin Contracts section
* Added development principles to the existing Security section
We now ensure that if an exception is thrown while awaiting the promise,
the exception _has_ to be a revert. We throw 'Expected revert not
received' only afterwards. This solves any problems with confusing the
word 'revert'.
Fix#775
* Update StandardToken.sol
* Slight improvement in gas efficiency
Users tend to attempt to over-spend more than they attempt to burn non-burnable tokens. If the contract checks for overspending before assuring tokens are not being burnt a slight amount of gas might be saved in the long term.
* Assume that token is mintable.
* ECRecover test should revert because of wrong calldata size
* fix: use expectThrow
* fix: ignore failing test until solc^0.5.0
* Added basic Escrow
* PullPayment now uses an Escrow, removing all trust from the contract
* Abstracted the Escrow tests to a behaviour
* Added ConditionalEscrow
* Added RefundableEscrow.
* RefundableCrowdsale now uses a RefundEscrow, removed RefundVault.
* Renaming after code review.
* Added log test helper.
* Now allowing empty deposits and withdrawals.
* Style fixes.
* Minor review comments.
* Add Deposited and Withdrawn events, removed Refunded
* The base Escrow is now Ownable, users of it (owners) must provide methods to access it.
* Align ERC721 Receiver with current ERC721 standard.
Adds a second address field to onERC721Received
onERC721Received(address,address,uint256,bytes)
Updates the function signature to 0x150b7a02 from 0xf0b9e5ba
* Add _operator to onERC721Received
* Fix error caused by formatOnSave
* Fixed comments on ERC721Receiver
Removed "Must use 50,000 gas or less"
Corrected the function signature
* make _tokenId indexed in Transfer and Approval events
via: https://github.com/ethereum/EIPs/pull/1124/files
* fix: make name() and symbol() external instead of public
* feat: implement ERC721's ERC165
* feat: erc165 tests
* fix: don't use chai-as-promised in direct await
* fix: reorganize to /introspection
* feat: abstract all erc165 tests to a behavior
* feat: disallow registering 0xffffffff
* Refactoring Superuser contract to allow Owners to transfer ownership when they are not superusers #50
* Refactoring tests to create a contract instance for each of them #50
* update sha3 1.2.0 -> 1.2.2 for node 10 compatibility
* update nan 2.6.2 -> 2.10.0 for node 10 compatibility
* commit new package-lock.json format generated by npm 6
* added the RBACMintableToken
* added MintedCrowdsale with RBACMintableToken test
* added a mintable behaviour for tests
* moved minting tests in behaviour
* created a minted crowdsale behaviour to be tested with both mintable and rbacmintable token
* Update ERC827.sol to not use function overloading
* updated tests for erc827 function name changes
* fixed broken test
* removed findMethod from erc827 tests that is no longer necessary
* Add StandardBurnableToken implementation
BurnableToken that extends from StandardToken and adds a
burnFrom method that decrements allowance. Equivalent to
a transferFrom plus burn in a single operation.
* Return event object from expectEvent helper
* Add comment on Approval event in burnFrom function
* Improvements on burnable token tests
- Inject initial balance as a parameter to the behaviour
- Use expectEvent helper for assertions on events
- Use chai bignumber for numbers
- Change to bdd-style assertions
* fix: clean up solium linting errors
* fix: make various contracts natspec compliant
* fix: this.balance deprecated; convert to address(this).balance
* fix: contract.call deprecated and switch to gasleft()
* fix: ignore empty block rule project-wide
* fix: add ignore cases for the rest of the linting warnings
* Update to ganache-cli v6.1.0 and truffle v4.1.0
* Update to stable version of ganache-cli
* fix: update event emission warning
- Fix event emission warnings for solidity 4.21 after truffle has been
updated to use this version
* fix pr review comments
* update to truffle v4.1.5
* update package-lock
* add additional emit keywords
* update solidity-coverage to 0.4.15
* update to solium 1.1.6
* fix MerkleProof coverage analysis by testing through wrapper
* change version pragma to ^0.4.21
* fix solium linting errors
* Rename current ERC721 implementation to BaseERC721
* Implement ERC721 optional & approveAll functionality
* Support for new ERC721 interface
- Tests for new features are pending
- ERC721 is abstract, since it requires metadata implementation
- Move some methods into DeprecatedERC721 contract
- Reorganise base vs full implementation
- Pending tokenByIndex
* Add more tests for ERC721
* Implement suggestions by @dekz
* Update comments in ERC721 contracts
* Implement tokensByIndex extension
- Remove restrictions from mock mint and burn calls
* Add default implementation for metadata URI
This allows token implementation to be non-abstract
* Allow operators to call approve on a token
* Remove gas stipend restriction in call to 721 receiver
* Remove deprecated implementation
We only want to keep the interface, for interacting with already deployed contracts
* Add notice to isContract helper on constract constructors
* Change natspec delimiters for consistency
* Minor linting fixes
* Add constant modifier to ERC721_RECEIVED magic value
* Use 4-params safeTransferFrom for implementing the 3-params overload
* Minor text changes in natspec comments
* Use address(0) instead of 0 or 0x0
* Use if-statements instead of boolean one-liners for clarity
:-(
* Keep ownedTokensCount state var in sync in full ERC721 implementation
* Fix incorrect comparison when burning ERC721 tokens with metadata
* Use address(0) instead of 0 in one more place in ERC721
* Throw when querying balance for the zero address
Required by the spec
* Update links to approved version of EIP721
* Use explicit size for uint
* Remove unneeded internal function in ERC721
Also rename addToken and removeToken for added clarity
* Use underscore instead of 'do' prefix for internal methods in ERC721
* Fix failing test due to events reordering in ERC721 safe transfer
* Fix bug introduced in 74db03ba06
* Remove do prefix for internal setTokenUri method
* Allow transfers to self in ERC721
* Basic idea
* Fine tuning idea
* Add comments / tidy up Crowdsale base class
* fixed TimedCrowdsale constructor
* added simple crowdsale test
* added HODL directory under home to store unused contracts. ugly hack to solve Crowdsale selection in tests, better way?
* Capped no longer inherits from Timed, added capReached() method (replacing hasEnded())
* added SafeMath in TimedCrowdsale for safety, CHECK whether it is inherited from Crowdsale
* several fixes related to separating Capped from Timed. functions renamed, mocks changed. Capped tests passing
* added TimedCrowdsaleImpl.sol, TimedCrowdsale tests, passed
* added Whitelisted implementation and test, passed.
* removed unnecessary super constructor call in WhitelistedCrowdsale, removed unused dependencies in tests
* renamed UserCappedCrowdsale to IndividuallyCappedCrowdsale, implemented IndividuallyCappedCrowdsaleImpl.sol and corresponding tests, passed.
* homogeneized use of using SafeMath for uint256 across validation crowdsales. checked that it IS indeed inherited, but leaving it there as per Frans suggestion.
* adding questions.md where I track questions, bugs and progress
* modified VariablePriceCrowdsale, added Impl.
* finished VariablePrice, fixed sign, added test, passing.
* changed VariablePrice to IncreasingPrice, added corresponding require()
* MintedCrowdsale done, mock implemented, test passing
* PremintedCrowdsale done, mocks, tests passing
* checked FinalizableCrowdsale
* PostDeliveryCrowdsale done, mock, tests passing.
* RefundableCrowdsale done. Detached Vault. modified mock and test, passing
* renamed crowdsale-refactor to crowdsale in contracts and test
* deleted HODL old contracts
* polished variable names in tests
* fixed typos and removed comments in tests
* Renamed 'crowdsale-refactor' to 'crowdsale' in all imports
* Fix minor param naming issues in Crowdsale functions and added documentation to Crowdsale.sol
* Added documentation to Crowdsale extensions
* removed residual comments and progress tracking files
* added docs for validation crowdsales
* Made user promises in PostDeliveryCrowdsale public so that users can query their promised token balance.
* added docs for distribution crowdsales
* renamed PremintedCrowdsale to AllowanceCrowdsale
* added allowance check function and corresponding test. fixed filename in AllowanceCrowdsale mock.
* spilt Crowdsale _postValidatePurchase in _postValidatePurchase and _updatePurchasingState. changed IndividuallyCappedCrowdsale accordingly.
* polished tests for linter, salve Travis
* polished IncreasingPriceCrowdsale.sol for linter.
* renamed and polished for linter WhitelistedCrowdsale test.
* fixed indentation in IncreasingPriceCrowdsaleImpl.sol for linter
* fixed ignoring token.mint return value in MintedCrowdsale.sol
* expanded docs throughout, fixed minor issues
* extended test coverage for IndividuallyCappedCrowdsale
* Extended WhitelistedCrwodsale test coverage
* roll back decoupling of RefundVault in RefundableCrowdsale
* moved cap exceedance checks in Capped and IndividuallyCapped crowdsales to _preValidatePurchase to save gas
* revert name change, IndividuallyCapped to UserCapped
* extended docs.
* added crowd whitelisting with tests
* added group capping, plus tests
* added modifiers in TimedCrowdsale and WhitelistedCrowdsale
* polished tests for linter
* moved check of whitelisted to modifier, mainly for testing coverage
* fixed minor ordering/polishingafter review
* modified TimedCrowdsale modifier/constructor ordering
* unchanged truffle-config.js
* changed indentation of visibility modifier in mocks
* changed naming of modifier and function to use Open/Closed for TimedCrowdsale
* changed ordering of constructor calls in SampleCrowdsale
* changed startTime and endTime to openingTime and closingTime throughout
* fixed exceeding line lenght for linter
* renamed _emitTokens to _deliverTokens
* renamed addCrowdToWhitelist to addManyToWhitelist
* renamed UserCappedCrowdsale to IndividuallyCappedCrowdsale
* Modified Gitignore for Sublime
* Added getter functions for public variables
* Added encapsulation to Heritable public variables.
* Added encapsulation to Heritable public variables.
* Added encapsulation to Heritable public variables.
* Updated tests to use getter methods instead of, now, private variables.
* Conformed variable names to current conventions.
* Requested changes
* revert package-lock.json changes
add missing public identifier in approveData in SmartToken contract
remove constact from showMessage function in message helper contract
move Message helper contract to mocks folder
move SmartTokenMock contract to mocks folder
Throwing when trying to burn 0 tokens is an unnecessary special case.
If another contract wants to burn() a variable amount, it should not be forced to deal with this special case of burning 0.
If you don't do this, you'll receive this error:
```
❯ zeppelin npm install zeppelin-solidity
npm WARN saveError ENOENT: no such file or directory, open '/Users/et/package.json'
npm WARN enoent ENOENT: no such file or directory, open '/Users/et/package.json'
npm WARN et No description
npm WARN et No repository field.
npm WARN et No README data
npm WARN et No license field.
+ zeppelin-solidity@1.3.0
updated 1 package in 0.677s
```
The latest test case is not affected since the aproval is for
accounts[1], which does the transaction, and it is independent of
the amount of tokens that accounts[0] might have.
<!-- Briefly describe the issue you're experiencing. Tell us what you were trying to do and what happened instead. -->
<!-- Remember, this is not a place to ask for help debugging code. For that, we welcome you in the OpenZeppelin Community Forum: https://forum.openzeppelin.com/. -->
**💻 Environment**
<!-- Tell us what version of OpenZeppelin Contracts you're using, and how you're using it: Truffle, Remix, etc. -->
**📝 Details**
<!-- Describe the problem you have been experiencing in more detail. Include as much information as you think is relevant. Keep in mind that transactions can fail for many reasons; context is key here. -->
**🔢 Code to reproduce bug**
<!-- We will be able to better help if you provide a minimal example that triggers the bug. -->
*`SafeCast.toUintXX`: new library for integer downcasting, which allows for safe operation on smaller types (e.g. `uint32`) when combined with `SafeMath`. ([#1926](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1926))
*`ERC721Metadata`: added `baseURI`, which can be used for dramatic gas savings when all token URIs share a prefix (e.g. `http://api.myapp.com/tokens/<id>`). ([#1970](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1970))
*`EnumerableSet`: new library for storing enumerable sets of values. Only `AddressSet` is supported in this release. ([#2061](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/2061))
*`Create2`: simple library to make usage of the `CREATE2` opcode easier. ([#1744](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1744))
### Improvements
*`ERC777`: `_burn` is now internal, providing more flexibility and making it easier to create tokens that deflate. ([#1908](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1908))
*`ReentrancyGuard`: greatly improved gas efficiency by using the net gas metering mechanism introduced in the Istanbul hardfork. ([#1992](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1992), [#1996](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1996))
*`ERC777`: improve extensibility by making `_send` and related functions `internal`. ([#2027](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2027))
*`ERC721`: improved revert reason when transferring tokens to a non-recipient contract. ([#2018](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2018))
### Breaking changes
*`ERC165Checker` now requires a minimum Solidity compiler version of 0.5.10. ([#1829](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1829))
## 2.4.0 (2019-10-29)
### New features
*`Address.toPayable`: added a helper to convert between address types without having to resort to low-level casting. ([#1773](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1773))
* Facilities to make metatransaction-enabled contracts through the Gas Station Network. ([#1844](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1844))
*`Address.sendValue`: added a replacement to Solidity's `transfer`, removing the fixed gas stipend. ([#1962](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1962))
* Added replacement for functions that don't forward all gas (which have been deprecated): ([#1976](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1976))
*`SafeMath`: added support for custom error messages to `sub`, `div` and `mod` functions. ([#1828](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1828))
### Improvements
*`Address.isContract`: switched from `extcodesize` to `extcodehash` for less gas usage. ([#1802](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1802))
*`ERC20` and `ERC777` updated to throw custom errors on subtraction overflows. ([#1828](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1828))
### Deprecations
* Deprecated functions that don't forward all gas: ([#1976](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1976))
*`Address` now requires a minimum Solidity compiler version of 0.5.5. ([#1802](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1802))
*`SignatureBouncer` has been removed from drafts, both to avoid confusions with the GSN and `GSNRecipientSignature` (previously called `GSNBouncerSignature`) and because the API was not very clear. ([#1879](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/1879))
### How to upgrade from 2.4.0-beta
The final 2.4.0 release includes a refactor of the GSN contracts that will be a breaking change for 2.4.0-beta users.
* The default empty implementations of `_preRelayedCall` and `_postRelayedCall` were removed and must now be explicitly implemented always in custom recipients. If your custom recipient didn't include an implementation, you can provide an empty one.
*`GSNRecipient`, `GSNBouncerBase`, and `GSNContext` were all merged into `GSNRecipient`.
*`GSNBouncerSignature` and `GSNBouncerERC20Fee` were renamed to `GSNRecipientSignature` and `GSNRecipientERC20Fee`.
* It is no longer necessary to inherit from `GSNRecipient` when using `GSNRecipientSignature` and `GSNRecipientERC20Fee`.
For example, a contract using `GSNBouncerSignature` would have to be changed in the following way.
```diff
-contract MyDapp is GSNRecipient, GSNBouncerSignature {
+contract MyDapp is GSNRecipientSignature {
```
Refer to the table below to adjust your inheritance list.
*`ERC1820`: added support for interacting with the [ERC1820](https://eips.ethereum.org/EIPS/eip-1820) registry contract (`IERC1820Registry`), as well as base contracts that can be registered as implementers there. ([#1677](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1677))
*`ERC777`: support for the [ERC777 token](https://eips.ethereum.org/EIPS/eip-777), which has multiple improvements over `ERC20` (but is backwards compatible with it) such as built-in burning, a more straightforward permission system, and optional sender and receiver hooks on transfer (mandatory for contracts!). ([#1684](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1684))
* All contracts now have revert reason strings, which give insight into error conditions, and help debug failing transactions. ([#1704](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1704))
### Improvements
* Reverted the Solidity version bump done in v2.2.0, setting the minimum compiler version to v0.5.0, to prevent unexpected build breakage. Users are encouraged however to stay on top of new compiler releases, which usually include bugfixes. ([#1729](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1729))
### Bugfixes
*`PostDeliveryCrowdsale`: some validations where skipped when paired with other crowdsale flavors, such as `AllowanceCrowdsale`, or `MintableCrowdsale` and `ERC20Capped`, which could cause buyers to not be able to claim their purchased tokens. ([#1721](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1721))
*`ERC20._transfer`: the `from` argument was allowed to be the zero address, so it was possible to internally trigger a transfer of 0 tokens from the zero address. This address is not a valid destinatary of transfers, nor can it give or receive allowance, so this behavior was inconsistent. It now reverts. ([#1752](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1752))
## 2.2.0 (2019-03-14)
### New features
*`ERC20Snapshot`: create snapshots on demand of the token balances and total supply, to later retrieve and e.g. calculate dividends at a past time. ([#1617](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1617))
*`SafeERC20`: `ERC20` contracts with no return value (i.e. that revert on failure) are now supported. ([#1655](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1655))
*`ERC20`: added internal `_approve(address owner, address spender, uint256 value)`, allowing derived contracts to set the allowance of arbitrary accounts. ([#1609](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1609))
*`TimedCrowdsale`: added internal `_extendTime(uint256 newClosingTime)` as well as `TimedCrowdsaleExtended(uint256 prevClosingTime, uint256 newClosingTime)` event allowing to extend the crowdsale, as long as it hasn't already closed.
### Improvements
* Upgraded the minimum compiler version to v0.5.2: this removes many Solidity warnings that were false positives. ([#1606](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1606))
*`ECDSA`: `recover` no longer accepts malleable signatures (those using upper-range values for `s`, or 0/1 for `v`). ([#1622](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1622))
*`ERC721`'s transfers are now more gas efficient due to removal of unnecessary `SafeMath` calls. ([#1610](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1610))
* (minor) `SafeERC20`: `safeApprove` wasn't properly checking for a zero allowance when attempting to set a non-zero allowance. ([#1647](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1647))
### Breaking changes in drafts
*`TokenMetadata` has been renamed to `ERC20Metadata`. ([#1618](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1618))
* The library `Counter` has been renamed to `Counters` and its API has been improved. See an example in `ERC721`, lines [17](https://github.com/OpenZeppelin/openzeppelin-solidity/blob/3cb4a00fce1da76196ac0ac3a0ae9702b99642b5/contracts/token/ERC721/ERC721.sol#L17) and [204](https://github.com/OpenZeppelin/openzeppelin-solidity/blob/3cb4a00fce1da76196ac0ac3a0ae9702b99642b5/contracts/token/ERC721/ERC721.sol#L204). ([#1610](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1610))
* Removed most of the test suite from the npm package, except `PublicRole.behavior.js`, which may be useful to users testing their own `Roles`.
## 2.1.1 (2019-01-04)
* Version bump to avoid conflict in the npm registry.
## 2.1.0 (2019-01-04)
### New features
* Now targeting the 0.5.x line of Solidity compilers. For 0.4.24 support, use version 2.0 of OpenZeppelin.
*`WhitelistCrowdsale`: a crowdsale where only whitelisted accounts (`WhitelistedRole`) can purchase tokens. Adding or removing accounts from the whitelist is done by whitelist admins (`WhitelistAdminRole`). Similar to the pre-2.0 `WhitelistedCrowdsale`. ([#1525](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1525), [#1589](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1589))
*`RefundablePostDeliveryCrowdsale`: replacement for `RefundableCrowdsale` (deprecated, see below) where tokens are only granted once the crowdsale ends (if it meets its goal). ([#1543](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1543))
*`PausableCrowdsale`: allows for pausers (`PauserRole`) to pause token purchases. Other crowdsale operations (e.g. withdrawals and refunds, if applicable) are not affected. ([#832](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/832))
*`ERC20`: `transferFrom` and `_burnFrom ` now emit `Approval` events, to represent the token's state comprehensively through events. ([#1524](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1524))
*`ERC721`: added `_burn(uint256 tokenId)`, replacing the similar deprecated function (see below). ([#1550](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1550))
*`ERC721`: added `_tokensOfOwner(address owner)`, allowing to internally retrieve the array of an account's owned tokens. ([#1522](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1522))
* Crowdsales: all constructors are now `public`, meaning it is not necessary to extend these contracts in order to deploy them. The exception is `FinalizableCrowdsale`, since it is meaningless unless extended. ([#1564](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1564))
*`SignedSafeMath`: added overflow-safe operations for signed integers (`int256`). ([#1559](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1559), [#1588](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1588))
### Improvements
* The compiler version required by `Array` was behind the rest of the libray so it was updated to `v0.4.24`. ([#1553](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1553))
* Now conforming to a 4-space indentation code style. ([1508](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1508))
*`ERC20`: more gas efficient due to removed redundant `require`s. ([#1409](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1409))
*`ERC721`: fixed a bug that prevented internal data structures from being properly cleaned, missing potential gas refunds. ([#1539](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1539) and [#1549](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1549))
*`ERC721`: general gas savings on `transferFrom`, `_mint` and `_burn`, due to redudant `require`s and `SSTORE`s. ([#1549](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1549))
### Bugfixes
### Breaking changes
### Deprecations
*`ERC721._burn(address owner, uint256 tokenId)`: due to the `owner` parameter being unnecessary. ([#1550](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1550))
*`RefundableCrowdsale`: due to trading abuse potential on crowdsales that miss their goal. ([#1543](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1543))
We really appreciate and value contributions to OpenZeppelin Contracts. Please take 5' to review the items listed below to make sure that your contributions are merged as soon as possible.
These are some global design goals in Zeppelin.
## Contribution guidelines
### D0 - Security in Depth
We strive to provide secure, tested, audited code. To achieve this, we need to match intention with function. Thus, documentation, code clarity, community review and security discussions are fundamental.
Smart contracts manage value and are highly vulnerable to errors and attacks. We have very strict [guidelines], please make sure to review them!
### D1 - Simple and Modular
Simpler code means easier audits, and better understanding of what each component does. We look for small files, small contracts, and small functions. If you can separate a contract into two independent functionalities you should probably do it.
## Creating Pull Requests (PRs)
### D2 - Naming Matters
As a contributor, you are expected to fork this repository, work on your own fork and then submit pull requests. The pull requests will be reviewed and eventually merged into the main repo. See ["Fork-a-Repo"](https://help.github.com/articles/fork-a-repo/) for how this works.
We take our time with picking names. Code is going to be written once, and read hundreds of times. Renaming for clarity is encouraged.
## A typical workflow
### D3 - Tests
1) Make sure your fork is up to date with the main repository:
Write tests for all your code. We encourage Test Driven Development so we know when our code is right. Even though not all code in the repository is tested at the moment, we aim to test every line of code in the future.
NOTE: The directory `openzeppelin-contracts` represents your fork's local copy.
### D4 - Check preconditions and post-conditions
A very important way to prevent vulnerabilities is to catch a contract’s inconsistent state as early as possible. This is why we want functions to check pre- and post-conditions for executing its logic. When writing code, ask yourself what you are expecting to be true before and after the function runs, and express it in code.
### D5 - Code Consistency
Consistency on the way classes are used is paramount to an easier understanding of the library. The codebase should be as unified as possible. Read existing code and get inspired before you write your own. Follow the style guidelines. Don’t hesitate to ask for help on how to best write a specific piece of code.
### D6 - Regular Audits
Following good programming practices is a way to reduce the risk of vulnerabilities, but professional code audits are still needed. We will perform regular code audits on major releases, and hire security professionals to provide independent review.
## Style Guidelines
The design guidelines have quite a high abstraction level. These style guidelines are more concrete and easier to apply, and also more opinionated.
### General
#### G0 - Default to Solidity's official style guide.
Follow the official Solidity style guide: http://solidity.readthedocs.io/en/latest/style-guide.html
#### G1 - No Magic Constants
Avoid constants in the code as much as possible. Magic strings are also magic constants.
#### G2 - Code that Fails Early
We ask our code to fail as soon as possible when an unexpected input was provided or unexpected state was found.
#### G3 - Internal Amounts Must be Signed Integers and Represent the Smallest Units.
Avoid representation errors by always dealing with weis when handling ether. GUIs can convert to more human-friendly representations. Use Signed Integers (int) to prevent underflow problems.
### Testing
#### T1 - Tests Must be Written Elegantly
Style guidelines are not relaxed for tests. Tests are a good way to show how to use the library, and maintaining them is extremely necessary.
Don't write long tests, write helper functions to make them be as short and concise as possible (they should take just a few lines each), and use good variable names.
#### T2 - Tests Must not be Random
Inputs for tests should not be generated randomly. Accounts used to create test contracts are an exception, those can be random. Also, the type and structure of outputs should be checked.
### Documentation
TODO
## Pull Request Workflow
Our workflow is based on GitHub's pull requests. We use feature branches, prepended with: `test`, `feature`, `fix`, `refactor`, or `remove` according to the change the branch introduces. Some examples for such branches are:
```sh
git checkout -b test/some-module
git checkout -b feature/some-new-stuff
git checkout -b fix/some-bug
git checkout -b remove/some-file
2) Branch out from `master` into `fix/some-bug-#123`:
(Postfixing #123 will associate your PR with the issue #123 and make everyone's life easier =D)
```
git checkout -b fix/some-bug-#123
```
We expect pull requests to be rebased to the master branch before merging:
3) Make your changes, add your files, commit, and push to your fork.
```
git add SomeFile.js
git commit "Fix some bug #123"
git push origin fix/some-bug-#123
```
Note that we require rebasing your branch instead of merging it, for commit readability reasons.
4) Run tests, linter, etc. This can be done by running local continuous integration and make sure it passes.
After that, you can push the changes to your fork, by doing:
```sh
git push origin your_branch_name
git push origin feature/some-new-stuff
git push origin fix/some-bug
```bash
npm test
npm run lint
```
Finally go to [github.com/OpenZeppelin/zeppelin-solidity](https://github.com/OpenZeppelin/zeppelin-solidity) in your web browser and issue a new pull request.
or you can simply run CircleCI locally
```bash
circleci local execute --job build
circleci local execute --job test
```
*Note*: requires installing CircleCI and docker locally on your machine.
Main contributors will review your code and possibly ask for changes before your code is pulled in to the main repository. We'll check that all tests pass, review the coding style, and check for general code correctness. If everything is OK, we'll merge your pull request and your code will be part of Zeppelin.
5) Go to [github.com/OpenZeppelin/openzeppelin-contracts](https://github.com/OpenZeppelin/openzeppelin-contracts) in your web browser and issue a new pull request.
If you have any questions feel free to post them to
*IMPORTANT* Read the PR template very carefully and make sure to follow all the instructions. These instructions
refer to some very important conditions that your PR must meet in order to be accepted, such as making sure that all tests pass, JS linting tests pass, Solidity linting tests pass, etc.
6) Maintainers will review your code and possibly ask for changes before your code is pulled in to the main repository. We'll check that all tests pass, review the coding style, and check for general code correctness. If everything is OK, we'll merge your pull request and your code will be part of OpenZeppelin.
*IMPORTANT* Please pay attention to the maintainer's feedback, since its a necessary step to keep up with the standards OpenZeppelin attains to.
## All set!
If you have any questions, feel free to post them to github.com/OpenZeppelin/openzeppelin-contracts/issues.
Finally, if you're looking to collaborate and want to find easy tasks to start, look at the issues we marked as ["Good first issue"](https://github.com/OpenZeppelin/openzeppelin-contracts/labels/good%20first%20issue).
These are some global design goals in OpenZeppelin.
#### D0 - Security in Depth
We strive to provide secure, tested, audited code. To achieve this, we need to match intention with function. Thus, documentation, code clarity, community review and security discussions are fundamental.
#### D1 - Simple and Modular
Simpler code means easier audits, and better understanding of what each component does. We look for small files, small contracts, and small functions. If you can separate a contract into two independent functionalities you should probably do it.
#### D2 - Naming Matters
We take our time with picking names. Code is going to be written once, and read hundreds of times. Renaming for clarity is encouraged.
#### D3 - Tests
Write tests for all your code. We encourage Test Driven Development so we know when our code is right. Even though not all code in the repository is tested at the moment, we aim to test every line of code in the future.
#### D4 - Check preconditions and post-conditions
A very important way to prevent vulnerabilities is to catch a contract’s inconsistent state as early as possible. This is why we want functions to check pre- and post-conditions for executing its logic. When writing code, ask yourself what you are expecting to be true before and after the function runs, and express it in code.
#### D5 - Code Consistency
Consistency on the way classes are used is paramount to an easier understanding of the library. The codebase should be as unified as possible. Read existing code and get inspired before you write your own. Follow the style guidelines. Don’t hesitate to ask for help on how to best write a specific piece of code.
#### D6 - Regular Audits
Following good programming practices is a way to reduce the risk of vulnerabilities, but professional code audits are still needed. We will perform regular code audits on major releases, and hire security professionals to provide independent review.
## Style Guidelines
The design guidelines have quite a high abstraction level. These style guidelines are more concrete and easier to apply, and also more opinionated.
### General
#### G0 - Default to Solidity's official style guide.
Follow the official Solidity style guide: https://solidity.readthedocs.io/en/latest/style-guide.html
#### G1 - No Magic Constants
Avoid constants in the code as much as possible. Magic strings are also magic constants.
#### G2 - Code that Fails Early
We ask our code to fail as soon as possible when an unexpected input was provided or unexpected state was found.
#### G3 - Internal Amounts Must be Signed Integers and Represent the Smallest Units.
Avoid representation errors by always dealing with weis when handling ether. GUIs can convert to more human-friendly representations. Use Signed Integers (int) to prevent underflow problems.
### Testing
#### T1 - Tests Must be Written Elegantly
Style guidelines are not relaxed for tests. Tests are a good way to show how to use the library, and maintaining them is extremely necessary.
Don't write long tests, write helper functions to make them be as short and concise as possible (they should take just a few lines each), and use good variable names.
#### T2 - Tests Must not be Random
Inputs for tests should not be generated randomly. Accounts used to create test contracts are an exception, those can be random. Also, the type and structure of outputs should be checked.
With Zeppelin, you can build distributed applications, protocols and organizations:
- using common contract security patterns (See [Onward with Ethereum Smart Contract Security](https://medium.com/bitcorps-blog/onward-with-ethereum-smart-contract-security-97a827e47702#.y3kvdetbz))
- in the Solidity language.
**A library for secure smart contract development.** Build on a solid foundation of community-vetted code.
## Getting Started
* Implementations of standards like [ERC20](https://docs.openzeppelin.com/contracts/erc20) and [ERC721](https://docs.openzeppelin.com/contracts/erc721).
* Reusable [Solidity components](https://docs.openzeppelin.com/contracts/utilities) to build custom contracts and complex decentralized systems.
* First-class integration with the [Gas Station Network](https://docs.openzeppelin.com/contracts/gsn) for systems with no gas fees!
* Audited by leading security firms.
Zeppelin integrates with [Truffle](https://github.com/ConsenSys/truffle), an Ethereum development environment. Please install Truffle and initialize your project with `truffle init`.
```sh
npm install -g truffle
mkdir myproject &&cd myproject
truffle init
## Overview
### Installation
```console
$ npm install @openzeppelin/contracts
```
To install the Zeppelin library, run:
```sh
npm i zeppelin-solidity
```
OpenZeppelin Contracts features a [stable API](https://docs.openzeppelin.com/contracts/releases-stability#api-stability), which means your contracts won't break unexpectedly when upgrading to a newer minor version.
After that, you'll get all the library's contracts in the `contracts/zeppelin` folder. You can use the contracts in the library like so:
### Usage
```js
import"./zeppelin/Ownable.sol";
Once installed, you can use the contracts in the library by importing them:
> NOTE: The current distribution channel is npm, which is not ideal. [We're looking into providing a better tool for code distribution](https://github.com/OpenZeppelin/zeppelin-solidity/issues/13), and ideas are welcome.
_If you're new to smart contract development, head to [Developing Smart Contracts](https://docs.openzeppelin.com/contracts/learn::developing-smart-contracts) to learn about creating a new project and compiling your contracts._
#### Truffle Beta Support
We also support Truffle Beta npm integration. If you're using Truffle Beta, the contracts in `node_modules` will be enough, so feel free to delete the copies at your `contracts` folder. If you're using Truffle Beta, you can use Zeppelin contracts like so:
To keep your system secure, you should **always** use the installed code as-is, and neither copy-paste it from online sources, nor modify it yourself.
```js
import"zeppelin-solidity/contracts/Ownable.sol";
## Learn More
contractMyContractisOwnable{
...
}
```
The guides in the sidebar will teach about different concepts, and how to use the related contracts that OpenZeppelin Contracts provides:
For more info see [the Truffle Beta package management tutorial](http://truffleframework.com/tutorials/package-management).
* [Access Control](https://docs.openzeppelin.com/contracts/access-control): decide who can perform each of the actions on your system.
* [Tokens](https://docs.openzeppelin.com/contracts/tokens): create tradeable assets or collectives, and distribute them via [Crowdsales](https://docs.openzeppelin.com/contracts/crowdsales).
* [Gas Station Network](https://docs.openzeppelin.com/contracts/gsn): let your users interact with your contracts without having to pay for gas themselves.
* [Utilities](https://docs.openzeppelin.com/contracts/utilities): generic useful tools, including non-overflowing math, signature verification, and trustless paying systems.
The [full API](https://docs.openzeppelin.com/contracts/api/token/ERC20) is also thoroughly documented, and serves as a great reference when developing your smart contract application. You can also ask for help or follow Contracts's development in the [community forum](https://forum.openzeppelin.com).
Finally, you may want to take a look at the [guides on our blog](https://blog.openzeppelin.com/guides), which cover several common use cases and good practices.. The following articles provide great background reading, though please note, some of the referenced tools have changed as the tooling in the ecosystem continues to rapidly evolve.
* [The Hitchhiker’s Guide to Smart Contracts in Ethereum](https://blog.openzeppelin.com/the-hitchhikers-guide-to-smart-contracts-in-ethereum-848f08001f05) will help you get an overview of the various tools available for smart contract development, and help you set up your environment.
* [A Gentle Introduction to Ethereum Programming, Part 1](https://blog.openzeppelin.com/a-gentle-introduction-to-ethereum-programming-part-1-783cc7796094) provides very useful information on an introductory level, including many basic concepts from the Ethereum platform.
* For a more in-depth dive, you may read the guide [Designing the Architecture for Your Ethereum Application](https://blog.openzeppelin.com/designing-the-architecture-for-your-ethereum-application-9cec086f8317), which discusses how to better structure your application and its relationship to the real world.
## Security
Zeppelin is meant to provide secure, tested and community-audited code, but please use common sense when doing anything that deals with real money! We take no responsibility for your implementation decisions and any security problem you might experience.
If you find a security issue, please email [security@openzeppelin.org](mailto:security@openzeppelin.org).
This project is maintained by [OpenZeppelin](https://openzeppelin.com), and developed following our high standards for code quality and security. OpenZeppelin is meant to provide tested and community-audited code, but please use common sense when doing anything that deals with real money! We take no responsibility for your implementation decisions and any security problems you might experience.
## Contracts
The core development principles and strategies that OpenZeppelin is based on include: security in depth, simple and modular code, clarity-driven naming conventions, comprehensive unit testing, pre-and-post-condition sanity checks, code consistency, and regular audits.
### Ownable
Base contract with an owner.
The latest audit was done on October 2018 on version 2.0.0.
#### Ownable( )
Sets the address of the creator of the contract as the owner.
Please report any security issues you find to security@openzeppelin.org.
#### modifier onlyOwner( )
Prevents function from running if it is called by anyone other than the owner.
#### transfer(address newOwner) onlyOwner
Transfers ownership of the contract to the passed address.
---
### Stoppable
Base contract that provides an emergency stop mechanism.
Inherits from contract Ownable.
#### emergencyStop( ) external onlyOwner
Triggers the stop mechanism on the contract. After this function is called (by the owner of the contract), any function with modifier stopInEmergency will not run.
#### modifier stopInEmergency
Prevents function from running if stop mechanism is activated.
Adds sent amount to available balance that payee can pull from this contract, called by payer.
#### withdrawPayments( )
Sends designated balance to payee calling the contract. Throws error if designated balance is 0, if contract does not hold enough funds ot pay the payee, or if the send transaction is not successful.
___
### StandardToken
Based on code by FirstBlood: [FirstBloodToken.sol]
Inherits from contract SafeMath. Implementation of abstract contract ERC20 (see https://github.com/ethereum/EIPs/issues/20)
Transfers tokens from an account that the sender is approved to transfer from. Amount must not be greater than the approved amount or the account's balance.
Transfers tokens from sender's account. Amount must not be greater than sender's balance.
___
### CrowdsaleToken
Simple ERC20 Token example, with crowdsale token creation.
Inherits from contract StandardToken.
#### createTokens(address recipient) payable
Creates tokens based on message value and credits to the recipient.
#### getPrice() constant returns (uint result)
Returns the amount of tokens per 1 ether.
___
### Bounty
To create a bounty for your contract, inherit from the base `Bounty` contract and provide an implementation for `deployContract()` returning the new contract address.
```
import {Bounty, Target} from "./zeppelin/Bounty.sol";
import "./YourContract.sol";
contract YourBounty is Bounty {
function deployContract() internal returns(address) {
return new YourContract()
}
}
```
Next, implement invariant logic into your smart contract.
Your main contract should inherit from the Target class and implement the checkInvariant method. This is a function that should check everything your contract assumes to be true all the time. If this function returns false, it means your contract was broken in some way and is in an inconsistent state. This is what security researchers will try to acomplish when trying to get the bounty.
At contracts/YourContract.sol
```
import {Bounty, Target} from "./zeppelin/Bounty.sol";
contract YourContract is Target {
function checkInvariant() returns(bool) {
// Implement your logic to make sure that none of the invariants are broken.
}
}
```
Next, deploy your bounty contract along with your main contract to the network.
At `migrations/2_deploy_contracts.js`
```
module.exports = function(deployer) {
deployer.deploy(YourContract);
deployer.deploy(YourBounty);
};
```
Next, add a reward to the bounty contract
After deploying the contract, send reward funds into the bounty contract.
From `truffle console`
```
bounty = YourBounty.deployed();
address = 0xb9f68f96cde3b895cc9f6b14b856081b41cb96f1; // your account address
reward = 5; // reward to pay to a researcher who breaks your contract
web3.eth.sendTransaction({
from: address,
to: bounty.address,
value: web3.toWei(reward, "ether")
})
```
If researchers break the contract, they can claim their reward.
For each researcher who wants to hack the contract and claims the reward, refer to our [test](./test/Bounty.js) for the detail.
Finally, if you manage to protect your contract from security researchers, you can reclaim the bounty funds. To end the bounty, kill the contract so that all the rewards go back to the owner.
```
bounty.kill();
```
## More Developer Resources
Building a distributed application, protocol or organization with Zeppelin?
- Ask for help and follow progress at: https://zeppelin-slackin.herokuapp.com/
Interested in contributing to Zeppelin?
- Framework proposal and roadmap: https://medium.com/zeppelin-blog/zeppelin-framework-proposal-and-development-roadmap-fdfa9a3a32ab#.iain47pak
## Collaborating organizations and audits by Zeppelin
- [Golem](https://golem.network/)
- [Mediachain](https://golem.network/)
- [Truffle](http://truffleframework.com/)
- [Firstblood](http://firstblood.io/)
- [Rootstock](http://www.rsk.co/)
- [Consensys](https://consensys.net/)
- [DigixGlobal](https://www.dgx.io/)
- [Coinfund](https://coinfund.io/)
- [DemocracyEarth](http://democracy.earth/)
- [Signatura](https://signatura.co/)
- [Ether.camp](http://www.ether.camp/)
among others...
## Contribute
OpenZeppelin exists thanks to its contributors. There are many ways you can participate and help build high quality software. Check out the [contribution guide](CONTRIBUTING.md)!
## License
Code released under the [MIT License](https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/LICENSE).
OpenZeppelin is released under the [MIT License](LICENSE).
This document describes our release process, and contains the steps to be followed by an OpenZeppelin maintainer at the several stages of a release.
We release a new version of OpenZeppelin monthly. Release cycles are tracked in the [issue milestones](https://github.com/OpenZeppelin/openzeppelin-contracts/milestones).
Each release has at least one release candidate published first, intended for community review and any critical fixes that may come out of it. At the moment we leave 1 week between the first release candidate and the final release.
Before starting make sure to verify the following items.
* Your local `master` branch is in sync with your `upstream` remote (it may have another name depending on your setup).
* Your repo is clean, particularly with no untracked files in the contracts and tests directories. Verify with `git clean -n`.
## Creating the release branch
We'll refer to a release `vX.Y.Z`.
```
git checkout master
git checkout -b release-vX.Y.Z
```
## Creating a release candidate
Once in the release branch, change the version string in `package.json`, `package-lock.json` and `ethpm.json` to `X.Y.Z-rc.R`. (This will be `X.Y.Z-rc.1` for the first release candidate.) Commit these changes and tag the commit as `vX.Y.Z-rc.R`.
```
git add package.json package-lock.json ethpm.json
git commit -m "Release candidate vX.Y.Z-rc.R"
git tag -a vX.Y.Z-rc.R
git push upstream release-vX.Y.Z
git push upstream vX.Y.Z-rc.R
```
Draft the release notes in our [GitHub releases](https://github.com/OpenZeppelin/openzeppelin-contracts/releases). Make sure to mark it as a pre-release! Try to be consistent with our previous release notes in the title and format of the text. Release candidates don't need a detailed changelog, but make sure to include a link to GitHub's compare page.
Once the CI run for the new tag is green, publish on npm under the `next` tag. You should see the contracts compile automatically.
```
npm publish --tag next
```
Publish the release notes on GitHub and the forum, and ask our community manager to announce the release candidate on at least Twitter.
## Creating the final release
Make sure to have the latest changes from `upstream` in your local release branch.
```
git checkout release-vX.Y.Z
git pull upstream
```
Before starting the release process, make one final commit to CHANGELOG.md, including the date of the release.
Change the version string in `package.json`, `package-lock.json` and `ethpm.json` removing the "-rc.R" suffix. Commit these changes and tag the commit as `vX.Y.Z`.
```
git add package.json package-lock.json ethpm.json
git commit -m "Release vX.Y.Z"
git tag -a vX.Y.Z
git push upstream release-vX.Y.Z
git push upstream vX.Y.Z
```
Draft the release notes in GitHub releases. Try to be consistent with our previous release notes in the title and format of the text. Make sure to include a detailed changelog.
Once the CI run for the new tag is green, publish on npm. You should see the contracts compile automatically.
```
npm publish
```
Publish the release notes on GitHub and ask our community manager to announce the release!
Delete the `next` tag in the npm package as there is no longer a release candidate.
```
npm dist-tag rm --otp $2FA_CODE @openzeppelin/contracts next
```
## Merging the release branch
After the final release, the release branch should be merged back into `master`. This merge must not be squashed because it would lose the tagged release commit. Since the GitHub repo is set up to only allow squashed merges, the merge should be done locally and pushed.
Make sure to have the latest changes from `upstream` in your local release branch.
Zeppelin requested that New Alchemy perform an audit of the contracts in their OpenZeppelin library. The OpenZeppelin contracts are a set of contracts intended to be a safe building block for a variety of uses by parties that may not be as sophisticated as the OpenZeppelin team. It is a design goal that the contracts be deployable safely and "as-is".
The contracts are hosted at:
https://github.com/OpenZeppelin/zeppelin-solidity
All the contracts in the "contracts" folder are in scope.
The git commit hash we evaluated is:
9c5975a706b076b7000e8179f8101e0c61024c87
# Disclaimer
The audit makes no statements or warrantees about utility of the code, safety of the code, suitability of the business model, regulatory regime for the business model, or any other statements about fitness of the contracts to purpose, or their bugfree status. The audit documentation is for discussion purposes only.
# Executive Summary
Overall the OpenZeppelin codebase is of reasonably high quality -- it is clean, modular and follows best practices throughout.
It is still in flux as a codebase, and needs better documentation per file as to expected behavior and future plans. It probably needs more comprehensive and aggressive tests written by people less nice than the current OpenZeppelin team.
We identified two critical errors and one moderate issue, and would not recommend this commit hash for public use until these bugs are remedied.
The repository includes a set of Truffle unit tests, a requirement and best practice for smart contracts like these; we recommend these be bulked up.
# Discussion
## Big Picture: Is This A Worthwhile Project?
As soon as a developer touches OpenZeppelin contracts, they will modify something, leaving them in an un-audited state. We do not recommend developers deploy any unaudited code to the Blockchain if it will handle money, information or other things of value.
> "In accordance with Unix philosophy, Perl gives you enough rope to hang yourself"
> --Larry Wall
We think this is an incredibly worthwhile project -- aided by the high code quality. Creating a framework that can be easily extended helps increase the average code quality on the Blockchain by charting a course for developers and encouraging containment of modifications to certain sections.
> "Rust: The language that makes you take the safety off before shooting yourself in the foot"
> -- (@mbrubeck)
We think much more could be done here, and recommend the OpenZeppelin team keep at this and keep focusing on the design goal of removing rope and adding safety.
## Solidity Version Updates Recommended
Most of the code uses Solidity 0.4.11, but some files under `Ownership` are marked 0.4.0. These should be updated.
Solidity 0.4.10 will add several features which could be useful in these contracts:
-`assert(condition)`, which throws if the condition is false
-`revert()`, which rolls back without consuming all remaining gas.
-`address.transfer(value)`, which is like `send` but automatically propagates exceptions, and supports `.gas()`. See https://github.com/ethereum/solidity/issues/610 for more on this.
## Error Handling: Throw vs Return False
Solidity standards allow two ways to handle an error -- either calling `throw` or returning `false`. Both have benefits. In particular, a `throw` guarantees a complete wipe of the call stack (up to the preceding external call), whereas `false` allows a function to continue.
In general we prefer `throw` in our code audits, because it is simpler -- it's less for an engineer to keep track of. Returning `false` and using logic to check results can quickly become a poorly-tracked state machine, and this sort of complexity can cause errors.
In the OpenZeppelin contracts, both styles are used in different parts of the codebase. `SimpleToken` transfers throw upon failure, while the full ERC20 token returns `false`. Some modifiers `throw`, others just wrap the function body in a conditional, effectively allowing the function to return false if the condition is not met.
We don't love this, and would usually recommend you stick with one style or the other throughout the codebase.
In at least one case, these different techniques are combined cleverly (see the Multisig comments, line 65). As a set of contracts intended for general use, we recommend you either strive for more consistency or document explicit design criteria that govern which techniques are used where.
Note that it may be impossible to use either one in all situations. For example, SafeMath functions pretty much have to throw upon failure, but ERC20 specifies returning booleans. Therefore we make no particular recommendations, but simply point out inconsistencies to consider.
# Critical Issues
## Stuck Ether in Crowdsale contract
CrowdsaleToken.sol has no provision for withdrawing the raised ether. We *strongly* recommend a standard `withdraw` function be added. There is no scenario in which someone should deploy this contract as is, whether for testing or live.
## Recursive Call in MultisigWallet
Line 45 of `MultisigWallet.sol` checks if the amount being sent by `execute` is under a daily limit.
This function can only be called by the "Owner". As a first angle of attack, it's worth asking what will happen if the multisig wallet owners reset the daily limit by approving a call to `resetSpentToday`.
If a chain of calls can be constructed in which the owner confirms the `resetSpentToday` function and then withdraws through `execute` in a recursive call, the contract can be drained. In fact, this could be done without a recursive call, just through repeated `execute` calls alternating with the `confirm` calls.
We are still working through the confirmation protocol in `Shareable.sol`, but we are not convinced that this is impossible, in fact it looks possible. The flexibility any shared owner has in being able to revoke confirmation later is another worrisome angle of approach even if some simple patches are included.
This bug has a number of causes that need to be addressed:
1.`resetSpentToday` and `confirm` together do not limit the days on which the function can be called or (it appears) the number of times it can be called.
1. Once a call has been confirmed and `execute`d it appears that it can be re-executed. This is not good.
3.`confirmandCheck` doesn't seem to have logic about whether or not the function in question has been called.
4. Even if it did, `revoke` would need updates and logic to deal with revocation requests after a function call had been completed.
We do not recommend using the MultisigWallet until these issues are fixed.
# Moderate to Minor Issues
## PullPayment
PullPayment.sol needs some work. It has no explicit provision for cancelling a payment. This would be desirable in a number of scenarios; consider a payee losing their wallet, or giving a griefing address, or just an address that requires more than the default gas offered by `send`.
`asyncSend` has no overflow checking. This is a bad plan. We recommend overflow and underflow checking at the layer closest to the data manipulation.
`asyncSend` allows more balance to be queued up for sending than the contract holds. This is probably a bad idea, or at the very least should be called something different. If the intent is to allow this, it should have provisions for dealing with race conditions between competing `withdrawPayments` calls.
It would be nice to see how many payments are pending. This would imply a bit of a rewrite; we recommend this contract get some design time, and that developers don't rely on it in its current state.
## Shareable Contract
We do not believe the `Shareable.sol` contract is ready for primetime. It is missing functions, and as written may be vulnerable to a reordering attack -- an attack in which a miner or other party "racing" with a smart contract participant inserts their own information into a list or mapping.
The confirmation and revocation code needs to be looked over with a very careful eye imagining extraordinarily bad behavior by shared owners before this contract can be called safe.
No sanity checks on the initial constructor's `required` argument are worrisome as well.
# Line by Line Comments
## Lifecycle
### Killable
Very simple, allows owner to call selfdestruct, sending funds to owner. No issues. However, note that `selfdestruct` should typically not be used; it is common that a developer may want to access data in a former contract, and they may not understand that `selfdestruct` limits access to the contract. We recommend better documentation about this dynamic, and an alternate function name for `kill` like `completelyDestroy` while `kill` would perhaps merely send funds to the owner.
Also note that a killable function allows the owner to take funds regardless of other logic. This may be desirable or undesirable depending on the circumstances. Perhaps `Killable` should have a different name as well.
### Migrations
I presume that the goal of this contract is to allow and annotate a migration to a new smart contract address. We are not clear here how this would be accomplished by the code; we'd like to review with the OpenZeppelin team.
### Pausable
We like these pauses! Note that these allow significant griefing potential by owners, and that this might not be obvious to participants in smart contracts using the OpenZeppelin framework. We would recommend that additional sample logic be added to for instance the TokenContract showing safer use of the pause and resume functions. In particular, we would recommend a timelock after which anyone could unpause the contract.
The modifers use the pattern `if(bool){_;}`. This is fine for functions that return false upon failure, but could be problematic for functions expected to throw upon failure. See our comments above on standardizing on `throw` or `return(false)`.
## Ownership
### Ownable
Line 19: Modifier throws if doesn't meet condition, in contrast to some other inheritable modifiers (e.g. in Pausable) that use `if(bool){_;}`.
### Claimable
Inherits from Ownable but the existing owner sets a pendingOwner who has to claim ownership.
Line 17: Another modifier that throws.
### DelayedClaimable
Is there any reason to descend from Ownable directly, instead of just Claimable, which descends from Ownable? If not, descending from both just adds confusion.
### Contactable
Allows owner to set a public string of contract information. No issues.
### Shareable
This needs some work. Doesn't check if `_required <= len(_owners)` for instance, that would be a bummer. What if _required were like `MAX - 1`?
I have a general concern about the difference between `owners`, `_owners`, and `owner` in `Ownable.sol`. I recommend "Owners" be renamed. In general we do not recomment single character differences in variable names, although a preceding underscore is not uncommon in Solidity code.
Line 34: "this contract only has six types of events"...actually only two.
Line 61: Why is `ownerIndex` keyed by addresses hashed to `uint`s? Why not use the addresses directly, so `ownerIndex` is less obscure, and so there's stronger typing?
Line 62: Do not love `++i) ... owners[2+ i]`. Makes me do math, which is not what I want to do. I want to not have to do math.
There should probably be a function for adding a new operation, so the developer doesn't have to work directly with the internal data. (This would make the multisig contract even shorter.)
There's a `revoke` function but not a `propose` function that we can see.
Beware reordering. If `propose` allows the user to choose a bytes string for their proposal, bad things(TM) will happen as currently written.
### Multisig
Just an interface. Note it allows changing an owner address, but not changing the number of owners. This is somewhat limiting but also simplifies implementation.
## Payment
### PullPayment
Safe from reentrance attack since ether send is at the end, plus it uses `.send()` rather than `.call.value()`.
There's an argument to be made that `.call.value()` is a better option *if* you're sure that it will be done after all state updates, since `.send` will fail if the recipient has an expensive fallback function. However, in the context of a function meant to be embedded in other contracts, it's probably better to use `.send`. One possible compromise is to add a function which allows only the owner to send ether via `.call.value`.
If you don't use `call.value` you should implement a `cancel` function in case some value is pending here.
Line 14:
Doesn't use safeAdd. Although it appears that payout amounts can only be increased, in fact the payer could lower the payout as much as desired via overflow. Also, the payer could add a large non-overflowing amount, causing the payment to exceed the contract balance and therefore fail when withdraw is attempted.
Recommendation: track the sum of non-withdrawn asyncSends, and don't allow a new one which exceeds the leftover balance. If it's ever desirable to make payments revocable, it should be done explicitly.
## Tokens
### ERC20
Standard ERC20 interface only.
There's a security hole in the standard, reported at Edcon: `approve` does not protect against race conditions and simply replaces the current value. An approved spender could wait for the owner to call `approve` again, then attempt to spend the old limit before the new limit is applied. If successful, this attacker could successfully spend the sum of both limits.
This could be fixed by either (1) including the old limit as a parameter, so the update will fail if some gets spent, or (2) using the value parameter as a delta instead of replacement value.
This is not fixable while adhering to the current full ERC20 standard, though it would be possible to add a "secureApprove" function. The impact isn't extreme since at least you can only be attacked by addresses you approved. Also, users could mitigate this by always setting spending limits to zero and checking for spends, before setting the new limit.
Simpler interface skipping the Approve function. Note this departs from ERC20 in another way: transfer throws instead of returning false.
### BasicToken
Uses `SafeSub` and `SafeMath`, so transfer `throw`s instead of returning false. This complies with ERC20Basic but not the actual ERC20 standard.
### StandardToken
Implementation of full ERC20 token.
Transfer() and transferFrom() use SafeMath functions, which will cause them to throw instead of returning false. Not a security issue but departs from standard.
### SimpleToken
Sample instantiation of StandardToken. Note that in this sample, decimals is 18 and supply only 10,000, so the supply is a small fraction of a single nominal token.
### CrowdsaleToken
StandardToken which mints tokens at a fixed price when sent ether.
There's no provision for owner withdrawing the ether. As a sample for crowdsales it should be Ownable and allow the owner to withdraw ether, rather than stranding the ether in the contract.
Note: an alternative pattern is a mint() function which is only callable from a separate crowdsale contract, so any sort of rules can be added without modifying the token itself.
### VestedToken
Lines 23, 27:
Functions `transfer()` and `transferFrom()` have a modifier canTransfer which throws if not enough tokens are available. However, transfer() returns a boolean success. Inconsistent treatment of failure conditions may cause problems for other contracts using the token. (Note that transferableTokens() relies on safeSub(), so will also throw if there's insufficient balance.)
Line 64:
Delete not actually necessary since the value is overwritten in the next line anyway.
## Root level
### Bounty
Avoids potential race condition by having each researcher deploy a separate contract for attack; if a research manages to break his associated contract, other researchers can't immediately claim the reward, they have to reproduce the attack in their own contracts.
A developer could subvert this intent by implementing `deployContract()` to always return the same address. However, this would break the `researchers` mapping, updating the researcher address associated with the contract. This could be prevented by blocking rewrites in `researchers`.
### DayLimit
The modifier `limitedDaily` calls `underLimit`, which both checks that the spend is below the daily limit, and adds the input value to the daily spend. This is fine if all functions throw upon failure. However, not all OpenZeppelin functions do this; there are functions that returns false, and modifiers that wrap the function body in `if (bool) {_;}`. In these cases, `_value` will be added to `spentToday`, but ether may not actually be sent because other preconditions were not met. (However in the OpenZeppelin multisig this is not a problem.)
Lines 4, 11:
Comment claims that `DayLimit` is multiowned, and Shareable is imported, but DayLimit does not actually inherit from Shareable. The intent may be for child contracts to inherit from Shareable (as Multisig does); in this case the import should be removed and the comment altered.
Line 46:
Manual overflow check instead of using safeAdd. Since this is called from a function that throws upon failure anyway, there's no real downside to using safeAdd.
### LimitBalance
No issues.
### MultisigWallet
Lines 28, 76, 80:
`kill`, `setDailyLimit`, and `resetSpentToday` only happen with multisig approval, and hashes for these actions are logged by Shareable. However, they should probably post their own events for easy reading.
Line 45:
This call to underLimit will reduce the daily limit, and then either throw or return 0. So in this case there's no danger that the limit will be reduced without the operation going through.
Line 65:
Shareable's onlyManyOwners will take the user's confirmation, and execute the function body if and only if enough users have confirmed. Whole thing throws if the send fails, which will roll back the confirmation. Confirm returns false if not enough have confirmed yet, true if the whole thing succeeds, and throws only in the exceptional circumstance that the designated transaction unexpectedly fails. Elegant design.
Line 68:
Throw here is good but note this function can fail either by returning false or by throwing.
Line 92:
A bit odd to split `clearPending()` between this contract and Shareable. However this does allow contracts inheriting from Shareable to use custom structs for pending transactions.
### SafeMath
Another interesting comment from the same Edcon presentation was that the overflow behavior of Solidity is undocumented, so in theory, source code that relies on it could break with a future revision.
However, compiled code should be fine, and in the unlikely event that the compiler is revised in this way, there should be plenty of warning. (But this is an argument for keeping overflow checks isolated in SafeMath.)
* This bounty will pay out to a researcher if they break invariant logic of the contract.
*/
contractBountyisPullPayment,Killable{
Targettarget;
boolpublicclaimed;
mapping(address=>address)publicresearchers;
eventTargetCreated(addresscreatedAddress);
function()payable{
if(claimed)throw;
}
functioncreateTarget()returns(Target){
target=Target(deployContract());
researchers[target]=msg.sender;
TargetCreated(target);
returntarget;
}
functiondeployContract()internalreturns(address);
functioncheckInvariant()returns(bool){
returntarget.checkInvariant();
}
functionclaim(Targettarget){
addressresearcher=researchers[target];
if(researcher==0)throw;
// Check Target contract invariants
if(target.checkInvariant()){
throw;
}
asyncSend(researcher,this.balance);
claimed=true;
}
}
/*
* Target
*
* Your main contract should inherit from this class and implement the checkInvariant method. This is a function that should check everything your contract assumes to be true all the time. If this function returns false, it means your contract was broken in some way and is in an inconsistent state. This is what security researchers will try to acomplish when trying to get the bounty.
* @dev Internal function that mints the gas payment token. Derived contracts should expose this function in their public API, with proper access control mechanisms.
This set of contracts provide all the tools required to make a contract callable via the https://gsn.openzeppelin.com[Gas Station Network].
TIP: If you're new to the GSN, head over to our xref:learn::sending-gasless-transactions.adoc[overview of the system] and basic guide to xref:ROOT:gsn.adoc[creating a GSN-capable contract].
The core contract a recipient must inherit from is {GSNRecipient}: it includes all necessary interfaces, as well as some helper methods to make interacting with the GSN easier.
Utilities to make writing xref:ROOT:gsn-strategies.adoc[GSN strategies] easy are available in {GSNRecipient}, or you can simply use one of our pre-made strategies:
* {GSNRecipientERC20Fee} charges the end user for gas costs in an application-specific xref:ROOT:tokens.adoc#ERC20[ERC20 token]
* {GSNRecipientSignature} accepts all relayed calls that have been signed by a trusted third party (e.g. a private key in a backend)
You can also take a look at the two contract interfaces that make up the GSN protocol: {IRelayRecipient} and {IRelayHub}, but you won't need to use those directly.
* Based on https://github.com/ethereum/dapp-bin/blob/master/wallet/wallet.sol
*
* inheritable "property" contract that enables methods to be protected by requiring the acquiescence of either a single, or, crucially, each of a number of, designated owners.
*
* usage:
* use modifiers onlyowner (just own owned) or onlymanyowners(hash), whereby the same hash must be provided by some number (specified in constructor) of the set of owners (specified in the constructor) before the interior is executed.
*/
contractShareable{
// TYPES
// struct for the status of a pending operation.
structPendingState{
uintyetNeeded;
uintownersDone;
uintindex;
}
// FIELDS
// the number of owners that must confirm the same operation before it is run.
uintpublicrequired;
// list of owners
uint[256]owners;
uintconstantc_maxOwners=250;
// index on the list of owners to allow reverse lookup
mapping(uint=>uint)ownerIndex;
// the ongoing operations.
mapping(bytes32=>PendingState)pendings;
bytes32[]pendingsIndex;
// EVENTS
// this contract only has six types of events: it can accept a confirmation, in which case
// we record owner and operation (hash) alongside it.
eventConfirmation(addressowner,bytes32operation);
eventRevoke(addressowner,bytes32operation);
// MODIFIERS
// simple single-sig function modifier.
modifieronlyOwner{
if(isOwner(msg.sender))
_;
}
// multi-sig function modifier: the operation must have an intrinsic hash in order
// that later attempts can be realised as the same underlying operation and
// thus count as confirmations.
modifieronlymanyowners(bytes32_operation){
if(confirmAndCheck(_operation))
_;
}
// CONSTRUCTOR
// constructor is given number of sigs required to do protected "onlymanyowners" transactions
// as well as the selection of addresses capable of confirming them.
Contracts in this category should be considered unstable. They are as thoroughly reviewed as everything else in OpenZeppelin Contracts, but we have doubts about their API so we don't commit to backwards compatibility. This means these contracts can receive breaking changes in a minor version, so you should pay special attention to the changelog when upgrading. For anything that is outside of this category you can read more about xref:ROOT:api-stability.adoc[API Stability].
NOTE: This page is incomplete. We're working to improve it for the next release. Stay tuned!
This set of interfaces and contracts deal with [type introspection](https://en.wikipedia.org/wiki/Type_introspection) of contracts, that is, examining which functions can be called on them. This is usually referred to as a contract's _interface_.
Ethereum contracts have no native concept of an interface, so applications must usually simply trust they are not making an incorrect call. For trusted setups this is a non-issue, but often unknown and untrusted third-party addresses need to be interacted with. There may even not be any direct calls to them! (e.g. `ERC20` tokens may be sent to a contract that lacks a way to transfer them out of it, locking them forever). In these cases, a contract _declaring_ its interface can be very helpful in preventing errors.
There are two main ways to approach this.
* Locally, where a contract implements `IERC165` and declares an interface, and a second one queries it directly via `ERC165Checker`.
* Globally, where a global and unique registry (`IERC1820Registry`) is used to register implementers of a certain interface (`IERC1820Implementer`). It is then the registry that is queried, which allows for more complex setups, like contracts implementing interfaces for externally-owned accounts.
Note that, in all cases, accounts simply _declare_ their interfaces, but they are not required to actually implement them. This mechanism can therefore be used to both prevent errors and allow for complex interactions (see `ERC777`), but it must not be relied on for security.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
