tessl/npm-openzeppelin-solidity

Secure Smart Contract library providing battle-tested implementations of industry-standard Solidity contracts including ERC20, ERC721, ERC1155 tokens, access control mechanisms, proxy patterns, and governance systems for Ethereum and EVM-compatible blockchains.

—

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview

Eval results

Files

Security Patterns

Name: tessl/npm-openzeppelin-solidity
Author: tessl

OpenZeppelin Contracts provides essential security mechanisms to protect smart contracts from common vulnerabilities including reentrancy attacks, unauthorized access during emergency situations, and payment-related exploits.

Core Imports

Import security contracts using Solidity import statements:

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
import "@openzeppelin/contracts/security/Pausable.sol";
import "@openzeppelin/contracts/security/PullPayment.sol";

Capabilities

Reentrancy Protection

Protects against reentrancy attacks by preventing nested calls to functions marked with the nonReentrant modifier.

abstract contract ReentrancyGuard {
    modifier nonReentrant();
}

Usage Example

pragma solidity ^0.8.0;

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";

contract SecureWithdrawal is ReentrancyGuard {
    mapping(address => uint256) private balances;
    
    function withdraw() external nonReentrant {
        uint256 balance = balances[msg.sender];
        require(balance > 0, "No funds to withdraw");
        
        balances[msg.sender] = 0;
        
        (bool success, ) = msg.sender.call{value: balance}("");
        require(success, "Transfer failed");
    }
}

Pausable Mechanism

Provides emergency pause functionality that can halt contract operations when security issues are detected.

abstract contract Pausable is Context {
    function paused() public view virtual returns (bool);
    
    modifier whenNotPaused();
    modifier whenPaused();
    
    function _pause() internal virtual;
    function _unpause() internal virtual;
}

Events

event Paused(address account);
event Unpaused(address account);

Usage Example

pragma solidity ^0.8.0;

import "@openzeppelin/contracts/security/Pausable.sol";
import "@openzeppelin/contracts/access/Ownable.sol";

contract EmergencyPausableToken is Pausable, Ownable {
    mapping(address => uint256) private balances;
    
    function transfer(address to, uint256 amount) public whenNotPaused {
        require(balances[msg.sender] >= amount, "Insufficient balance");
        balances[msg.sender] -= amount;
        balances[to] += amount;
    }
    
    function emergencyPause() external onlyOwner {
        _pause();
    }
    
    function emergencyUnpause() external onlyOwner {
        _unpause();
    }
}

Pull Payment Pattern

Implements the pull payment pattern to avoid reentrancy risks and failed transfers by allowing payees to withdraw their funds themselves.

abstract contract PullPayment {
    function payments(address dest) public view returns (uint256);
    function withdrawPayments(address payable payee) public virtual;
    
    function _asyncTransfer(address dest, uint256 amount) internal;
}

Usage Example

pragma solidity ^0.8.0;

import "@openzeppelin/contracts/security/PullPayment.sol";

contract Auction is PullPayment {
    address public highestBidder;
    uint256 public highestBid;
    
    function bid() public payable {
        require(msg.value > highestBid, "Bid not high enough");
        
        if (highestBid != 0) {
            // Previous highest bidder can withdraw their bid
            _asyncTransfer(highestBidder, highestBid);
        }
        
        highestBidder = msg.sender;
        highestBid = msg.value;
    }
    
    function withdrawPreviousBid() public {
        withdrawPayments(payable(msg.sender));
    }
}

Security Best Practices

When using OpenZeppelin security patterns:

Reentrancy: Always use nonReentrant modifier for functions that make external calls or transfer funds
Pausable: Implement emergency pause mechanisms for critical functions that handle user funds
Pull Payments: Use pull payments instead of push payments to avoid failed transfers and gas limit issues
Combined Patterns: Security patterns can be combined - for example, using both nonReentrant and whenNotPaused modifiers
Access Control: Combine security patterns with proper access control mechanisms from the Access Control module

Error Handling

Security contracts may revert with the following errors:

ReentrancyGuard: ReentrancyGuardReentrantCall() - When reentrancy is detected
Pausable: Functions fail when called in wrong pause state (no specific error, just reverts with modifiers)
PullPayment: No specific errors, but underlying escrow operations may fail

Install with Tessl CLI

npx tessl i tessl/npm-openzeppelin-solidity

docs

tessl/npm-openzeppelin-solidity

security.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}docs/

Security Patterns

Core Imports

Capabilities

Reentrancy Protection

Usage Example

Pausable Mechanism

Events

Usage Example

Pull Payment Pattern

Usage Example

Security Best Practices

Error Handling

security.mddocs/