tessl/npm-openzeppelin--contracts
Secure Smart Contract library for Solidity with battle-tested implementations of token standards, access control, governance, and essential utilities for building decentralized applications.
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
security-utilities.mddocs/
Security Utilities
Essential security patterns and utilities for protecting smart contracts against common vulnerabilities including reentrancy attacks, access control bypass, signature malleability, and unsafe operations.
Capabilities
Reentrancy Protection
Protection against reentrancy attacks through state-based guards that prevent recursive function calls.
/**
* @dev Contract module that helps prevent reentrant calls to a function.
*/
abstract contract ReentrancyGuard {
/**
* @dev Prevents a contract from calling itself, directly or indirectly.
* Cannot be applied to a function with nonReentrant modifier.
*/
modifier nonReentrant();
/**
* @dev Returns true if the reentrancy guard is currently set to "entered"
*/
function _reentrancyGuardEntered() internal view returns (bool);
}
/**
* @dev Variant of {ReentrancyGuard} that uses transient storage for more efficient reentrancy protection.
* Available since Solidity 0.8.24 on networks with EIP-1153 support.
*/
abstract contract ReentrancyGuardTransient {
/**
* @dev Prevents reentrancy using transient storage for gas efficiency
*/
modifier nonReentrant();
/**
* @dev Returns true if the reentrancy guard is currently set to "entered"
*/
function _reentrancyGuardEntered() internal view returns (bool);
}Usage Example:
import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
contract MyContract is ReentrancyGuard {
mapping(address => uint256) public balances;
function withdraw() external nonReentrant {
uint256 amount = balances[msg.sender];
balances[msg.sender] = 0;
payable(msg.sender).transfer(amount);
}
}Emergency Pause Functionality
Circuit breaker mechanism for emergency stops and controlled contract operations.
/**
* @dev Provides emergency stop mechanism through pausing functionality.
*/
abstract contract Pausable is Context {
/**
* @dev Returns true if the contract is paused, and false otherwise
*/
function paused() public view virtual returns (bool);
/**
* @dev Triggers stopped state (can only be called when not paused)
*/
function _pause() internal virtual whenNotPaused;
/**
* @dev Returns to normal state (can only be called when paused)
*/
function _unpause() internal virtual whenPaused;
/**
* @dev Modifier to make a function callable only when the contract is not paused
*/
modifier whenNotPaused();
/**
* @dev Modifier to make a function callable only when the contract is paused
*/
modifier whenPaused();
/**
* @dev Throws if the contract is paused
*/
function _requireNotPaused() internal view;
/**
* @dev Throws if the contract is not paused
*/
function _requirePaused() internal view;
}Usage Example:
import "@openzeppelin/contracts/utils/Pausable.sol";
import "@openzeppelin/contracts/access/Ownable.sol";
contract MyContract is Pausable, Ownable {
function emergencyPause() external onlyOwner {
_pause();
}
function unpause() external onlyOwner {
_unpause();
}
function criticalFunction() external whenNotPaused {
// This function can only be called when contract is not paused
}
}Cryptographic Security Utilities
Secure cryptographic operations for signature verification, merkle proofs, and ECDSA recovery.
/**
* @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
*/
library ECDSA {
/**
* @dev Recovers the signer of the signed message hash
*/
function recover(bytes32 hash, bytes memory signature) internal pure returns (address);
/**
* @dev Attempts to recover signer, returns (address, error) tuple
*/
function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError);
/**
* @dev Returns an Ethereum Signed Message hash for the given hash
*/
function toEthSignedMessageHash(bytes32 messageHash) internal pure returns (bytes32);
/**
* @dev Returns an Ethereum Signed Message hash for the given bytes
*/
function toEthSignedMessageHash(bytes memory message) internal pure returns (bytes32);
}
/**
* @dev Message hashing utilities for standard Ethereum message formats
*/
library MessageHashUtils {
/**
* @dev Returns an Ethereum Signed Message hash for the given message hash
*/
function toEthSignedMessageHash(bytes32 messageHash) internal pure returns (bytes32);
/**
* @dev Returns an Ethereum Signed Message hash for the given bytes message
*/
function toEthSignedMessageHash(bytes memory message) internal pure returns (bytes32);
/**
* @dev Returns the data hash for ERC-1271 with intended validator
*/
function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32);
/**
* @dev Returns the data hash for ERC-1271 with intended validator and message hash
*/
function toDataWithIntendedValidatorHash(address validator, bytes32 messageHash) internal pure returns (bytes32);
/**
* @dev Returns an ERC-712 typed data hash
*/
function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32);
}
/**
* @dev Universal signature validator supporting both EOA (ECDSA) and contract (ERC-1271) signatures
*/
library SignatureChecker {
/**
* @dev Checks if signature is valid for given signer and hash
*/
function isValidSignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool);
/**
* @dev Checks if signature is valid using ERC-1271 for contract accounts
*/
function isValidERC1271SignatureNow(address signer, bytes32 hash, bytes memory signature) internal view returns (bool);
}
/**
* @dev Merkle tree proof verification library
*/
library MerkleProof {
/**
* @dev Verifies a Merkle proof proving the existence of a leaf in a Merkle tree
*/
function verify(bytes32[] memory proof, bytes32 root, bytes32 leaf) internal pure returns (bool);
/**
* @dev Processes a Merkle proof and returns the computed root
*/
function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32);
/**
* @dev Verifies multiple merkle proofs in a single verification
*/
function multiProofVerify(bytes32[] memory proof, bool[] memory proofFlags, bytes32[] memory leaves, bytes32 root) internal pure returns (bool);
}Safe Operations
Utilities for safe type casting, token operations, and low-level calls with proper error handling.
/**
* @dev Safe casting library that throws on overflow/underflow
*/
library SafeCast {
/**
* @dev Cast uint256 to uint248, reverting on overflow
*/
function toUint248(uint256 value) internal pure returns (uint248);
/**
* @dev Cast uint256 to uint128, reverting on overflow
*/
function toUint128(uint256 value) internal pure returns (uint128);
/**
* @dev Cast uint256 to int256, reverting on overflow
*/
function toInt256(uint256 value) internal pure returns (int256);
/**
* @dev Cast int256 to uint256, reverting on negative values
*/
function toUint256(int256 value) internal pure returns (uint256);
}
/**
* @dev Safe ERC20 operations that handle non-standard token implementations
*/
library SafeERC20 {
/**
* @dev Safe token transfer that handles tokens not returning values
*/
function safeTransfer(IERC20 token, address to, uint256 value) internal;
/**
* @dev Safe transferFrom that handles tokens not returning values
*/
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal;
/**
* @dev Safe allowance increase that handles race conditions
*/
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal;
/**
* @dev Safe allowance decrease with underflow protection
*/
function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal;
}
/**
* @dev Address utility library for safe low-level operations
*/
library Address {
/**
* @dev Returns true if account is a contract
*/
function isContract(address account) internal view returns (bool);
/**
* @dev Performs Ether transfer with gas limit and proper error handling
*/
function sendValue(address payable recipient, uint256 amount) internal;
/**
* @dev Performs low-level function call with return data and error propagation
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory);
/**
* @dev Performs low-level delegate call with return data and error propagation
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory);
}Replay Attack Protection
Nonce-based protection against replay attacks in meta-transactions and signature-based operations.
/**
* @dev Provides nonce tracking functionality for replay attack protection
*/
abstract contract Nonces {
/**
* @dev Returns the current nonce for an owner
*/
function nonces(address owner) public view virtual returns (uint256);
/**
* @dev Consumes nonce: returns current value and increments nonce
*/
function _useNonce(address owner) internal virtual returns (uint256);
/**
* @dev Consumes specific nonce if it matches current value
*/
function _useCheckedNonce(address owner, uint256 nonce) internal virtual;
}Batch Operations
Secure batching of multiple function calls within a single transaction while preserving context.
/**
* @dev Provides multicall functionality to batch multiple calls in a single transaction
*/
abstract contract Multicall {
/**
* @dev Batch multiple function calls and return all results
*/
function multicall(bytes[] calldata data) external virtual returns (bytes[] memory results);
}Meta-Transaction Support
Context utilities for secure meta-transaction implementations and execution context management.
/**
* @dev Provides information about the current execution context
*/
abstract contract Context {
/**
* @dev Returns the sender of the transaction (supports meta-transactions)
*/
function _msgSender() internal view virtual returns (address);
/**
* @dev Returns the transaction data (supports meta-transactions)
*/
function _msgData() internal view virtual returns (bytes calldata);
/**
* @dev Returns the length of context suffix for meta-transactions
*/
function _contextSuffixLength() internal view virtual returns (uint256);
}Types
/**
* @dev Standard interface for signature validation by smart contracts (ERC-1271)
*/
interface IERC1271 {
/**
* @dev Should return whether the signature provided is valid for the provided data
* @param hash Hash of the data to be signed
* @param signature Signature byte array associated with hash
* @return magicValue The bytes4 magic value 0x1626ba7e if valid, otherwise 0xffffffff
*/
function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bytes4 magicValue);
}
/**
* @dev ECDSA recovery error types
*/
enum RecoverError {
NoError,
InvalidSignature,
InvalidSignatureLength,
InvalidSignatureS,
InvalidSignatureV
}
/**
* @dev Standard ERC20 interface for SafeERC20 operations
*/
interface IERC20 {
function transfer(address to, uint256 value) external returns (bool);
function transferFrom(address from, address to, uint256 value) external returns (bool);
function balanceOf(address account) external view returns (uint256);
function allowance(address owner, address spender) external view returns (uint256);
}Install with Tessl CLI
npx tessl i tessl/npm-openzeppelin--contracts