Smart Contracts: Don’t Reinvent the Wheel

Always use OpenZeppelin

Don’t get me wrong, writing smart contracts from scratch is a great learning tool. Tasking yourself with creating an ERC20-compliant contract from start to finish is one of the best ways to gain an understanding of the logic behind it.

However, for production applications, don’t reinvent the wheel.

Libraries like OpenZeppelin are scrutinized by the Ethereum development community at large. They’re continuously being updated and reviewed. They’re also publically accessible and easy to use. It doesn’t make sense to create your own when libraries like this exist.

Importing OpenZeppelin

Note: Higher versions are available, but we’re using library version 2.5.0 because it’s the last version of OpenZeppelin contracts running Solidity version 0.5.x.

To install OpenZeppelin into your project, run the following command:

npm install @openzeppelin/contracts@2.5.0 --save

This will download all smart contracts into node_modules/.

Once installed, you can import smart contracts into your own. This is an example of importing the OpenZeppelin ERC20 token contract in a smart contract:

pragma solidity ^0.5.5;

import "@openzeppelin/contracts/token/ERC20/ERC720.sol";

contract MyContract is ERC20 { ...

Here are some useful Token, Math, Utils, and Ownable contracts from OpenZeppelin you can easily implement in your projects.

Tokens

ERC20

There are six publically available functions that ERC20 contracts need to implement, as well as two events. By importing OpenZeppelin’s ERC20 contract, you don’t need to implement any of these yourself.

ERC20Detailed is used to initialize the name, symbol, and decimals for the token, but they aren’t necessary if your project doesn’t require a named ERC20 token.

ERC721

Since ERC721 tokens are unique, a struct and an array of structs are commonly used to store them.

Instead of implementing all nine functions and three events, this contract inherits those and exposes the ability to create new Person tokens.

Math

SafeMath

In most modern programming languages, safety in arithmetic operations is accounted for, so little thought goes into their implementation. However, in Solidity, overflows and underflows present a security risk.

SafeMath is a library that ensures safe arithmetic operations by reverting the transaction if the bounds of an integer data type are exceeded.

The using statement indicates to the compiler that the contract is using functions defined in SafeMath for uint operations. Instead of using arithmetic operators (+, -, *, /, %), use the functions add(), sub(), mul(), div(), and mod().

Utils

SafeCast

Casting uint variables for an integer of a smaller size may present an overflow risk. Use SafeCast to cast larger integer data types to smaller ones (i.e. uint256 to uint8).

This can be used in tandem with SafeMath, which performs the arithmetic operations on uint256 only.

Ownership

Ownable

Access to certain functions in a smart contract sometimes needs to be restricted so that only the owner of the contract can successfully invoke them. A common pattern is to use the onlyOwner modifier in function definitions. Instead of coding this pattern yourself, OpenZeppelin’s Ownable contract does this for you.

Conclusion

Always use libraries for the most basic implementations of coding standards. At this point, the best in the industry is OpenZeppelin. It’s safer, quicker, cleaner, and easier than reinventing the wheel yourself.