Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Adding a header to OpenZeppelin contracts
See original GitHub issue🧐 Motivation
The contracts produced by the OpenZeppelin team are of high quality. So when I go Etherscan and check the source code of a verified contract, I tend to trust it more when I can see that it’s reusing OpenZeppelin implementations instead of reinventing the wheel. However, this is far from trivial to do. A lot of times I simply don’t know if a subcontract from a verified contract is coming from OpenZeppelin or not.
📝 Details
So my suggestion is very simple. I wonder if you could do two simple things:
- Adding a (comment) header to all OpenZeppelin contracts, which would include an explicit mention to the OpenZeppelin project and the corresponding version of the contract. Something like this:
/**
* @origin This subcontract was developed by the OpenZeppelin team.
* Location: contracts/token/ERC20/ERC20.sol. Version: v1-12-0
*/
- Since a verified contract is like a flattened version of the original source code, you guys could add delimiters at the beginning and end of your contracts. Something like this:
///////
[The header described above]
[The source code of the OpenZeppelin contract]
///////
With these two measures in place (header and delimiters), end-users would know exactly which subcontracts of a verified contract were reused from OpenZeppelin and their corresponding versions.
This feature request is related to #336 , but it is not the same thing. Thanks!
Issue Analytics
- State:
- Created 4 years ago
- Reactions:1
- Comments:5 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@frangio I have got to say please think about it seriously, I do not think this is a good idea, as a matter of fact, no matter who want to write a safe, effective and vulnerable-less contract, he/she will come here for some idea, but I think they will not use the contract directly, he/she will make some changes to satisfy their own requirements. yeah, he/she really uses most of the contract of OpenZeppelin, but it is precisely the changes he/she made that have led to fatal errors, so if you use most of contracts of OpenZeppelin, it does not mean it is safe. So the contract writer can make a comment:
This subcontract was developed by the OpenZeppelin team.but the OpenZeppelin team can not. Please consider it seriously!Closing this issue in favor of https://github.com/OpenZeppelin/openzeppelin-contracts/issues/2006.