tessl/npm-openzeppelin--contracts-upgradeable
Secure Smart Contract library for Solidity with upgradeable implementations of standards like ERC20 and ERC721, flexible role-based permissioning schemes, and reusable components for building custom contracts and complex decentralized systems.
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
security-utilities.mddocs/
Security Utilities
Essential security patterns including reentrancy guards, pausable functionality, multicall batching, and cryptographic utilities for signature verification and secure smart contract development.
Capabilities
Reentrancy Guard
Protection against reentrancy attacks using storage-based guards.
/**
* @dev Contract module that helps prevent reentrant calls
*/
abstract contract ReentrancyGuardUpgradeable {
function __ReentrancyGuard_init() internal onlyInitializing;
/**
* @dev Prevents a contract from calling itself, directly or indirectly
*/
modifier nonReentrant();
}
/**
* @dev Variant using transient storage (EIP-1153)
*/
abstract contract ReentrancyGuardTransientUpgradeable {
function __ReentrancyGuardTransient_init() internal onlyInitializing;
/**
* @dev Prevents reentrancy using transient storage
*/
modifier nonReentrant();
}Pausable Contract
Emergency pause functionality for contracts.
/**
* @dev Contract module which allows children to implement an emergency stop mechanism
*/
abstract contract PausableUpgradeable {
function __Pausable_init() internal onlyInitializing;
/**
* @dev Returns true if the contract is paused
*/
function paused() external view returns (bool);
/**
* @dev Modifier to make a function callable only when the contract is not paused
*/
modifier whenNotPaused();
/**
* @dev Modifier to make a function callable only when the contract is paused
*/
modifier whenPaused();
/**
* @dev Triggers stopped state (internal function)
*/
function _pause() internal;
/**
* @dev Returns to normal state (internal function)
*/
function _unpause() internal;
}
// Events
event Paused(address account);
event Unpaused(address account);Multicall
Batch multiple function calls in a single transaction.
/**
* @dev Provides a function to batch together multiple calls
*/
abstract contract MulticallUpgradeable {
function __Multicall_init() internal onlyInitializing;
/**
* @dev Receives and executes a batch of function calls on this contract
*/
function multicall(bytes[] calldata data) external returns (bytes[] memory results);
}Nonce Management
Nonce tracking for signature-based operations.
/**
* @dev Provides tracking nonces for addresses
*/
abstract contract NoncesUpgradeable {
function __Nonces_init() internal onlyInitializing;
/**
* @dev Returns the current nonce for owner
*/
function nonces(address owner) external view returns (uint256);
/**
* @dev Consumes a nonce and returns the current value
*/
function _useNonce(address owner) internal returns (uint256);
/**
* @dev Consumes a specific nonce
*/
function _useCheckedNonce(address owner, uint256 nonce) internal;
}
/**
* @dev Variant that supports keyed nonces
*/
abstract contract NoncesKeyedUpgradeable {
function __NoncesKeyed_init() internal onlyInitializing;
/**
* @dev Returns the nonce for owner and key
*/
function nonces(address owner, bytes32 key) external view returns (uint256);
/**
* @dev Consumes a keyed nonce
*/
function _useNonce(address owner, bytes32 key) internal returns (uint256);
/**
* @dev Consumes a specific keyed nonce
*/
function _useCheckedNonce(address owner, bytes32 key, uint256 nonce) internal;
}Cryptographic Utilities
EIP-712 Domain Separator
/**
* @dev Implementation of EIP-712 domain separator and typed data hashing
*/
abstract contract EIP712Upgradeable {
function __EIP712_init(string memory name, string memory version) internal onlyInitializing;
/**
* @dev Returns the domain separator for the current chain
*/
function _domainSeparatorV4() internal view returns (bytes32);
/**
* @dev Hash typed data according to EIP-712
*/
function _hashTypedDataV4(bytes32 structHash) internal view returns (bytes32);
/**
* @dev Returns the fields and values that describe the domain separator
*/
function eip712Domain() external view returns (
bytes1 fields,
string memory name,
string memory version,
uint256 chainId,
address verifyingContract,
bytes32 salt,
uint256[] memory extensions
);
}Interface Detection (ERC-165)
/**
* @dev Implementation of the ERC-165 standard for interface detection
*/
abstract contract ERC165Upgradeable {
function __ERC165_init() internal onlyInitializing;
/**
* @dev Returns true if this contract implements the interface defined by interfaceId
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}Signature Verification
/**
* @dev ECDSA signature verification utilities
*/
library ECDSAUpgradeable {
/**
* @dev Recovers the signer of the hash using ECDSA
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address);
/**
* @dev Recovers signer from hash and signature components
*/
function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address);
/**
* @dev Returns an Ethereum Signed Message, created from a hash
*/
function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32);
/**
* @dev Returns an Ethereum Signed Message, created from a string
*/
function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32);
}
/**
* @dev P256 (secp256r1) signature verification
*/
library P256Upgradeable {
/**
* @dev Verifies a P256 signature
*/
function verify(bytes32 hash, bytes32 r, bytes32 s, bytes32 x, bytes32 y) internal view returns (bool);
}
/**
* @dev RSA signature verification utilities
*/
library RSAUpgradeable {
/**
* @dev Verifies an RSA signature using PKCS1 v1.5 padding
*/
function pkcs1Sha256(bytes memory message, bytes memory signature, bytes memory modulus, bytes memory exponent) internal view returns (bool);
}Cryptographic Signers
Modular signature verification contracts that implement various cryptographic signature schemes for smart contract accounts.
ECDSA Signer
/**
* @dev ECDSA signature verification signer for account abstraction
*/
abstract contract SignerECDSAUpgradeable {
function __SignerECDSA_init(address signerAddr) internal onlyInitializing;
/**
* @dev Sets the signer address
*/
function _setSigner(address signerAddr) internal;
/**
* @dev Validates an ECDSA signature
*/
function _validateSignature(bytes32 hash, bytes calldata signature) internal view returns (bool);
}P256 Signer
/**
* @dev P256 (secp256r1) signature verification signer
*/
abstract contract SignerP256Upgradeable {
function __SignerP256_init(bytes32 qx, bytes32 qy) internal onlyInitializing;
/**
* @dev Sets the P256 public key
*/
function _setSigner(bytes32 qx, bytes32 qy) internal;
/**
* @dev Validates a P256 signature
*/
function _validateSignature(bytes32 hash, bytes calldata signature) internal view returns (bool);
}RSA Signer
/**
* @dev RSA signature verification signer
*/
abstract contract SignerRSAUpgradeable {
function __SignerRSA_init(bytes memory e, bytes memory n) internal onlyInitializing;
/**
* @dev Sets the RSA public key (exponent and modulus)
*/
function _setSigner(bytes memory e, bytes memory n) internal;
/**
* @dev Validates an RSA signature
*/
function _validateSignature(bytes32 hash, bytes calldata signature) internal view returns (bool);
}ERC-7913 Signer
/**
* @dev ERC-7913 standard signature verification signer
*/
abstract contract SignerERC7913Upgradeable {
function __SignerERC7913_init(bytes memory data) internal onlyInitializing;
/**
* @dev Sets the ERC-7913 signer data
*/
function _setSigner(bytes memory data) internal;
/**
* @dev Validates an ERC-7913 signature
*/
function _validateSignature(bytes32 hash, bytes calldata signature) internal view returns (bool);
}Multi-Signature ERC-7913
/**
* @dev Multi-signature verification using ERC-7913
*/
abstract contract MultiSignerERC7913Upgradeable {
function __MultiSignerERC7913_init(bytes[] memory signers) internal onlyInitializing;
/**
* @dev Sets multiple ERC-7913 signers
*/
function _setSigners(bytes[] memory signers) internal;
/**
* @dev Validates multiple signatures
*/
function _validateSignature(bytes32 hash, bytes calldata signature) internal view returns (bool);
}
/**
* @dev Weighted multi-signature verification using ERC-7913
*/
abstract contract MultiSignerERC7913WeightedUpgradeable {
function __MultiSignerERC7913Weighted_init(bytes[] memory signers, uint256[] memory weights, uint256 threshold) internal onlyInitializing;
/**
* @dev Sets weighted signers and threshold
*/
function _setSigners(bytes[] memory signers, uint256[] memory weights, uint256 threshold) internal;
/**
* @dev Validates weighted signatures against threshold
*/
function _validateSignature(bytes32 hash, bytes calldata signature) internal view returns (bool);
}Draft ERC-7739
/**
* @dev Draft ERC-7739 implementation for advanced signature schemes
*/
abstract contract ERC7739Upgradeable {
function __ERC7739_init(bytes memory config) internal onlyInitializing;
/**
* @dev Validates ERC-7739 signatures
*/
function _validateSignature(bytes32 hash, bytes calldata signature) internal view returns (bool);
}Context Utilities
Base context functionality for message handling.
/**
* @dev Provides information about the current execution context
*/
abstract contract ContextUpgradeable {
function __Context_init() internal onlyInitializing;
/**
* @dev Returns the sender of the transaction
*/
function _msgSender() internal view returns (address);
/**
* @dev Returns the call data
*/
function _msgData() internal view returns (bytes calldata);
/**
* @dev Returns the length of the context suffix
*/
function _contextSuffixLength() internal view returns (uint256);
}Usage Examples
Secure Token with Multiple Protections
import {ERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
import {PausableUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/PausableUpgradeable.sol";
import {ReentrancyGuardUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
contract SecureToken is ERC20Upgradeable, PausableUpgradeable, ReentrancyGuardUpgradeable, OwnableUpgradeable {
function initialize(address initialOwner) initializer public {
__ERC20_init("SecureToken", "STK");
__Pausable_init();
__ReentrancyGuard_init();
__Ownable_init(initialOwner);
}
function mint(address to, uint256 amount) public onlyOwner whenNotPaused {
_mint(to, amount);
}
function transfer(address to, uint256 amount) public override whenNotPaused nonReentrant returns (bool) {
return super.transfer(to, amount);
}
function pause() public onlyOwner {
_pause();
}
function unpause() public onlyOwner {
_unpause();
}
}Multicall Integration
import {MulticallUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/MulticallUpgradeable.sol";
contract BatchOperations is MulticallUpgradeable, OwnableUpgradeable {
function initialize(address initialOwner) initializer public {
__Multicall_init();
__Ownable_init(initialOwner);
}
function setValues(uint256[] calldata ids, uint256[] calldata values) external onlyOwner {
require(ids.length == values.length, "Length mismatch");
for (uint256 i = 0; i < ids.length; i++) {
// Set values
}
}
// Users can batch multiple setValues calls in one transaction using multicall
}EIP-712 Signature Verification
import {EIP712Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/cryptography/EIP712Upgradeable.sol";
import {ECDSAUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/cryptography/ECDSAUpgradeable.sol";
import {NoncesUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/NoncesUpgradeable.sol";
contract SignatureVerifier is EIP712Upgradeable, NoncesUpgradeable {
bytes32 private constant PERMIT_TYPEHASH = keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
function initialize() initializer public {
__EIP712_init("SignatureVerifier", "1");
__Nonces_init();
}
function permit(
address owner,
address spender,
uint256 value,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
) external {
require(block.timestamp <= deadline, "Permit expired");
bytes32 structHash = keccak256(abi.encode(
PERMIT_TYPEHASH,
owner,
spender,
value,
_useNonce(owner),
deadline
));
bytes32 hash = _hashTypedDataV4(structHash);
address signer = ECDSAUpgradeable.recover(hash, v, r, s);
require(signer == owner, "Invalid signature");
// Process permit
}
}Install with Tessl CLI
npx tessl i tessl/npm-openzeppelin--contracts-upgradeable